Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus: Worm.Win32.NetSky 2/2011


  • This topic is locked This topic is locked

#31
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
ok.. ran Rogue Killer, then ran OTL... w/the new scan.txt... and OTL would not run. But.. Rogue Killer did not restart my computer, was it suppose to?<br><br>Update; I restarted, downloaded a new copy of OTL... input your previously indicated script... and ran a quick scan.. it is running... will post when it is complete.<br>

Edited by Matt633rle, 23 February 2011 - 03:59 PM.

  • 0

Advertisements


#32
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

ok.. ran Rogue Killer, then ran OTL... w/the new scan.txt... and OTL would not run. But.. Rogue Killer did not restart my computer, was it suppose to?<br><br>Update; I restarted, downloaded a new copy of OTL... input your previously indicated script... and ran a quick scan.. it is running... will post when it is complete.<br>


Attached is the file..... problem (I forgot to close all windows... I had Firefox running during this scan).. let me know if I need to rerun....

Ok, next?

OTL logfile created on: 2/23/2011 2:56:58 PM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = D:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 132.34 Gb Total Space | 100.15 Gb Free Space | 75.68% Space Free | Partition Type: NTFS
Drive D: | 32.00 Gb Total Space | 3.95 Gb Free Space | 12.36% Space Free | Partition Type: NTFS
Drive E: | 9.90 Gb Total Space | 5.31 Gb Free Space | 53.57% Space Free | Partition Type: NTFS
Drive F: | 6.14 Gb Total Space | 4.88 Gb Free Space | 79.48% Space Free | Partition Type: NTFS
Drive G: | 137.99 Gb Total Space | 135.08 Gb Free Space | 97.89% Space Free | Partition Type: NTFS
Drive H: | 436.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 156.75 Gb Total Space | 49.67 Gb Free Space | 31.68% Space Free | Partition Type: NTFS
Drive P: | 138.42 Gb Total Space | 53.54 Gb Free Space | 38.68% Space Free | Partition Type: NTFS

Computer Name: 500G | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/23 14:56:35 | 000,577,024 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL(6).exe
PRC - [2010/12/30 15:26:39 | 000,910,808 | ---- | M] (Mozilla Corporation) -- G:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/02/23 14:56:35 | 000,577,024 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL(6).exe
MOD - [2010/08/25 11:57:53 | 000,040,960 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (VideoAcceleratorService)
SRV - File not found [Auto | Stopped] -- -- (LMIRescue_b9595b08-002a-4985-a11a-56836c85b324) LogMeIn Rescue (b9595b08-002a-4985-a11a-56836c85b324)
SRV - [2011/02/17 12:43:44 | 000,334,720 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- D:\Documents and Settings\Administrator\Local Settings\Temp\LRRNRCKQ.exe -- (LRRNRCKQ)
SRV - [2011/02/17 12:26:07 | 001,725,840 | ---- | M] () [Auto | Stopped] -- D:\WINDOWS\LMI2.tmp\LMI_InstantChat_srv.exe -- (LMIRescue_7127b22c-6975-4f47-acfc-689b89ff9f3d) LogMeIn Rescue (7127b22c-6975-4f47-acfc-689b89ff9f3d)
SRV - [2010/09/13 09:24:00 | 003,511,496 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- D:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/09 02:35:40 | 000,055,904 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- J:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2009/07/09 02:34:54 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- J:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/07/09 02:33:14 | 000,522,848 | ---- | M] () [On_Demand | Stopped] -- J:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/07/09 02:31:20 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- J:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2008/12/09 14:01:22 | 000,024,576 | ---- | M] (Intuit) [Auto | Stopped] -- D:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/11/18 14:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/07/09 22:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Stopped] -- G:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB19)
SRV - [2008/07/09 22:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) [Auto | Stopped] -- G:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17)
SRV - [2006/06/26 10:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- D:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 10:33:42 | 000,099,888 | ---- | M] () [Auto | Stopped] -- d:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/01/04 23:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- F:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2011/02/19 11:11:31 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/12/25 08:31:41 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2010/12/25 08:31:04 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2010/12/23 12:09:44 | 000,096,600 | ---- | M] (Tonec Inc.) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/08/15 01:52:20 | 000,041,256 | ---- | M] () [Kernel | Boot | Stopped] -- D:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2010/08/15 01:51:49 | 000,124,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- J:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2010/08/10 10:58:01 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/25 18:45:57 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- D:\Documents and Settings\Administrator\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- D:\Documents and Settings\Administrator\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/09 02:34:18 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- J:\Program Files\F-Secure Internet Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/07/09 02:33:14 | 000,080,000 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/07/09 02:31:24 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- J:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/07/09 02:31:24 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- J:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/04/30 21:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/02/25 19:22:12 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/02/25 19:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/22 02:16:40 | 000,096,384 | R--- | M] (Dynex ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/26 10:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 10:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 10:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/22 15:29:47 | 000,961,072 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2006/06/22 15:29:47 | 000,020,272 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2006/06/22 15:29:46 | 000,038,960 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/22 15:29:43 | 000,055,984 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2006/06/22 15:29:40 | 001,413,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006/05/05 19:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/03/29 08:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/10/20 07:30:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Stopped] -- D:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005/09/12 20:15:36 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/03/10 06:42:00 | 000,227,584 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\m4cxw2k3.sys -- (m4cxw2k3)
DRV - [2004/12/01 18:33:00 | 000,043,008 | R--- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\dlkfet5b.sys -- (FETNDISB)
DRV - [2004/08/19 07:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 06:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1078081533-861567501-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.9.8

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: J:\Program Files\F-Secure Internet Security\NRS\[email protected] [2010/08/15 01:46:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/25 11:57:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: g:\Program Files\Fiddler2\FiddlerHook [2011/01/11 15:47:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: J:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: J:\Program Files\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2011/02/17 08:42:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2011/01/17 13:00:58 | 000,000,000 | ---D | M]

[2011/02/17 08:42:29 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/02/23 14:54:44 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0ncc9jh8.default\extensions
[2011/02/17 10:32:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0ncc9jh8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/25 11:57:53 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- D:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/06/17 04:23:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/11 15:47:39 | 000,000,000 | ---D | M] (FiddlerHook) -- G:\PROGRAM FILES\FIDDLER2\FIDDLERHOOK
[2009/06/16 11:21:38 | 000,000,000 | ---D | M] (Java Console) -- G:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/06/17 04:24:02 | 000,000,000 | ---D | M] (Java Console) -- G:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010/08/15 01:46:21 | 000,000,000 | ---D | M] ("Browsing Protection") -- J:\PROGRAM FILES\F-SECURE INTERNET SECURITY\NRS\[email protected]

O1 HOSTS File: ([2006/02/28 05:00:00 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - No CLSID value found.
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - G:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - No CLSID value found.
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - J:\Program Files\F-Secure Internet Security\NRS\iescript\BaseLitmus.dll (F-Secure Corporation)
O2 - BHO: (no name) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - No CLSID value found.
O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - J:\Program Files\F-Secure Internet Security\NRS\iescript\BaseLitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - g:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)
O4 - HKLM..\Run: [F-Secure Manager] J:\Program Files\F-Secure Internet Security\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] J:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] D:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [NetWorx] D:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
O4 - HKLM..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] D:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] D:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = G:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-861567501-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - g:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - g:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - J:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - J:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - J:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - J:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - J:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - G:\Program Files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/29 17:47:16 | 000,000,030 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 04:06:41 | 000,000,053 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2011/02/23 14:56:35 | 000,577,024 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL(6).exe
[2011/02/23 13:04:33 | 000,000,000 | ---D | C] -- D:\RK_Quarantine
[2011/02/23 10:47:18 | 000,000,000 | ---D | C] -- D:\WINDOWS\LastGood.Tmp
[2011/02/21 15:04:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/02/21 15:04:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/02/21 14:30:08 | 000,098,392 | ---- | C] (Sunbelt Software) -- D:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/02/21 14:30:08 | 000,027,984 | ---- | C] (Sunbelt Software) -- D:\WINDOWS\System32\sbbd.exe
[2011/02/19 12:14:06 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/02/17 12:26:07 | 000,000,000 | ---D | C] -- D:\WINDOWS\LMI2.tmp
[2011/02/17 11:50:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/02/17 11:50:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/17 11:35:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/02/17 11:22:21 | 000,000,000 | ---D | C] -- D:\WINDOWS\LMID.tmp
[2011/02/17 11:22:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2011/02/17 10:33:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\Downloads
[2011/02/17 10:32:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/02/17 10:32:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Adobe
[2011/02/17 08:43:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Sun
[2011/02/17 08:42:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\f-secure
[2011/02/17 08:42:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/02/17 08:42:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/02/17 08:40:55 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Administrator\IETldCache
[2011/02/17 08:40:39 | 000,000,000 | --SD | C] -- D:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/02/17 08:40:39 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Administrator\SendTo
[2011/02/17 08:40:39 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Administrator\Application Data
[2011/02/17 08:40:39 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/02/17 08:40:39 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Administrator\Start Menu
[2011/02/17 08:40:39 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/02/17 08:40:39 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Administrator\Cookies
[2011/02/17 08:40:39 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Templates
[2011/02/17 08:40:39 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Recent
[2011/02/17 08:40:39 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\PrintHood
[2011/02/17 08:40:39 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\NetHood
[2011/02/17 08:40:39 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Local Settings
[2011/02/17 08:40:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents
[2011/02/17 08:40:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2011/02/17 08:40:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/02/17 08:40:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Favorites
[2011/02/17 08:40:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop
[2011/02/16 08:47:57 | 000,000,000 | -HSD | C] -- D:\WINDOWS\CSC
[2011/02/12 06:15:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/02/12 06:15:17 | 000,671,744 | ---- | C] (Lake Technology Limited, http://www.lake.com.au) -- D:\WINDOWS\System32\DolbyHph.dll
[2011/02/10 11:03:35 | 000,000,000 | ---D | C] -- D:\WINDOWS\Profiles
[2011/02/02 10:07:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/02/02 10:06:58 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Logitech
[2011/02/02 10:06:47 | 000,000,000 | ---D | C] -- D:\Program Files\Logitech
[2011/02/02 10:06:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Logitech
[2011/01/25 07:47:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/01/25 07:47:30 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Silverlight
[3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/23 14:56:35 | 000,577,024 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL(6).exe
[2011/02/23 14:52:39 | 000,001,374 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/02/23 14:52:23 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/02/23 14:50:56 | 000,000,302 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-861567501-725345543-500.job
[2011/02/23 14:50:56 | 000,000,294 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-861567501-725345543-500.job
[2011/02/23 14:42:47 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL(5).exe
[2011/02/23 13:36:15 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL(4).exe
[2011/02/23 13:26:17 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL(3).exe
[2011/02/23 13:24:42 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL(2).exe
[2011/02/23 13:17:30 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/02/23 12:54:18 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\drivers\lvuvc.hs
[2011/02/23 11:29:01 | 000,830,464 | ---- | M] () -- D:\RogueKiller.exe
[2011/02/23 10:45:29 | 000,000,290 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-861567501-725345543-1003.job
[2011/02/23 10:42:00 | 000,001,002 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-861567501-725345543-1003UA.job
[2011/02/23 00:42:00 | 000,000,950 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-861567501-725345543-1003Core.job
[2011/02/22 16:16:48 | 000,000,730 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\.wtav
[2011/02/22 10:25:06 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/02/22 10:24:47 | 000,258,560 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTH.scr
[2011/02/22 07:22:56 | 000,007,680 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 14:59:55 | 013,650,040 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\SAS_528E43B7.COM
[2011/02/21 14:30:27 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\SBRC.dat
[2011/02/19 12:53:57 | 083,873,792 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\VIPRERescue8471.exe
[2011/02/19 12:05:05 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/02/19 12:03:12 | 000,721,253 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\uSeRiNiT.exe
[2011/02/19 12:02:56 | 000,721,253 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\WiNlOgOn.exe
[2011/02/19 12:00:53 | 000,721,253 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\rkill.scr
[2011/02/19 12:00:45 | 000,721,253 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\rkill.com
[2011/02/19 12:00:31 | 000,721,253 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\rkill.exe
[2011/02/19 12:00:13 | 000,294,400 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\explorer.exe
[2011/02/19 12:00:06 | 000,294,400 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\exeHelper.scr
[2011/02/19 11:59:37 | 000,294,400 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\exeHelper.com
[2011/02/19 11:11:31 | 000,016,968 | ---- | M] () -- D:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/17 12:14:58 | 000,053,888 | ---- | M] () -- D:\WINDOWS\System32\drivers\vbma4e99.sys
[2011/02/17 08:43:21 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2011/02/17 08:43:02 | 000,000,618 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Shortcut to firefox.lnk
[2011/02/13 12:10:06 | 000,212,880 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/12 15:57:45 | 000,000,298 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-861567501-725345543-1003.job
[2011/02/02 10:07:02 | 000,001,891 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Logitech QuickCam 10.0.lnk
[3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/23 14:42:46 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL(5).exe
[2011/02/23 13:36:14 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL(4).exe
[2011/02/23 13:26:17 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL(3).exe
[2011/02/23 13:24:42 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL(2).exe
[2011/02/23 13:17:30 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/02/23 11:36:52 | 000,830,464 | ---- | C] () -- D:\RogueKiller.exe
[2011/02/22 10:32:14 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/02/22 10:32:10 | 000,258,560 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTH.scr
[2011/02/22 07:22:53 | 000,007,680 | ---- | C] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 15:03:57 | 013,650,040 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\SAS_528E43B7.COM
[2011/02/21 14:30:27 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\SBRC.dat
[2011/02/21 14:27:49 | 083,873,792 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\VIPRERescue8471.exe
[2011/02/19 12:14:07 | 000,721,253 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\uSeRiNiT.exe
[2011/02/19 12:14:07 | 000,721,253 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\rkill.scr
[2011/02/19 12:14:07 | 000,721,253 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\rkill.exe
[2011/02/19 12:14:07 | 000,721,253 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\rkill.com
[2011/02/19 12:14:06 | 000,721,253 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\WiNlOgOn.exe
[2011/02/19 12:14:06 | 000,294,400 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\explorer.exe
[2011/02/19 12:14:06 | 000,294,400 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\exeHelper.scr
[2011/02/19 12:14:06 | 000,294,400 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\exeHelper.com
[2011/02/17 11:35:36 | 000,016,968 | ---- | C] () -- D:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/17 10:32:18 | 000,000,302 | ---- | C] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-861567501-725345543-500.job
[2011/02/17 10:32:18 | 000,000,294 | ---- | C] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-861567501-725345543-500.job
[2011/02/17 08:43:02 | 000,000,618 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Shortcut to firefox.lnk
[2011/02/17 08:40:39 | 000,001,599 | ---- | C] () -- D:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/02/17 08:40:39 | 000,000,792 | ---- | C] () -- D:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/02/16 07:32:54 | 000,000,730 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\.wtav
[2011/02/10 11:04:46 | 000,038,796 | ---- | C] () -- D:\WINDOWS\System\Gidem___.ttf
[2011/02/10 11:04:46 | 000,033,140 | ---- | C] () -- D:\WINDOWS\System\Koinm___.ttf
[2011/02/10 11:04:46 | 000,001,321 | ---- | C] () -- D:\WINDOWS\System\Gidem___.fot
[2011/02/10 11:04:46 | 000,001,319 | ---- | C] () -- D:\WINDOWS\System\Koinm___.fot
[2011/02/02 10:13:55 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\drivers\lvuvc.hs
[2011/02/02 10:13:48 | 000,022,334 | R--- | C] () -- D:\WINDOWS\System32\lvcoinst.ini
[2011/02/02 10:13:48 | 000,004,770 | R--- | C] () -- D:\WINDOWS\System32\Repository.reg
[2011/02/02 10:07:02 | 000,001,891 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Logitech QuickCam 10.0.lnk
[2011/01/06 07:24:05 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2010/08/23 11:15:17 | 000,000,095 | ---- | C] () -- D:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.dll
[2009/08/02 16:18:09 | 000,061,440 | R--- | C] () -- D:\WINDOWS\System32\vuins32.dll
[2009/06/14 07:56:19 | 000,007,173 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/06/13 17:32:10 | 000,139,264 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2009/06/13 17:32:09 | 000,524,288 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2009/06/13 16:03:18 | 000,237,568 | ---- | C] () -- D:\WINDOWS\System32\rmc_rtspdl.dll
[2009/06/13 15:19:31 | 000,257,536 | ---- | C] () -- D:\WINDOWS\System32\hdkernel.dll
[2009/06/13 13:48:06 | 000,041,256 | ---- | C] () -- D:\WINDOWS\System32\drivers\fsbts.sys
[2009/06/13 13:29:18 | 000,000,050 | ---- | C] () -- D:\WINDOWS\MegaManager.INI
[2009/06/13 12:44:05 | 000,014,848 | ---- | C] () -- D:\WINDOWS\System32\EuEpmGdi.dll
[2009/06/13 12:44:05 | 000,008,704 | ---- | C] () -- D:\WINDOWS\System32\epmntdrv.sys
[2009/06/13 12:44:05 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\EuGdiDrv.sys
[2009/06/13 05:44:05 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2006/07/17 11:11:36 | 000,667,280 | ---- | C] () -- D:\WINDOWS\System32\tx12.dll
[2006/06/26 10:33:40 | 000,023,472 | ---- | C] () -- D:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/04/23 08:36:58 | 000,532,480 | ---- | C] () -- D:\WINDOWS\System32\js32T.dll
[2006/02/28 05:00:00 | 000,053,888 | ---- | C] () -- D:\WINDOWS\System32\drivers\vbma4e99.sys
[2006/02/09 02:20:00 | 000,000,530 | ---- | C] () -- D:\WINDOWS\System32\tx12_ic.ini

========== LOP Check ==========

[2011/02/17 08:42:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\f-secure
[2010/08/23 11:03:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/10/03 15:07:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\DivoGames
[2010/08/15 01:46:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\f-secure
[2009/06/13 13:05:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\fssg
[2010/10/03 15:05:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\HipSoft
[2011/02/17 11:35:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/06/13 20:44:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/07/25 18:45:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SoftPerfect
[2009/06/14 11:31:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Speedbit
[2010/08/23 11:25:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2010/10/03 23:31:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/03 16:02:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\DivoGames
[2011/02/19 12:01:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\DMCache
[2010/12/25 08:28:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\doctor
[2010/12/20 16:32:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\Easy Macro Recorder
[2010/08/25 19:09:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\ElevatedDiagnostics
[2010/08/15 02:05:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\F-Secure
[2009/06/16 12:06:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\FrostWire
[2011/02/19 11:09:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\IDM
[2010/10/03 15:07:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\JewelMatch2
[2009/06/13 13:13:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\Megaupload
[2009/11/24 08:58:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\mjusbsp
[2010/12/19 07:48:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\Orbit
[2009/06/14 06:25:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\SumatraPDF
[2011/01/02 09:56:19 | 000,000,000 | -HSD | M] -- D:\Documents and Settings\Renee Evans\Application Data\wyUpdate AU

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/02/23 11:29:01 | 000,830,464 | ---- | M] () -- D:\RogueKiller.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- D:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2011/02/19 12:00:13 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- D:\Documents and Settings\Administrator\Desktop\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- D:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- D:\WINDOWS\system32\svchost.exe
[2006/02/28 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- D:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- D:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2011/02/19 12:03:12 | 000,721,253 | ---- | M] () MD5=7EFD79D7D4094CF6D5B01BF830E8E183 -- D:\Documents and Settings\Administrator\Desktop\uSeRiNiT.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2011/02/19 12:02:56 | 000,721,253 | ---- | M] () MD5=0062A72307A4C25DEB33C7AEA9C4A123 -- D:\Documents and Settings\Administrator\Desktop\WiNlOgOn.exe
[2006/02/28 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- D:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> D:\scan.txt:FS_dl_url
@Alternate Data Stream - 71 bytes -> D:\Documents and Settings\Administrator\Desktop\VIPRERescue8471.exe:FS_dl_url
@Alternate Data Stream - 68 bytes -> D:\Documents and Settings\Administrator\Desktop\SAS_528E43B7.COM:FS_dl_url
@Alternate Data Stream - 57 bytes -> D:\Documents and Settings\Administrator\Desktop\WiNlOgOn.exe:FS_dl_url
@Alternate Data Stream - 57 bytes -> D:\Documents and Settings\Administrator\Desktop\uSeRiNiT.exe:FS_dl_url
@Alternate Data Stream - 55 bytes -> D:\RogueKiller.exe:FS_dl_url
@Alternate Data Stream - 54 bytes -> D:\Documents and Settings\Administrator\Desktop\rkill.scr:FS_dl_url
@Alternate Data Stream - 54 bytes -> D:\Documents and Settings\Administrator\Desktop\rkill.exe:FS_dl_url
@Alternate Data Stream - 54 bytes -> D:\Documents and Settings\Administrator\Desktop\rkill.com:FS_dl_url
@Alternate Data Stream - 45 bytes -> D:\Documents and Settings\Administrator\Desktop\exeHelper.scr:FS_dl_url
@Alternate Data Stream - 45 bytes -> D:\Documents and Settings\Administrator\Desktop\exeHelper.com:FS_dl_url
@Alternate Data Stream - 44 bytes -> D:\Documents and Settings\Administrator\Desktop\explorer.exe:FS_dl_url
@Alternate Data Stream - 37 bytes -> D:\Documents and Settings\Administrator\Desktop\OTL(6).exe:FS_dl_url
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 125 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00
@Alternate Data Stream - 109 bytes -> D:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe:FS_dl_url

< End of report >

Attached Files


  • 0

#33
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Got it :D

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2011/02/17 12:43:44 | 000,334,720 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- D:\Documents and Settings\Administrator\Local Settings\Temp\LRRNRCKQ.exe -- (LRRNRCKQ)
    O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - No CLSID value found.
    O2 - BHO: (no name) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - No CLSID value found.
    O2 - BHO: (no name) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - No CLSID value found.
    O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.
    [2009/11/24 08:58:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\mjusbsp

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

I would then like to check out explorer..

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#34
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
ok.. also, just realized.. I should have also attached this file.....

(FYI... I am working in safe mode /networking)

Attached Files


Edited by Matt633rle, 23 February 2011 - 04:22 PM.

  • 0

#35
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem a little light reading whilst the fix is running :D
  • 0

#36
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Ok.. Ran OTL Quick Scan (in safe mode w/networking) after the reboot.... here is the file....

Continuing with ComboFix... brb

OTL logfile created on: 2/23/2011 3:29:54 PM - Run 2
OTL by OldTimer - Version 3.2.21.0 Folder = D:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 99.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 132.34 Gb Total Space | 100.15 Gb Free Space | 75.68% Space Free | Partition Type: NTFS
Drive D: | 32.00 Gb Total Space | 9.36 Gb Free Space | 29.26% Space Free | Partition Type: NTFS
Drive E: | 9.90 Gb Total Space | 5.31 Gb Free Space | 53.57% Space Free | Partition Type: NTFS
Drive F: | 6.14 Gb Total Space | 4.88 Gb Free Space | 79.48% Space Free | Partition Type: NTFS
Drive G: | 137.99 Gb Total Space | 135.08 Gb Free Space | 97.89% Space Free | Partition Type: NTFS
Drive J: | 156.75 Gb Total Space | 49.67 Gb Free Space | 31.68% Space Free | Partition Type: NTFS
Drive P: | 138.42 Gb Total Space | 53.54 Gb Free Space | 38.68% Space Free | Partition Type: NTFS

Computer Name: 500G | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/23 15:23:42 | 000,577,024 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL(7).exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/02/23 15:23:42 | 000,577,024 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL(7).exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (VideoAcceleratorService)
SRV - File not found [Auto | Stopped] -- -- (LMIRescue_b9595b08-002a-4985-a11a-56836c85b324) LogMeIn Rescue (b9595b08-002a-4985-a11a-56836c85b324)
SRV - File not found [Auto | Stopped] -- -- (LMIRescue_7127b22c-6975-4f47-acfc-689b89ff9f3d) LogMeIn Rescue (7127b22c-6975-4f47-acfc-689b89ff9f3d)
SRV - [2010/09/13 09:24:00 | 003,511,496 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- D:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/09 02:35:40 | 000,055,904 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- J:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2009/07/09 02:34:54 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- J:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/07/09 02:33:14 | 000,522,848 | ---- | M] () [On_Demand | Stopped] -- J:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/07/09 02:31:20 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- J:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2008/12/09 14:01:22 | 000,024,576 | ---- | M] (Intuit) [Auto | Stopped] -- D:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/11/18 14:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/07/09 22:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Stopped] -- G:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB19)
SRV - [2008/07/09 22:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) [Auto | Stopped] -- G:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17)
SRV - [2006/06/26 10:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- D:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 10:33:42 | 000,099,888 | ---- | M] () [Auto | Stopped] -- d:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/01/04 23:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- F:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2011/02/19 11:11:31 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/12/25 08:31:41 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2010/12/25 08:31:04 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2010/12/23 12:09:44 | 000,096,600 | ---- | M] (Tonec Inc.) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/08/15 01:52:20 | 000,041,256 | ---- | M] () [Kernel | Boot | Stopped] -- D:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2010/08/15 01:51:49 | 000,124,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- J:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2010/08/10 10:58:01 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/25 18:45:57 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2009/07/09 02:34:18 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- J:\Program Files\F-Secure Internet Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/07/09 02:33:14 | 000,080,000 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/07/09 02:31:24 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- J:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/07/09 02:31:24 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- J:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/04/30 21:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/02/25 19:22:12 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/02/25 19:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/22 02:16:40 | 000,096,384 | R--- | M] (Dynex ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/26 10:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 10:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 10:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/22 15:29:47 | 000,961,072 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2006/06/22 15:29:47 | 000,020,272 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2006/06/22 15:29:46 | 000,038,960 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/22 15:29:43 | 000,055,984 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2006/06/22 15:29:40 | 001,413,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006/05/05 19:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/03/29 08:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/10/20 07:30:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Stopped] -- D:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005/09/12 20:15:36 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/03/10 06:42:00 | 000,227,584 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\m4cxw2k3.sys -- (m4cxw2k3)
DRV - [2004/12/01 18:33:00 | 000,043,008 | R--- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\dlkfet5b.sys -- (FETNDISB)
DRV - [2004/08/19 07:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 06:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1078081533-861567501-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.9.8

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: J:\Program Files\F-Secure Internet Security\NRS\[email protected] [2010/08/15 01:46:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/25 11:57:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: g:\Program Files\Fiddler2\FiddlerHook [2011/01/11 15:47:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: J:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: J:\Program Files\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2011/02/17 08:42:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2011/01/17 13:00:58 | 000,000,000 | ---D | M]

[2011/02/17 08:42:29 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/02/23 14:54:44 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0ncc9jh8.default\extensions
[2011/02/17 10:32:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0ncc9jh8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/25 11:57:53 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- D:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/06/17 04:23:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/11 15:47:39 | 000,000,000 | ---D | M] (FiddlerHook) -- G:\PROGRAM FILES\FIDDLER2\FIDDLERHOOK
[2009/06/16 11:21:38 | 000,000,000 | ---D | M] (Java Console) -- G:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/06/17 04:24:02 | 000,000,000 | ---D | M] (Java Console) -- G:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010/08/15 01:46:21 | 000,000,000 | ---D | M] ("Browsing Protection") -- J:\PROGRAM FILES\F-SECURE INTERNET SECURITY\NRS\[email protected]

O1 HOSTS File: ([2011/02/23 15:25:22 | 000,000,098 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - G:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - J:\Program Files\F-Secure Internet Security\NRS\iescript\BaseLitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - J:\Program Files\F-Secure Internet Security\NRS\iescript\BaseLitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - g:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)
O4 - HKLM..\Run: [F-Secure Manager] J:\Program Files\F-Secure Internet Security\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] J:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] D:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [NetWorx] D:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
O4 - HKLM..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] D:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] D:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = G:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-861567501-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - g:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - g:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - J:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - J:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - J:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - J:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - J:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - G:\Program Files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/29 17:47:16 | 000,000,030 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/23 15:25:20 | 000,000,000 | ---D | C] -- D:\_OTL
[2011/02/23 15:23:42 | 000,577,024 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL(7).exe
[2011/02/23 14:56:35 | 000,577,024 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL(6).exe
[2011/02/23 13:04:33 | 000,000,000 | ---D | C] -- D:\RK_Quarantine
[2011/02/21 15:04:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/02/21 15:04:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/02/21 14:30:08 | 000,098,392 | ---- | C] (Sunbelt Software) -- D:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/02/21 14:30:08 | 000,027,984 | ---- | C] (Sunbelt Software) -- D:\WINDOWS\System32\sbbd.exe
[2011/02/19 12:14:06 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/02/17 11:50:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/02/17 11:50:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/17 11:35:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/02/17 11:22:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2011/02/17 10:33:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\Downloads
[2011/02/17 10:32:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/02/17 10:32:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Adobe
[2011/02/17 08:43:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Sun
[2011/02/17 08:42:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\f-secure
[2011/02/17 08:42:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/02/17 08:42:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/02/17 08:40:55 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Administrator\IETldCache
[2011/02/17 08:40:39 | 000,000,000 | --SD | C] -- D:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/02/17 08:40:39 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Administrator\SendTo
[2011/02/17 08:40:39 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Administrator\Application Data
[2011/02/17 08:40:39 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/02/17 08:40:39 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Administrator\Start Menu
[2011/02/17 08:40:39 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/02/17 08:40:39 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Administrator\Cookies
[2011/02/17 08:40:39 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Templates
[2011/02/17 08:40:39 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Recent
[2011/02/17 08:40:39 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\PrintHood
[2011/02/17 08:40:39 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\NetHood
[2011/02/17 08:40:39 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Local Settings
[2011/02/17 08:40:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents
[2011/02/17 08:40:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2011/02/17 08:40:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/02/17 08:40:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Favorites
[2011/02/17 08:40:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop
[2011/02/16 08:47:57 | 000,000,000 | -HSD | C] -- D:\WINDOWS\CSC
[2011/02/12 06:15:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/02/12 06:15:17 | 000,671,744 | ---- | C] (Lake Technology Limited, http://www.lake.com.au) -- D:\WINDOWS\System32\DolbyHph.dll
[2011/02/10 11:03:35 | 000,000,000 | ---D | C] -- D:\WINDOWS\Profiles
[2011/02/02 10:07:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/02/02 10:06:58 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Logitech
[2011/02/02 10:06:47 | 000,000,000 | ---D | C] -- D:\Program Files\Logitech
[2011/02/02 10:06:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Logitech
[2011/01/25 07:47:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/01/25 07:47:30 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Silverlight

========== Files - Modified Within 30 Days ==========

[2011/02/23 15:27:24 | 000,001,374 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/02/23 15:27:08 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/02/23 15:25:22 | 000,000,098 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\Hosts
[2011/02/23 15:24:32 | 000,000,302 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-861567501-725345543-500.job
[2011/02/23 15:24:32 | 000,000,294 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-861567501-725345543-500.job
[2011/02/23 15:23:42 | 000,577,024 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL(7).exe
[2011/02/23 15:22:29 | 004,270,215 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/02/23 14:56:35 | 000,577,024 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL(6).exe
[2011/02/23 14:42:47 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL(5).exe
[2011/02/23 13:36:15 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL(4).exe
[2011/02/23 13:26:17 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL(3).exe
[2011/02/23 13:24:42 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL(2).exe
[2011/02/23 13:17:30 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/02/23 12:54:18 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\drivers\lvuvc.hs
[2011/02/23 11:29:01 | 000,830,464 | ---- | M] () -- D:\RogueKiller.exe
[2011/02/23 10:45:29 | 000,000,290 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-861567501-725345543-1003.job
[2011/02/23 10:42:00 | 000,001,002 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-861567501-725345543-1003UA.job
[2011/02/23 00:42:00 | 000,000,950 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-861567501-725345543-1003Core.job
[2011/02/22 16:16:48 | 000,000,730 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\.wtav
[2011/02/22 10:25:06 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/02/22 10:24:47 | 000,258,560 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTH.scr
[2011/02/22 07:22:56 | 000,007,680 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 14:59:55 | 013,650,040 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\SAS_528E43B7.COM
[2011/02/21 14:30:27 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\SBRC.dat
[2011/02/19 12:53:57 | 083,873,792 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\VIPRERescue8471.exe
[2011/02/19 12:05:05 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/02/19 12:03:12 | 000,721,253 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\uSeRiNiT.exe
[2011/02/19 12:02:56 | 000,721,253 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\WiNlOgOn.exe
[2011/02/19 12:00:53 | 000,721,253 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\rkill.scr
[2011/02/19 12:00:45 | 000,721,253 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\rkill.com
[2011/02/19 12:00:31 | 000,721,253 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\rkill.exe
[2011/02/19 12:00:13 | 000,294,400 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\explorer.exe
[2011/02/19 12:00:06 | 000,294,400 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\exeHelper.scr
[2011/02/19 11:59:37 | 000,294,400 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\exeHelper.com
[2011/02/19 11:11:31 | 000,016,968 | ---- | M] () -- D:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/17 12:14:58 | 000,053,888 | ---- | M] () -- D:\WINDOWS\System32\drivers\vbma4e99.sys
[2011/02/17 08:43:21 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2011/02/17 08:43:02 | 000,000,618 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Shortcut to firefox.lnk
[2011/02/13 12:10:06 | 000,212,880 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/12 15:57:45 | 000,000,298 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-861567501-725345543-1003.job
[2011/02/02 10:07:02 | 000,001,891 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Logitech QuickCam 10.0.lnk

========== Files Created - No Company Name ==========

[2011/02/23 15:21:56 | 004,270,215 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/02/23 14:42:46 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL(5).exe
[2011/02/23 13:36:14 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL(4).exe
[2011/02/23 13:26:17 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL(3).exe
[2011/02/23 13:24:42 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL(2).exe
[2011/02/23 13:17:30 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/02/23 11:36:52 | 000,830,464 | ---- | C] () -- D:\RogueKiller.exe
[2011/02/22 10:32:14 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/02/22 10:32:10 | 000,258,560 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTH.scr
[2011/02/22 07:22:53 | 000,007,680 | ---- | C] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 15:03:57 | 013,650,040 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\SAS_528E43B7.COM
[2011/02/21 14:30:27 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\SBRC.dat
[2011/02/21 14:27:49 | 083,873,792 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\VIPRERescue8471.exe
[2011/02/19 12:14:07 | 000,721,253 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\uSeRiNiT.exe
[2011/02/19 12:14:07 | 000,721,253 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\rkill.scr
[2011/02/19 12:14:07 | 000,721,253 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\rkill.exe
[2011/02/19 12:14:07 | 000,721,253 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\rkill.com
[2011/02/19 12:14:06 | 000,721,253 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\WiNlOgOn.exe
[2011/02/19 12:14:06 | 000,294,400 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\explorer.exe
[2011/02/19 12:14:06 | 000,294,400 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\exeHelper.scr
[2011/02/19 12:14:06 | 000,294,400 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\exeHelper.com
[2011/02/17 11:35:36 | 000,016,968 | ---- | C] () -- D:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/17 10:32:18 | 000,000,302 | ---- | C] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-861567501-725345543-500.job
[2011/02/17 10:32:18 | 000,000,294 | ---- | C] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-861567501-725345543-500.job
[2011/02/17 08:43:02 | 000,000,618 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Shortcut to firefox.lnk
[2011/02/17 08:40:39 | 000,001,599 | ---- | C] () -- D:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/02/17 08:40:39 | 000,000,792 | ---- | C] () -- D:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/02/16 07:32:54 | 000,000,730 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\.wtav
[2011/02/10 11:04:46 | 000,038,796 | ---- | C] () -- D:\WINDOWS\System\Gidem___.ttf
[2011/02/10 11:04:46 | 000,033,140 | ---- | C] () -- D:\WINDOWS\System\Koinm___.ttf
[2011/02/10 11:04:46 | 000,001,321 | ---- | C] () -- D:\WINDOWS\System\Gidem___.fot
[2011/02/10 11:04:46 | 000,001,319 | ---- | C] () -- D:\WINDOWS\System\Koinm___.fot
[2011/02/02 10:13:55 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\drivers\lvuvc.hs
[2011/02/02 10:13:48 | 000,022,334 | R--- | C] () -- D:\WINDOWS\System32\lvcoinst.ini
[2011/02/02 10:13:48 | 000,004,770 | R--- | C] () -- D:\WINDOWS\System32\Repository.reg
[2011/02/02 10:07:02 | 000,001,891 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Logitech QuickCam 10.0.lnk
[2011/01/06 07:24:05 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2010/08/23 11:15:17 | 000,000,095 | ---- | C] () -- D:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.dll
[2009/08/02 16:18:09 | 000,061,440 | R--- | C] () -- D:\WINDOWS\System32\vuins32.dll
[2009/06/14 07:56:19 | 000,007,173 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/06/13 17:32:10 | 000,139,264 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2009/06/13 17:32:09 | 000,524,288 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2009/06/13 16:03:18 | 000,237,568 | ---- | C] () -- D:\WINDOWS\System32\rmc_rtspdl.dll
[2009/06/13 15:19:31 | 000,257,536 | ---- | C] () -- D:\WINDOWS\System32\hdkernel.dll
[2009/06/13 13:48:06 | 000,041,256 | ---- | C] () -- D:\WINDOWS\System32\drivers\fsbts.sys
[2009/06/13 13:29:18 | 000,000,050 | ---- | C] () -- D:\WINDOWS\MegaManager.INI
[2009/06/13 12:44:05 | 000,014,848 | ---- | C] () -- D:\WINDOWS\System32\EuEpmGdi.dll
[2009/06/13 12:44:05 | 000,008,704 | ---- | C] () -- D:\WINDOWS\System32\epmntdrv.sys
[2009/06/13 12:44:05 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\EuGdiDrv.sys
[2009/06/13 05:44:05 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2006/07/17 11:11:36 | 000,667,280 | ---- | C] () -- D:\WINDOWS\System32\tx12.dll
[2006/06/26 10:33:40 | 000,023,472 | ---- | C] () -- D:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/04/23 08:36:58 | 000,532,480 | ---- | C] () -- D:\WINDOWS\System32\js32T.dll
[2006/02/28 05:00:00 | 000,053,888 | ---- | C] () -- D:\WINDOWS\System32\drivers\vbma4e99.sys
[2006/02/09 02:20:00 | 000,000,530 | ---- | C] () -- D:\WINDOWS\System32\tx12_ic.ini

========== LOP Check ==========

[2011/02/17 08:42:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\f-secure
[2010/08/23 11:03:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/10/03 15:07:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\DivoGames
[2010/08/15 01:46:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\f-secure
[2009/06/13 13:05:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\fssg
[2010/10/03 15:05:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\HipSoft
[2011/02/17 11:35:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/06/13 20:44:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/07/25 18:45:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SoftPerfect
[2009/06/14 11:31:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Speedbit
[2010/08/23 11:25:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2010/10/03 23:31:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/03 16:02:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\DivoGames
[2011/02/19 12:01:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\DMCache
[2010/12/25 08:28:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\doctor
[2010/12/20 16:32:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\Easy Macro Recorder
[2010/08/25 19:09:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\ElevatedDiagnostics
[2010/08/15 02:05:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\F-Secure
[2009/06/16 12:06:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\FrostWire
[2011/02/19 11:09:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\IDM
[2010/10/03 15:07:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\JewelMatch2
[2009/06/13 13:13:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\Megaupload
[2010/12/19 07:48:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\Orbit
[2009/06/14 06:25:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\SumatraPDF
[2011/01/02 09:56:19 | 000,000,000 | -HSD | M] -- D:\Documents and Settings\Renee Evans\Application Data\wyUpdate AU

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> D:\scan.txt:FS_dl_url
@Alternate Data Stream - 71 bytes -> D:\Documents and Settings\Administrator\Desktop\VIPRERescue8471.exe:FS_dl_url
@Alternate Data Stream - 68 bytes -> D:\Documents and Settings\Administrator\Desktop\SAS_528E43B7.COM:FS_dl_url
@Alternate Data Stream - 57 bytes -> D:\Documents and Settings\Administrator\Desktop\WiNlOgOn.exe:FS_dl_url
@Alternate Data Stream - 57 bytes -> D:\Documents and Settings\Administrator\Desktop\uSeRiNiT.exe:FS_dl_url
@Alternate Data Stream - 55 bytes -> D:\RogueKiller.exe:FS_dl_url
@Alternate Data Stream - 54 bytes -> D:\Documents and Settings\Administrator\Desktop\rkill.scr:FS_dl_url
@Alternate Data Stream - 54 bytes -> D:\Documents and Settings\Administrator\Desktop\rkill.exe:FS_dl_url
@Alternate Data Stream - 54 bytes -> D:\Documents and Settings\Administrator\Desktop\rkill.com:FS_dl_url
@Alternate Data Stream - 45 bytes -> D:\Documents and Settings\Administrator\Desktop\exeHelper.scr:FS_dl_url
@Alternate Data Stream - 45 bytes -> D:\Documents and Settings\Administrator\Desktop\exeHelper.com:FS_dl_url
@Alternate Data Stream - 44 bytes -> D:\Documents and Settings\Administrator\Desktop\explorer.exe:FS_dl_url
@Alternate Data Stream - 44 bytes -> D:\Documents and Settings\Administrator\Desktop\ComboFix.exe:FS_dl_url
@Alternate Data Stream - 37 bytes -> D:\Documents and Settings\Administrator\Desktop\OTL(7).exe:FS_dl_url
@Alternate Data Stream - 37 bytes -> D:\Documents and Settings\Administrator\Desktop\OTL(6).exe:FS_dl_url
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 125 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00
@Alternate Data Stream - 109 bytes -> D:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe:FS_dl_url

< End of report >

Attached Files


  • 0

#37
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Oh I forgot to say - you should be OK in normal mode now :D
  • 0

#38
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Oh I forgot to say - you should be OK in normal mode now :D


Oh... well, I am in safe mode w/networking.. and i have started ComboFix... and it did detect my antivirus as "running".... I do not have anyway if turning it off.. while in safe mode. So, i clicked on the "x" to close ComboFix... the next window "warning" came up "The above real time scanner(s) are still active by ComboFix shall continue to run. Kindly note that this is at your own risk.

Well.. I did not press "ok on the previous window.. I clicked the "X" to close it so I could go to normal mode... but, as you can see.. I am stuck.. How can I stop this program from proceeding?

Windows Task manager?

Edited by Matt633rle, 23 February 2011 - 04:42 PM.

  • 0

#39
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Allow combofix to run - that is a standard warning in case the AV decides to remove parts of combofix. It will run quite happily in safe mode though. So just continue. Once it has run then go to normal mode and see what it looks like :D
  • 0

#40
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
ok..
  • 0

Advertisements


#41
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
ok.. ran ComboFix in normal mode.....

In reading this report, I am noticing 'D" drive... but I am not seeing anything for my "C" drive.

My thought:... when I 1st opened the virus... I did open in on my "D" drive.. and throughout all of this process...I have worked consistently with this drive.. during this post.

I never started my C: drive from the moment I knew I had the virus... (my thought was, if I didn't access my C drive.. maybe it would get onto that drive).

So, did it get on on my C drive? and/or.. did we check/clean my C drive? I still have not accessed my C drive to check anything..

Attached Files


Edited by Matt633rle, 23 February 2011 - 05:36 PM.

  • 0

#42
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Ok.. a new problem has risen.... I restarted my computer.... and before, I had the option to select which drive I wanted to select....

Now what is happening: that screen "pops" up.. but immediately, the C; drive is being selected.... I no longer have the option to select which drive (manually).... it is as if the "timer for that screen".. is no longer "30 sec".. could the BIOS control this?... did this get changed with something your last program did?
  • 0

#43
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
To reset the timer to 30 seconds do the following

Control panel > System > Advanced tab > System Recovery then tick 'time to display list of operating systems'. Set this value to 30 and hey presto your 30 second delay is back


Could you now start from C drive and post an OTL log for that so that I can check... It should not have transfered.. What problems is the D drive experiencing at the moment ?

For C drive

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#44
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Sorry... I was unable to get online yesterday... back today...

My antivirus software company (F-secure) has gotten their software working properly & updated.. now.. on my system.


I will start drive C and run OTL as indicated..

Drive D "seems" to be running well... ran several programs, burned CD, not getting disconnected from the internet, F-secure seems to be working again... (these were all problems I had with the virus)

I haven't had any issues.. so I contacted F-secure this morning to get their software working properly on my system..... I am running their "virus/spyware scan" as we speak (which I could not do, before).

Looks like you did a FINE JOB.. mate... :D Let me finish up that scan.. will check out Drive C.. and brb ;):D
  • 0

#45
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Glad to hear and lets hope that the C drive is clean :D
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP