Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus: Worm.Win32.NetSky 2/2011

Started by Matt633rle , Feb 22 2011 08:38 AM

  • This topic is locked This topic is locked

#46
Matt633rle
Posted 25 February 2011 - 11:53 AM

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Glad to hear and lets hope that the C drive is clean :D



NOPE... hold on... I just did a restart.. and F-secure window popped up " COULD NOT REMOVE VIRUS"..... at this point, because you are trying to make a record of your repairs for the future... do you want me to work with them or you?


I am using their software.. and running a "full computer scan".. (all drives + sytem + rootkits)... lets see what happens.. (haven't gotten to C drive yet)

Edited by Matt633rle, 25 February 2011 - 12:03 PM.

  • 0

Advertisements

#47
Essexboy
Posted 25 February 2011 - 12:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did Fsecure state what it was ? And what drive was it on ? I feel it may be an MBR so lets run a quick check - do this before the OTL scan please. It should take no more than a minute or two

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it
Posted Image

Click the "Scan" button to start scan
Posted Image

Click the "Fix" in case of infection
Posted Image

Save the aswMBR.log to the desktop and post the reply
Posted Image
  • 0

#48
Matt633rle
Posted 25 February 2011 - 12:42 PM

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Ok....

Yes.. I saved a file of the viruses & malware (5 total).. I don't know yet.. which one their software could not remove. Will try to find out.

I figured I would run the "full scan" 1st and see if there was anything else.. anywhere else. I will upload both reports after this "full scan" completes..... may take an hour or so.. (I have apx 1Trig total on all drives).

I have not re-contacted them yet.. to let them know.. their software could not remove the virus. Be back in about an hour......
  • 0

#49
Essexboy
Posted 25 February 2011 - 01:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK - normally when an AV states it cannot remove the virus it usually points to a TDL type bootkit/rootkit

Although Combofix is usually quite good at finding those
  • 0

#50
Matt633rle
Posted 25 February 2011 - 06:57 PM

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Status Report.... I have been scanning for 7 hours now with F-Secure, it is aprx 1/3 through, the software has found 47 viruses, and scanned over 982,000 items so far....

Talk with you tomorrow.
  • 0

#51
Essexboy
Posted 26 February 2011 - 05:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I thought you were a tad optimistic with 1 hour for terrabytes of data as my 50Gb of data takes 20 minutes. does F secure generate a report ?

As it is a weekend I will be here on and off alll day :D
  • 0

#52
Matt633rle
Posted 26 February 2011 - 07:09 AM

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Hahahaha.... Well... here are the 3 scans... this should be interesting...

Do you want me to continue with the previous procedures?

Attached Files


  • 0

#53
Matt633rle
Posted 26 February 2011 - 07:21 AM

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Here is the MBR.... report....

Attached Files


  • 0

#54
Essexboy
Posted 26 February 2011 - 07:33 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A bit of overkill on the part of F-Secure there I feel as the following items it found are, to be kind, pointless

Quarantines - allready dead
archives - pointless as it cannot read within archives
cookies- Hmm not a problem really
system restore - that will be cleared once you are happy and currently is only a threat if you do a system restore

ASWMbr is clear :D

Could you run an OTL scan please on each drive selecting the all users checkbox and then run scan, also what wierdness are you experiencing at the moment for each drive
  • 0

#55
Matt633rle
Posted 26 February 2011 - 07:42 AM

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Not experiencing any "weirdness"... only, I don't trust that my system is cleaned out... nor, can I trust their antivirus/firewall anymore..
So, I don't know if my keystrokes or passwords or data are secure anymore....

They had me run.. disk cleanup... & turn off system restore before I ran the last scan/fix. So, system restore is off now.

Ok.. will run OTL... bbl
  • 0

Advertisements

#56
Matt633rle
Posted 26 February 2011 - 07:52 AM

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
If I am on the D drive, running OTL.. all users.. will it automatically check "all the drives".. or do I need to go into C drive specifically and run OTL?
  • 0

#57
Essexboy
Posted 26 February 2011 - 07:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is bad policy to turn off system restore and they should know that. As a bad restore point is better than none. As it stands now you have no safety net if something should go wrong.

To ensure that you are keylogger proof I would recommend that you use Trusteer Rapport as an antikey-logger. It can be used for any site that you visit even though its primary aim is for online banking

How long do you have remaining on your F-Secure licence?

Edit : Run them as seperate drives please as each partition has its own registry
  • 0

#58
Matt633rle
Posted 26 February 2011 - 07:59 AM

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Ok.. here is the OTL for D drive... it did not produce an "extra.txt" report

License until 7/20/2011 - the $59 license covered 3 computers....

I turned system restore back on all drives .. before I ran OTL

OTL logfile created on: 2/26/2011 6:49:24 AM - Run 3
OTL by OldTimer - Version 3.2.21.0 Folder = D:\Documents and Settings\Renee Evans\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 132.34 Gb Total Space | 99.95 Gb Free Space | 75.52% Space Free | Partition Type: NTFS
Drive D: | 32.00 Gb Total Space | 10.94 Gb Free Space | 34.19% Space Free | Partition Type: NTFS
Drive E: | 9.90 Gb Total Space | 5.33 Gb Free Space | 53.82% Space Free | Partition Type: NTFS
Drive F: | 6.14 Gb Total Space | 4.88 Gb Free Space | 79.49% Space Free | Partition Type: NTFS
Drive G: | 137.99 Gb Total Space | 135.21 Gb Free Space | 97.98% Space Free | Partition Type: NTFS
Drive J: | 156.75 Gb Total Space | 51.03 Gb Free Space | 32.55% Space Free | Partition Type: NTFS
Drive P: | 138.42 Gb Total Space | 53.56 Gb Free Space | 38.69% Space Free | Partition Type: NTFS
Drive V: | 74.46 Gb Total Space | 11.58 Gb Free Space | 15.55% Space Free | Partition Type: NTFS

Computer Name: 500G | User Name: Renee Evans | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/25 09:32:22 | 000,063,992 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\ORSP Client\fsorsp.exe
PRC - [2011/02/25 09:13:11 | 000,372,904 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\Anti-Virus\fsav32.exe
PRC - [2011/02/25 09:12:06 | 000,918,184 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\Anti-Virus\fssm32.exe
PRC - [2011/02/25 09:12:06 | 000,508,584 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
PRC - [2011/02/25 09:04:27 | 000,529,064 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\FWES\program\fsdfwd.exe
PRC - [2011/02/25 09:04:23 | 000,221,864 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
PRC - [2011/02/25 09:04:21 | 000,201,384 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\Common\FSM32.EXE
PRC - [2011/02/25 09:04:21 | 000,189,096 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\Common\FSMA32.EXE
PRC - [2011/02/25 09:04:21 | 000,090,792 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\Common\FSHDLL32.EXE
PRC - [2011/02/22 10:25:06 | 000,577,024 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Renee Evans\Desktop\OTL.scr
PRC - [2010/12/30 15:26:39 | 000,910,808 | ---- | M] (Mozilla Corporation) -- G:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/25 08:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- G:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2010/01/12 18:59:58 | 002,892,288 | ---- | M] (SoftPerfect Research) -- D:\Program Files\NetWorx\networx.exe
PRC - [2008/12/09 14:01:22 | 000,024,576 | ---- | M] (Intuit) -- D:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/07/09 22:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) -- G:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/02/25 09:04:37 | 000,332,456 | ---- | M] (F-Secure Corporation) -- d:\Program Files\F-Secure\HIPS\fshook32.dll
MOD - [2011/02/25 09:04:33 | 000,258,728 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\Spam Control\fsscoepl.dll
MOD - [2011/02/22 10:25:06 | 000,577,024 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Renee Evans\Desktop\OTL.scr
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (VideoAcceleratorService)
SRV - File not found [Auto | Stopped] -- -- (LMIRescue_b9595b08-002a-4985-a11a-56836c85b324) LogMeIn Rescue (b9595b08-002a-4985-a11a-56836c85b324)
SRV - File not found [Auto | Stopped] -- -- (LMIRescue_7127b22c-6975-4f47-acfc-689b89ff9f3d) LogMeIn Rescue (7127b22c-6975-4f47-acfc-689b89ff9f3d)
SRV - [2011/02/25 09:32:22 | 000,063,992 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- D:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011/02/25 09:04:27 | 000,529,064 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- D:\Program Files\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2011/02/25 09:04:23 | 000,221,864 | ---- | M] (F-Secure Corporation) [Auto | Running] -- D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2011/02/25 09:04:21 | 000,189,096 | ---- | M] (F-Secure Corporation) [Auto | Running] -- D:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2010/09/13 09:24:00 | 003,511,496 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- D:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/12/09 14:01:22 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- D:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/11/18 14:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/07/09 22:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- G:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB19)
SRV - [2008/07/09 22:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) [Auto | Stopped] -- G:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17)
SRV - [2008/04/13 17:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2006/06/26 10:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- D:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 10:33:42 | 000,099,888 | ---- | M] () [Auto | Stopped] -- d:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/02/25 09:15:29 | 000,042,664 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2011/02/25 09:13:00 | 000,130,728 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2011/02/25 09:04:37 | 000,072,520 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- D:\Program Files\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2011/02/25 09:04:27 | 000,082,824 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2011/02/25 09:04:23 | 000,041,896 | ---- | M] () [Kernel | Disabled | Stopped] -- D:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2011/02/25 09:04:23 | 000,027,304 | ---- | M] () [Kernel | Disabled | Stopped] -- D:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2011/02/19 11:11:31 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/12/25 08:31:41 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2010/12/25 08:31:04 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2010/12/23 12:09:44 | 000,096,600 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/08/10 10:58:01 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/25 18:45:57 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2009/04/30 21:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/02/25 19:22:12 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/02/25 19:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/22 02:16:40 | 000,096,384 | R--- | M] (Dynex ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/26 10:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 10:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 10:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/22 15:29:47 | 000,961,072 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2006/06/22 15:29:47 | 000,020,272 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2006/06/22 15:29:46 | 000,038,960 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/22 15:29:43 | 000,055,984 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2006/06/22 15:29:40 | 001,413,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006/05/05 19:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/03/29 08:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/10/20 07:30:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005/09/12 20:15:36 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/03/10 06:42:00 | 000,227,584 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\m4cxw2k3.sys -- (m4cxw2k3)
DRV - [2004/12/01 18:33:00 | 000,043,008 | R--- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\dlkfet5b.sys -- (FETNDISB)
DRV - [2004/08/19 07:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 06:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1078081533-861567501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1078081533-861567501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.15 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.10
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.9
FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.7
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:5.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: g:\Program Files\Fiddler2\FiddlerHook [2011/01/11 15:47:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/23 17:41:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: D:\Program Files\F-Secure\NRS\[email protected] [2011/02/25 09:15:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: J:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: J:\Program Files\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2011/02/23 17:41:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2011/02/26 03:37:42 | 000,000,000 | ---D | M]

[2009/06/13 13:03:12 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Extensions
[2011/02/25 09:11:40 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions
[2010/09/27 14:46:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/27 14:46:49 | 000,000,000 | ---D | M] (FEBE) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/06/13 14:26:31 | 000,000,000 | ---D | M] (IE Tab) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/08/25 11:42:21 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2011/02/25 07:20:39 | 000,000,000 | ---D | M] (Extended Statusbar) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
[2011/02/25 07:20:08 | 000,000,000 | ---D | M] (DownThemAll!) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/09/27 14:46:45 | 000,000,000 | ---D | M] (Cache Status) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\[email protected]
[2010/12/05 16:56:55 | 000,000,000 | ---D | M] (gTranslator) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\[email protected]
[2009/06/14 11:40:25 | 000,000,000 | ---D | M] ("Broadband Speed Test and Diagnostics") -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\[email protected]
[2011/02/25 07:20:39 | 000,000,000 | ---D | M] (LastPass) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\[email protected]
[2011/01/25 10:03:46 | 000,001,828 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\searchplugins\bing.xml
[2010/12/23 18:03:11 | 000,000,000 | ---D | M] (IDM CC) -- D:\DOCUMENTS AND SETTINGS\RENEE EVANS\APPLICATION DATA\IDM\IDMMZCC3
[2011/02/25 09:15:24 | 000,000,000 | ---D | M] ("Browsing Protection") -- D:\PROGRAM FILES\F-SECURE\NRS\[email protected]
[2009/06/17 04:23:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/11 15:47:39 | 000,000,000 | ---D | M] (FiddlerHook) -- G:\PROGRAM FILES\FIDDLER2\FIDDLERHOOK
[2009/06/16 11:21:38 | 000,000,000 | ---D | M] (Java Console) -- G:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/06/17 04:24:02 | 000,000,000 | ---D | M] (Java Console) -- G:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/02/23 16:03:07 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - G:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - D:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - D:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - g:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)
O4 - HKLM..\Run: [F-Secure Manager] D:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] D:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [NetWorx] D:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] D:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] D:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1078081533-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1078081533-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1078081533-861567501-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-861567501-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - G:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - G:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - G:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - g:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - g:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - D:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - G:\Program Files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/29 17:47:16 | 000,000,030 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/26 06:44:17 | 000,577,024 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Renee Evans\Desktop\OTL.scr
[2011/02/26 06:15:56 | 000,548,352 | ---- | C] (AVAST Software) -- D:\Documents and Settings\Renee Evans\Desktop\aswMBR.exe
[2011/02/26 03:38:18 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/02/25 21:19:51 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Renee Evans\Recent
[2011/02/25 21:15:08 | 000,000,000 | ---D | C] -- D:\Inetpub
[2011/02/25 20:24:54 | 000,000,000 | ---D | C] -- D:\WINDOWS\LMI2B7.tmp
[2011/02/25 20:17:02 | 000,000,000 | ---D | C] -- D:\WINDOWS\LMI2B6.tmp
[2011/02/25 09:09:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\F-Secure Internet Security 2011
[2011/02/25 09:04:56 | 000,082,824 | ---- | C] (F-Secure Corporation) -- D:\WINDOWS\System32\drivers\fsdfw.sys
[2011/02/25 09:04:20 | 000,000,000 | ---D | C] -- D:\Program Files\F-Secure
[2011/02/25 08:40:18 | 056,474,104 | ---- | C] (F-Secure Corporation) -- D:\Documents and Settings\Renee Evans\Desktop\fs2011.exe
[2011/02/25 08:18:17 | 000,751,056 | ---- | C] (F-Secure® Corporation ) -- D:\Documents and Settings\Renee Evans\Desktop\UninstallationTool.exe
[2011/02/25 07:54:16 | 000,917,680 | ---- | C] (LogMeIn, Inc.) -- D:\Documents and Settings\Renee Evans\Desktop\Support-LogMeInRescue.exe
[2011/02/25 07:02:16 | 000,000,000 | ---D | C] -- D:\Program Files\Windows Media Connect 2
[2011/02/23 17:41:06 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\xing shared
[2011/02/23 17:40:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/02/23 17:40:50 | 000,000,000 | ---D | C] -- D:\Program Files\real
[2011/02/23 17:29:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/02/23 16:25:12 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2011/02/23 15:53:57 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
[2011/02/23 15:53:57 | 000,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
[2011/02/23 15:53:57 | 000,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
[2011/02/23 15:53:57 | 000,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2011/02/23 15:45:44 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[2011/02/23 15:35:59 | 000,000,000 | ---D | C] -- D:\Qoobox
[2011/02/23 15:25:20 | 000,000,000 | ---D | C] -- D:\_OTL
[2011/02/23 13:04:33 | 000,000,000 | ---D | C] -- D:\RK_Quarantine
[2011/02/23 10:48:04 | 000,199,280 | ---- | C] (F-Secure Corporation) -- D:\Documents and Settings\Renee Evans\Desktop\fsaua-reset.exe
[2011/02/22 16:20:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee Evans\Application Data\Malwarebytes
[2011/02/22 16:19:36 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Renee Evans\Desktop\mbam-setup-1.50.1.1100.exe
[2011/02/21 15:04:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/02/21 14:30:08 | 000,098,392 | ---- | C] (Sunbelt Software) -- D:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/02/21 14:30:08 | 000,027,984 | ---- | C] (Sunbelt Software) -- D:\WINDOWS\System32\sbbd.exe
[2011/02/17 11:50:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/17 11:35:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/02/16 18:13:58 | 116,540,384 | ---- | C] (F-Secure Corporation) -- D:\Documents and Settings\Renee Evans\Desktop\fseasyclean.exe
[2011/02/16 08:47:57 | 000,000,000 | -HSD | C] -- D:\WINDOWS\CSC
[2011/02/12 16:01:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee Evans\My Documents\My Downloads
[2011/02/12 06:15:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/02/12 06:15:17 | 000,671,744 | ---- | C] (Lake Technology Limited, http://www.lake.com.au) -- D:\WINDOWS\System32\DolbyHph.dll
[2011/02/10 11:04:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee Evans\Start Menu\Programs\AGES Software
[2011/02/10 11:03:35 | 000,000,000 | ---D | C] -- D:\WINDOWS\Profiles
[2011/02/02 10:07:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/02/02 10:06:58 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Logitech
[2011/02/02 10:06:47 | 000,000,000 | ---D | C] -- D:\Program Files\Logitech
[2011/02/02 10:06:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Logitech
[5 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[2 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/26 06:42:00 | 000,001,002 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-861567501-725345543-1003UA.job
[2011/02/26 06:18:34 | 000,000,512 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\MBR.dat
[2011/02/26 06:16:14 | 000,548,352 | ---- | M] (AVAST Software) -- D:\Documents and Settings\Renee Evans\Desktop\aswMBR.exe
[2011/02/26 05:55:17 | 000,001,374 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/02/26 05:53:50 | 000,000,290 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-861567501-725345543-1003.job
[2011/02/26 05:53:48 | 000,000,294 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-861567501-725345543-500.job
[2011/02/26 05:53:35 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/02/26 05:53:33 | 000,212,880 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/26 05:53:32 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\drivers\lvuvc.hs
[2011/02/26 03:39:05 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2011/02/26 00:47:04 | 000,000,950 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-861567501-725345543-1003Core.job
[2011/02/25 21:22:31 | 000,000,784 | ---- | M] () -- D:\Documents and Settings\Renee Evans\My Documents\cc_20110225_212228.reg
[2011/02/25 21:19:03 | 000,031,334 | ---- | M] () -- D:\Documents and Settings\Renee Evans\My Documents\cc_20110225_211859.reg
[2011/02/25 20:25:43 | 000,917,680 | ---- | M] (LogMeIn, Inc.) -- D:\Documents and Settings\Renee Evans\Desktop\Support-LogMeInRescue.exe
[2011/02/25 09:15:29 | 000,042,664 | ---- | M] () -- D:\WINDOWS\System32\drivers\fsbts.sys
[2011/02/25 09:09:22 | 000,000,880 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\F-Secure Internet Security 2011.lnk
[2011/02/25 09:04:57 | 000,465,412 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2011/02/25 09:04:57 | 000,081,636 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2011/02/25 09:04:27 | 000,082,824 | ---- | M] (F-Secure Corporation) -- D:\WINDOWS\System32\drivers\fsdfw.sys
[2011/02/25 08:48:17 | 056,474,104 | ---- | M] (F-Secure Corporation) -- D:\Documents and Settings\Renee Evans\Desktop\fs2011.exe
[2011/02/25 08:18:25 | 000,751,056 | ---- | M] (F-Secure® Corporation ) -- D:\Documents and Settings\Renee Evans\Desktop\UninstallationTool.exe
[2011/02/25 07:56:54 | 000,000,104 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/02/25 07:02:27 | 000,000,804 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/25 07:02:25 | 000,023,392 | ---- | M] () -- D:\WINDOWS\System32\nscompat.tlb
[2011/02/25 07:02:25 | 000,016,832 | ---- | M] () -- D:\WINDOWS\System32\amcompat.tlb
[2011/02/25 07:01:16 | 000,000,000 | -H-- | M] () -- D:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2011/02/25 06:46:42 | 000,000,298 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-861567501-725345543-1003.job
[2011/02/23 17:41:09 | 000,000,747 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/02/23 17:40:54 | 000,272,896 | ---- | M] (Progressive Networks) -- D:\WINDOWS\System32\pncrt.dll
[2011/02/23 17:06:37 | 000,088,535 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\FSecure-1.jpg
[2011/02/23 16:03:07 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2011/02/23 15:48:19 | 000,000,302 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-861567501-725345543-500.job
[2011/02/23 15:46:30 | 004,273,912 | R--- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\ComboFix.exe
[2011/02/23 11:29:01 | 000,830,464 | ---- | M] () -- D:\RogueKiller.exe
[2011/02/23 10:23:22 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Application Data\AVSMediaPlayer.m3u
[2011/02/23 10:23:05 | 000,000,777 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to revouninstaller.lnk
[2011/02/22 10:25:06 | 000,577,024 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Renee Evans\Desktop\OTL.scr
[2011/02/21 14:30:27 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\SBRC.dat
[2011/02/19 12:05:05 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Renee Evans\Desktop\mbam-setup-1.50.1.1100.exe
[2011/02/19 11:11:31 | 000,016,968 | ---- | M] () -- D:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/19 11:11:16 | 006,347,584 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\HitmanPro35_2.exe
[2011/02/17 08:43:21 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2011/02/17 08:04:54 | 000,199,280 | ---- | M] (F-Secure Corporation) -- D:\Documents and Settings\Renee Evans\Desktop\fsaua-reset.exe
[2011/02/16 18:30:40 | 116,540,384 | ---- | M] (F-Secure Corporation) -- D:\Documents and Settings\Renee Evans\Desktop\fseasyclean.exe
[2011/02/16 08:28:10 | 000,051,324 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\2011-02-16_082806.jpg
[2011/02/16 08:01:55 | 000,138,152 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\2011-02-16_080153.jpg
[2011/02/16 08:01:13 | 000,123,300 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\2011-02-16_080106.jpg
[2011/02/16 08:00:16 | 000,123,251 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\2011-02-16_080004.jpg
[2011/02/15 14:31:04 | 000,000,473 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Shortcut to Spiritual Teaching.lnk
[2011/02/12 16:05:19 | 000,000,688 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\AVS DVD Copy.lnk
[2011/02/12 06:12:23 | 021,255,343 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Nvidia_PureVideo_Platinum_v1.02.233_vijax.rar
[2011/02/12 06:04:33 | 000,000,744 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\AVS Video Converter.lnk
[2011/02/12 06:03:08 | 000,000,841 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\AVS Media Player.lnk
[2011/02/11 15:53:36 | 003,253,501 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Title.jpg
[2011/02/10 11:05:01 | 000,000,449 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Disk 2 - Master Christian Library 8.0.lnk
[2011/02/10 11:04:53 | 000,000,431 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Disk 1 - Master Christian Library 8.0.lnk
[2011/02/09 10:19:39 | 682,365,822 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Sov of God Pt 5.avi
[2011/02/08 14:04:57 | 1276,876,332 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Sovereignty of God - pt 1.avi
[2011/02/07 14:28:02 | 403,460,850 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Truth.avi
[2011/02/02 10:07:02 | 000,001,891 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Logitech QuickCam 10.0.lnk
[2011/02/01 14:56:51 | 000,002,105 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2011/01/31 13:03:23 | 1287,731,342 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\HGCHS 02-Free Will-Election.avi
[2011/01/30 05:57:01 | 000,000,725 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Shortcut to AVSVideoEditor.lnk
[5 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[2 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/26 06:18:34 | 000,000,512 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\MBR.dat
[2011/02/26 03:09:12 | 000,001,374 | ---- | C] () -- D:\WINDOWS\imsins.BAK
[2011/02/25 21:22:29 | 000,000,784 | ---- | C] () -- D:\Documents and Settings\Renee Evans\My Documents\cc_20110225_212228.reg
[2011/02/25 21:19:02 | 000,031,334 | ---- | C] () -- D:\Documents and Settings\Renee Evans\My Documents\cc_20110225_211859.reg
[2011/02/25 09:09:22 | 000,000,880 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\F-Secure Internet Security 2011.lnk
[2011/02/25 07:56:54 | 000,000,104 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/02/23 17:41:09 | 000,000,747 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/02/23 17:06:37 | 000,088,535 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\FSecure-1.jpg
[2011/02/23 15:53:57 | 000,256,512 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2011/02/23 15:53:57 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2011/02/23 15:53:57 | 000,089,088 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2011/02/23 15:53:57 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2011/02/23 15:53:57 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2011/02/23 15:21:56 | 004,273,912 | R--- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\ComboFix.exe
[2011/02/23 11:36:52 | 000,830,464 | ---- | C] () -- D:\RogueKiller.exe
[2011/02/23 10:23:05 | 000,000,777 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to revouninstaller.lnk
[2011/02/21 14:30:27 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\SBRC.dat
[2011/02/19 11:09:57 | 006,347,584 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\HitmanPro35_2.exe
[2011/02/17 11:35:36 | 000,016,968 | ---- | C] () -- D:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/17 10:32:18 | 000,000,302 | ---- | C] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-861567501-725345543-500.job
[2011/02/17 10:32:18 | 000,000,294 | ---- | C] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-861567501-725345543-500.job
[2011/02/16 08:28:10 | 000,051,324 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\2011-02-16_082806.jpg
[2011/02/16 08:01:55 | 000,138,152 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\2011-02-16_080153.jpg
[2011/02/16 08:01:13 | 000,123,300 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\2011-02-16_080106.jpg
[2011/02/16 08:00:16 | 000,123,251 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\2011-02-16_080004.jpg
[2011/02/12 16:05:19 | 000,000,688 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\AVS DVD Copy.lnk
[2011/02/12 06:09:17 | 021,255,343 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\Nvidia_PureVideo_Platinum_v1.02.233_vijax.rar
[2011/02/12 06:04:33 | 000,000,744 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\AVS Video Converter.lnk
[2011/02/12 06:03:08 | 000,000,841 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\AVS Media Player.lnk
[2011/02/11 15:53:40 | 003,253,501 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\Title.jpg
[2011/02/10 11:05:01 | 000,000,449 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\Disk 2 - Master Christian Library 8.0.lnk
[2011/02/10 11:04:53 | 000,000,431 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\Disk 1 - Master Christian Library 8.0.lnk
[2011/02/10 11:04:46 | 000,038,796 | ---- | C] () -- D:\WINDOWS\System\Gidem___.ttf
[2011/02/10 11:04:46 | 000,033,140 | ---- | C] () -- D:\WINDOWS\System\Koinm___.ttf
[2011/02/10 11:04:46 | 000,001,321 | ---- | C] () -- D:\WINDOWS\System\Gidem___.fot
[2011/02/10 11:04:46 | 000,001,319 | ---- | C] () -- D:\WINDOWS\System\Koinm___.fot
[2011/02/09 09:08:14 | 682,365,822 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\Sov of God Pt 5.avi
[2011/02/08 11:56:12 | 1276,876,332 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\Sovereignty of God - pt 1.avi
[2011/02/07 13:42:13 | 403,460,850 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\Truth.avi
[2011/02/02 10:13:55 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\drivers\lvuvc.hs
[2011/02/02 10:13:48 | 000,022,334 | R--- | C] () -- D:\WINDOWS\System32\lvcoinst.ini
[2011/02/02 10:13:48 | 000,004,770 | R--- | C] () -- D:\WINDOWS\System32\Repository.reg
[2011/02/02 10:07:02 | 000,001,891 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Logitech QuickCam 10.0.lnk
[2011/01/31 11:26:43 | 1287,731,342 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\HGCHS 02-Free Will-Election.avi
[2011/01/30 05:57:01 | 000,000,725 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\Shortcut to AVSVideoEditor.lnk
[2011/01/06 07:24:05 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2010/08/23 11:15:17 | 000,000,095 | ---- | C] () -- D:\WINDOWS\QBChanUtil_Trigger.ini
[2010/08/10 10:58:01 | 000,697,328 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.dll
[2009/08/02 16:18:09 | 000,061,440 | R--- | C] () -- D:\WINDOWS\System32\vuins32.dll
[2009/06/14 07:56:19 | 000,007,173 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/06/13 21:48:36 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Application Data\AVSMediaPlayer.m3u
[2009/06/13 17:32:10 | 000,139,264 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2009/06/13 17:32:09 | 000,524,288 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2009/06/13 16:03:18 | 000,237,568 | ---- | C] () -- D:\WINDOWS\System32\rmc_rtspdl.dll
[2009/06/13 15:19:31 | 000,257,536 | ---- | C] () -- D:\WINDOWS\System32\hdkernel.dll
[2009/06/13 13:48:06 | 000,042,664 | ---- | C] () -- D:\WINDOWS\System32\drivers\fsbts.sys
[2009/06/13 13:29:18 | 000,000,050 | ---- | C] () -- D:\WINDOWS\MegaManager.INI
[2009/06/13 12:44:05 | 000,014,848 | ---- | C] () -- D:\WINDOWS\System32\EuEpmGdi.dll
[2009/06/13 12:44:05 | 000,008,704 | ---- | C] () -- D:\WINDOWS\System32\epmntdrv.sys
[2009/06/13 12:44:05 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\EuGdiDrv.sys
[2009/06/13 12:37:04 | 000,027,136 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/13 05:44:05 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2006/07/17 11:11:36 | 000,667,280 | ---- | C] () -- D:\WINDOWS\System32\tx12.dll
[2006/06/26 10:33:40 | 000,023,472 | ---- | C] () -- D:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/04/23 08:36:58 | 000,532,480 | ---- | C] () -- D:\WINDOWS\System32\js32T.dll
[2006/02/09 02:20:00 | 000,000,530 | ---- | C] () -- D:\WINDOWS\System32\tx12_ic.ini

========== LOP Check ==========

[2010/08/23 11:03:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/10/03 15:07:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\DivoGames
[2011/02/25 09:04:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\f-secure
[2011/02/25 09:03:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\fssg
[2010/10/03 15:05:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\HipSoft
[2011/02/17 11:35:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/06/13 20:44:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/07/25 18:45:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SoftPerfect
[2009/06/14 11:31:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Speedbit
[2010/08/23 11:25:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2010/10/03 23:31:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/03 16:02:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\DivoGames
[2011/02/26 06:17:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\DMCache
[2010/12/25 08:28:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\doctor
[2010/12/20 16:32:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\Easy Macro Recorder
[2010/08/25 19:09:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\ElevatedDiagnostics
[2009/06/16 12:06:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\FrostWire
[2011/02/24 03:02:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\IDM
[2010/10/03 15:07:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\JewelMatch2
[2009/06/13 13:13:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\Megaupload
[2010/12/19 07:48:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\Orbit
[2009/06/14 06:25:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\SumatraPDF
[2011/01/02 09:56:19 | 000,000,000 | -HSD | M] -- D:\Documents and Settings\Renee Evans\Application Data\wyUpdate AU

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/02/23 11:29:01 | 000,830,464 | ---- | M] () -- D:\RogueKiller.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- D:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2011/02/19 12:00:13 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- D:\Documents and Settings\Administrator\Desktop\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- D:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- D:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- D:\WINDOWS\system32\svchost.exe
[2006/02/28 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- D:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- D:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- D:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> D:\scan.txt:FS_dl_url
@Alternate Data Stream - 64 bytes -> D:\Documents and Settings\Renee Evans\Desktop\fsaua-reset.exe:FS_dl_url
@Alternate Data Stream - 55 bytes -> D:\RogueKiller.exe:FS_dl_url
@Alternate Data Stream - 44 bytes -> D:\Documents and Settings\Administrator\Desktop\explorer.exe:FS_dl_url
@Alternate Data Stream - 37 bytes -> D:\Documents and Settings\Renee Evans\Desktop\OTL.scr:FS_dl_url
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 125 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00
@Alternate Data Stream - 109 bytes -> D:\Documents and Settings\Renee Evans\Desktop\mbam-setup-1.50.1.1100.exe:FS_dl_url

< End of report >

Attached Files


Edited by Essexboy, 26 February 2011 - 08:05 AM.

  • 0

#59
Essexboy
Posted 26 February 2011 - 08:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok lets remove my bits and bobs from D drive as that looks good, I will do the full cleanup for both drives from C once I am happy that, that one is OK

Run OTL on D drive
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/02/26 06:18:34 | 000,000,512 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\MBR.dat
    [2011/02/26 06:16:14 | 000,548,352 | ---- | M] (AVAST Software) -- D:\Documents and Settings\Renee Evans\Desktop\aswMBR.exe
    [2011/02/23 11:29:01 | 000,830,464 | ---- | M] () -- D:\RogueKiller.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Then

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: N.b. If used

ComboFix /Uninstall
  • 0

#60
Matt633rle
Posted 26 February 2011 - 08:20 AM

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
OTL from the C drive:

OTL logfile created on: 2/26/2011 7:10:25 AM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Renee Evans\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): H:\pagefile.sys 0 0O:\pagefile.sys 7678 7678 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 132.34 Gb Total Space | 99.90 Gb Free Space | 75.49% Space Free | Partition Type: NTFS
Drive F: | 9.90 Gb Total Space | 5.33 Gb Free Space | 53.82% Space Free | Partition Type: NTFS
Drive G: | 6.14 Gb Total Space | 4.88 Gb Free Space | 79.49% Space Free | Partition Type: NTFS
Drive H: | 32.00 Gb Total Space | 9.92 Gb Free Space | 31.00% Space Free | Partition Type: NTFS
Drive I: | 137.99 Gb Total Space | 135.21 Gb Free Space | 97.98% Space Free | Partition Type: NTFS
Drive J: | 156.75 Gb Total Space | 51.03 Gb Free Space | 32.55% Space Free | Partition Type: NTFS
Drive K: | 138.42 Gb Total Space | 53.56 Gb Free Space | 38.69% Space Free | Partition Type: NTFS
Drive R: | 74.46 Gb Total Space | 11.58 Gb Free Space | 15.55% Space Free | Partition Type: NTFS

Computer Name: 160G | User Name: Renee Evans | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/22 10:25:06 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Renee Evans\Desktop\OTL.scr
PRC - [2010/08/12 10:06:40 | 000,709,800 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
PRC - [2010/08/12 10:06:40 | 000,496,808 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
PRC - [2010/07/24 10:24:29 | 000,057,008 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
PRC - [2010/07/20 15:36:13 | 000,365,248 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
PRC - [2010/01/12 18:59:58 | 002,892,288 | ---- | M] (SoftPerfect Research) -- C:\Program Files\NetWorx\networx.exe
PRC - [2009/12/22 10:41:29 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/14 05:05:26 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
PRC - [2009/07/09 02:34:54 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
PRC - [2009/07/09 02:34:54 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
PRC - [2009/07/09 02:34:52 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSHDLL32.EXE
PRC - [2009/07/09 02:31:20 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/02/22 10:25:06 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Renee Evans\Desktop\OTL.scr
MOD - [2009/07/09 02:34:16 | 000,330,336 | ---- | M] () -- \\?\c:\program files\f-secure internet security\hips\fshook32.dll
MOD - [2009/03/26 06:35:40 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2008/04/13 17:12:06 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\sptip.dll
MOD - [2008/04/13 17:12:06 | 000,130,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\softkbd.dll
MOD - [2008/04/13 17:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 09:43:18 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\spgrmr.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (prtgwatchservice)
SRV - File not found [Disabled | Stopped] -- -- (PRTGService)
SRV - File not found [Auto | Stopped] -- -- (hpqddsvc)
SRV - File not found [On_Demand | Stopped] -- -- (hpqcxs08)
SRV - [2010/07/30 12:09:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/26 15:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/07/24 10:24:29 | 000,057,008 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2009/10/14 05:05:26 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/07/09 02:34:54 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/07/09 02:31:20 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/05/12 14:12:14 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2010/08/12 10:07:33 | 000,124,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2010/07/20 15:36:48 | 000,041,256 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/03 15:45:11 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2009/07/09 02:34:18 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\F-Secure Internet Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/07/09 02:33:14 | 000,080,000 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/07/09 02:31:24 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/07/09 02:31:24 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/02/25 19:22:12 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/02/25 19:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/11/25 01:35:54 | 000,211,496 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys -- (Si3114r5)
DRV - [2008/11/25 01:35:54 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/09/17 23:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/08/20 18:27:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008/08/20 18:27:08 | 000,074,280 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3112.sys -- (SI3112)
DRV - [2008/07/30 20:48:28 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/08/29 03:04:04 | 000,116,264 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2007/08/22 02:16:40 | 000,096,384 | R--- | M] (Dynex ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/05/25 14:22:30 | 000,083,552 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2007/04/05 10:55:16 | 000,046,112 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2006/12/17 16:23:04 | 000,005,248 | --S- | M] (ACE CAD Enterprise Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DigimHID.SYS -- (DigimHID)
DRV - [2006/09/14 05:25:38 | 000,059,184 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ShdUsbWdm.sys -- (ShUsbDrv)
DRV - [2006/02/28 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2005/12/09 01:48:40 | 004,123,136 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/11/21 18:28:30 | 000,209,536 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\m5288.sys -- (m5288)
DRV - [2005/07/01 15:48:42 | 000,043,008 | ---- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dlkfet5b.sys -- (FETNDISB)
DRV - [2005/06/19 23:47:58 | 000,006,016 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\ALLOW-IO.sys -- (ALLOW-IO)
DRV - [2005/06/02 18:59:12 | 000,084,159 | ---- | M] (ULi Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\AliEhci.sys -- (ALIEHCD)
DRV - [2005/06/02 17:53:06 | 000,009,673 | ---- | M] (ULi Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AliGP.sys -- (aligp)
DRV - [2005/06/02 17:27:58 | 000,005,318 | ---- | M] (ULi Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AliRtHub.sys -- (aliroothub)
DRV - [2005/03/10 07:42:00 | 000,227,584 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\m4cxw2k3.sys -- (m4cxw2k3)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/19 00:30:52 | 000,067,200 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2004/11/17 19:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/19 07:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/31 11:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/10/01 16:44:00 | 000,031,744 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdSX.sys -- (ICDSX) Sony IC Recorder (SX)
DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1644491937-73586283-839522115-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1644491937-73586283-839522115-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1644491937-73586283-839522115-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.facebook.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.64.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.35
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:6.9.8
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\F-Secure Internet Security\NRS\[email protected] [2010/07/24 10:27:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2011/02/23 17:41:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2011/02/26 03:37:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/08 12:10:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/09 04:26:00 | 000,000,000 | ---D | M]

[2008/09/23 13:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Extensions
[2008/09/23 13:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2011/02/26 07:08:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions
[2009/06/28 22:46:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/30 04:45:14 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/12/12 12:26:03 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2010/01/15 19:26:21 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/07/05 07:04:11 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/01/13 03:59:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/22 14:25:11 | 000,000,000 | ---D | M] (Extended Statusbar) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
[2010/01/13 03:59:38 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/05/15 11:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}-trash
[2009/04/29 06:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\[email protected]
[2010/01/13 04:00:19 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\[email protected]
[2010/01/13 04:00:19 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\[email protected]
[2010/06/14 14:47:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions
[2009/12/29 18:51:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/14 10:56:54 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/05/02 15:18:55 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010/01/13 16:13:48 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010/01/19 04:09:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/01/13 16:48:46 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/01/08 04:01:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/14 10:56:54 | 000,000,000 | ---D | M] ("BetterCache") -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\{f8454bbe-519f-4004-85c1-12d1b31988fc}
[2010/01/08 04:01:44 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\[email protected]
[2010/01/14 08:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions
[2010/01/14 08:29:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/14 08:29:51 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010/01/14 08:29:50 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/01/14 08:29:50 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2010/01/14 08:29:50 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2010/01/14 08:29:48 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/01/14 08:29:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/14 08:29:46 | 000,000,000 | ---D | M] (Extended Statusbar) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
[2010/01/14 08:29:45 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/01/14 08:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}-trash
[2010/01/14 08:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\[email protected]
[2010/01/14 08:29:52 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\[email protected]
[2010/01/14 08:29:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\[email protected]
[2010/08/09 04:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions
[2010/01/16 19:16:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/06 16:01:20 | 000,000,000 | ---D | M] (EvonyNet Toolbar) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\{36a4bdcd-d5b5-4618-b144-e335d0f3d381}
[2010/05/02 18:46:07 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010/01/16 19:16:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/06/16 06:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\{94000a61-af9a-4247-8db6-a949fadb0354}-trash
[2010/01/16 19:16:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/24 11:16:26 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/09 04:25:57 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/09 00:08:55 | 000,000,000 | ---D | M] (IDM CC) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\[email protected]
[2010/05/02 17:49:13 | 000,000,000 | ---D | M] (MM3-ProxySwitch) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\[email protected]
[2010/01/20 04:55:22 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\[email protected]
[2008/06/24 15:16:26 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\searchplugins\askcom.xml
[2008/01/09 08:35:19 | 000,000,953 | ---- | M] () -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\searchplugins\businesscom.xml
[2008/05/27 13:07:57 | 000,001,944 | ---- | M] () -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\searchplugins\live-search.xml
[2010/07/30 05:40:58 | 000,002,084 | ---- | M] () -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\searchplugins\serpanalytics-google-search.xml
[2010/08/09 04:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/09 00:14:53 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\RENEE EVANS\APPLICATION DATA\IDM\IDMMZCC3
[2007/03/05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2007/03/09 11:35:00 | 000,365,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll

O1 HOSTS File: ([2008/07/31 10:29:00 | 000,257,517 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8953 more lines...
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)
O3 - HKU\S-1-5-21-1644491937-73586283-839522115-1011\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2009/08/05 14:44:59 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Renee Evans\Start Menu\Programs\Startup\AutorunsDisabled [2009/08/01 11:18:30 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-73586283-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-73586283-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1644491937-73586283-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\S-1-5-21-1644491937-73586283-839522115-1011\..Trusted Domains: serpanalytics.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - F:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - F:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Renee Evans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Renee Evans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/29 17:47:16 | 000,000,030 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0386a384-0772-11dc-ad94-00195b6a3344}\Shell - "" = AutoRun
O33 - MountPoints2\{0386a384-0772-11dc-ad94-00195b6a3344}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{496e80d2-ba6d-11da-929c-81559637d98e}\Shell - "" = AutoRun
O33 - MountPoints2\{496e80d2-ba6d-11da-929c-81559637d98e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{926d5314-9416-11dd-9cc1-00012e15d9da}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{926d5314-9416-11dd-9cc1-00012e15d9da}\Shell\AutoRun\command - "" = S:\autorun.exe
O33 - MountPoints2\{926d5314-9416-11dd-9cc1-00012e15d9da}\Shell\phone\command - "" = S:\autorun.exe
O33 - MountPoints2\{926d5317-9416-11dd-9cc1-00012e15d9da}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\start.exe
O33 - MountPoints2\S\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\S\Shell\AutoRun\command - "" = S:\autorun.exe
O33 - MountPoints2\S\Shell\phone\command - "" = S:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (native.exe) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/26 07:06:59 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Renee Evans\Desktop\OTL.scr
[2011/02/23 15:57:03 | 000,000,000 | R--D | C] -- C:\cmdcons
[2011/02/23 13:00:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/02/22 13:55:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/21 14:28:24 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2009/06/29 13:47:20 | 001,469,952 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Documents and Settings\Renee Evans\Application Data\tsdnwin.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/26 07:06:18 | 000,675,734 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/26 07:06:17 | 000,167,000 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/26 07:05:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/26 07:02:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/25 10:46:18 | 000,000,556 | RHS- | M] () -- C:\boot.ini
[2011/02/22 13:34:08 | 000,000,616 | ---- | M] () -- C:\WINDOWS\System32\reimage.rep
[2011/02/22 10:25:06 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Renee Evans\Desktop\OTL.scr
[2011/02/17 12:26:09 | 000,000,439 | ---- | M] () -- C:\Boot.bak
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/23 15:57:14 | 000,000,439 | ---- | C] () -- C:\Boot.bak
[2011/02/23 15:57:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/08/08 20:53:20 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/07/26 14:27:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\eubakup.sys
[2010/04/29 07:22:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\idmmbc.dll
[2010/01/12 14:43:19 | 000,397,819 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\farm.bmp
[2010/01/12 14:26:51 | 000,009,283 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\settings.dat
[2009/07/30 16:25:10 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/07/30 16:25:07 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/07/30 16:23:35 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/07/30 16:23:34 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/07/30 16:23:27 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/07/07 10:53:41 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\burnaware.ini
[2009/06/13 05:08:47 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\hdkernel.dll
[2009/06/12 19:37:54 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/06/06 07:39:02 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009/06/06 07:39:01 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009/06/06 07:39:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009/05/19 08:59:52 | 000,041,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2009/05/13 10:36:46 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/05/11 12:10:39 | 000,000,264 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2009/05/02 15:03:48 | 001,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll
[2009/03/22 07:19:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\AVSMediaPlayer.m3u
[2009/03/22 07:16:16 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/22 07:16:16 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/22 06:43:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\Frameworks
[2009/03/07 09:47:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DllInfs.INI
[2009/03/07 09:46:57 | 000,291,328 | ---- | C] () -- C:\WINDOWS\System32\o2pse.dll
[2009/02/19 15:44:55 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini
[2009/02/12 22:19:07 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/02/12 22:19:07 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\A4C1564358.sys
[2009/01/30 18:14:08 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2008/11/29 13:50:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI
[2008/11/29 09:42:01 | 000,000,239 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\default.rss
[2008/11/28 05:31:36 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/30 07:02:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2008/09/30 07:02:19 | 000,000,359 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2008/09/30 05:13:07 | 000,002,917 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\PatchUpdate_InstantShareJPG.log
[2008/09/30 05:01:59 | 000,003,721 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\PatchUpdate_IZClosingDiscError.log
[2008/07/21 04:51:37 | 000,303,104 | ---- | C] () -- C:\WINDOWS\spy.dll
[2008/07/21 04:51:37 | 000,057,344 | ---- | C] () -- C:\WINDOWS\vxddll.dll
[2008/07/21 04:51:36 | 000,471,040 | ---- | C] () -- C:\WINDOWS\dbengine.dll
[2008/07/21 04:51:36 | 000,245,760 | ---- | C] () -- C:\WINDOWS\dialogs.dll
[2008/07/21 04:51:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\keyboard.dll
[2008/07/21 04:51:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\guidll.dll
[2008/07/21 04:51:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\hook.dll
[2008/07/21 04:51:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\commhook.dll
[2008/07/21 04:51:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\commque.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/12/18 07:49:04 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/22 16:36:26 | 000,126,976 | R--- | C] () -- C:\WINDOWS\ShdPci.dll
[2007/10/22 16:36:25 | 000,114,688 | R--- | C] () -- C:\WINDOWS\ShdUsb.dll
[2007/10/22 16:36:17 | 000,059,184 | R--- | C] () -- C:\WINDOWS\System32\drivers\ShdUsbWdm.sys
[2007/10/19 08:23:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Mswrkdmk.dll
[2007/10/19 08:21:55 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2007/10/19 08:19:51 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ssce.ini
[2007/10/19 08:15:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mousehook.dll
[2007/10/16 16:09:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/09/26 10:42:58 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Local Settings\Application Data\fusioncache.dat
[2007/09/09 23:12:37 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2007/09/09 23:10:16 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2007/08/14 06:09:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2007/07/31 01:34:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2007/07/30 17:11:06 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007/07/30 17:02:25 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2007/07/30 17:02:25 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2007/06/18 11:46:50 | 000,000,313 | ---- | C] () -- C:\WINDOWS\paper2pdf.INI
[2007/06/11 22:43:09 | 000,000,152 | ---- | C] () -- C:\WINDOWS\Config.ini
[2007/06/07 12:54:19 | 000,393,290 | R--- | C] () -- C:\WINDOWS\bmputil.dll
[2007/06/07 12:54:19 | 000,159,744 | R--- | C] () -- C:\WINDOWS\IsdnNet.dll
[2007/06/07 12:54:18 | 000,176,128 | R--- | C] () -- C:\WINDOWS\IsdnUser.dll
[2007/06/07 12:54:17 | 000,049,152 | R--- | C] () -- C:\WINDOWS\MmfServer.dll
[2007/06/07 12:54:17 | 000,045,056 | R--- | C] () -- C:\WINDOWS\mtp3.dll
[2007/06/07 12:54:17 | 000,032,768 | R--- | C] () -- C:\WINDOWS\macmcvt.dll
[2007/06/07 12:54:16 | 000,077,824 | R--- | C] () -- C:\WINDOWS\SCCP.dll
[2007/06/07 12:54:15 | 000,032,768 | R--- | C] () -- C:\WINDOWS\shinitpci.dll
[2007/06/07 12:54:14 | 000,954,368 | R--- | C] () -- C:\WINDOWS\SHP_A3.dll
[2007/06/07 12:54:13 | 000,094,271 | R--- | C] () -- C:\WINDOWS\ShReco.dll
[2007/06/07 12:54:12 | 000,167,936 | R--- | C] () -- C:\WINDOWS\Ss7Server.dll
[2007/06/07 12:54:12 | 000,102,400 | R--- | C] () -- C:\WINDOWS\tCAP.dll
[2007/06/07 12:54:11 | 000,114,688 | R--- | C] () -- C:\WINDOWS\tcpServer.dll
[2007/05/17 16:54:07 | 000,000,220 | -HS- | C] () -- C:\WINDOWS\dwin.sys
[2007/05/16 01:04:43 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2007/05/13 09:36:04 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\2397274F65.sys
[2007/05/13 09:29:10 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/04/23 10:28:27 | 000,001,391 | ---- | C] () -- C:\WINDOWS\VBOSS.INI
[2007/04/23 10:28:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\UnzipCtrl.dll
[2007/04/23 10:28:12 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\ZipCtrl.dll
[2007/03/24 03:10:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2007/03/23 21:26:25 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/03/23 21:24:28 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2007/03/23 21:23:57 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/03/23 21:23:44 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/03/23 21:22:41 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/09/18 13:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 13:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/04/23 09:36:58 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\js32T.dll
[2006/03/23 07:36:59 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/23 06:56:54 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
[2006/03/23 05:41:59 | 000,041,469 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/03/22 21:35:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/25 07:02:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/05/25 07:02:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/05/25 07:02:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/05/25 07:02:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/05/25 07:02:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/05/25 07:02:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/04/18 08:42:00 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\see32.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2007/03/25 08:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acoustica
[2006/03/23 05:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ispnews
[2007/06/01 18:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\net.dacons.mail.it
[2007/09/22 07:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nikon
[2007/06/17 11:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pixmantec
[2007/06/19 09:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2007/10/16 11:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2009/05/20 10:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2008/02/04 11:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2008/09/27 16:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVSVideoBurner
[2009/03/08 12:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cadsoft
[2009/05/19 09:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/11/20 11:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames
[2010/01/10 08:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/03/18 02:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/05/19 08:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/11/12 16:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2009/09/24 17:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009/11/08 15:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/06/10 05:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2009/12/03 09:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2009/03/14 19:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Micro
[2010/04/01 15:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/07/06 16:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\page
[2009/08/09 05:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/01/01 11:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/01/05 16:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmallFunFarkle
[2010/07/25 16:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftPerfect
[2008/11/22 15:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/07/05 13:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Speedbit
[2009/05/19 09:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2010/08/08 20:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/09/09 23:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/01/30 09:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/08/08 21:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X-Setup Pro
[2009/07/31 17:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danyell Scott\Application Data\Orbit
[2009/07/31 17:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Evans\Application Data\F-Secure
[2009/08/01 11:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Evans\Application Data\Orbit
[2009/07/31 14:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan Scott\Application Data\Orbit
[2009/05/20 10:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Acoustica
[2009/05/11 11:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\aignes
[2009/07/06 16:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Ashampoo
[2008/12/30 16:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\bang
[2009/07/30 06:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Clone2Go Video Converter Free Version
[2010/08/08 20:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\CloneSpy
[2009/04/24 09:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\deskUNPDF
[2009/11/16 22:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\DivoGames
[2010/08/09 00:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\DMCache
[2009/09/25 05:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\F-Secure
[2010/01/23 11:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Farming Extreme
[2008/09/30 09:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2009/06/26 03:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\FrostWire
[2009/02/05 19:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\GarageGames
[2009/02/10 17:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\GrabPro
[2009/06/17 23:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\gtk-2.0
[2010/08/09 00:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\IDM
[2009/07/08 15:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\ImgBurn
[2008/12/10 11:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\IrfanView
[2009/08/03 16:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\ISP Monitor
[2009/12/25 12:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\JewelMatch2
[2009/02/09 16:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\LimeWire
[2009/05/13 09:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Megaupload
[2009/12/11 15:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\mjusbsp
[2010/08/08 19:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Movienizer
[2009/06/13 06:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Moyea
[2009/02/03 11:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\muvee Technologies
[2009/03/22 06:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Nikon
[2009/05/18 10:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\OfficeUpdate12
[2009/07/05 08:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Opera
[2009/12/06 12:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Orbit
[2009/02/11 09:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Participatory Culture Foundation
[2009/05/09 15:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\PCF-VLC
[2009/02/10 02:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\PPMate
[2009/04/28 05:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\SanDisk
[2008/11/07 12:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\SmartDraw
[2009/03/13 17:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Sony
[2009/03/13 16:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Sony Setup
[2010/06/15 10:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\SystemRequirementsLab
[2010/05/02 18:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\TS3Client
[2010/08/08 20:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\UNOUndercover
[2009/03/08 13:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Windows Search
[2008/08/02 20:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\WinPatrol
[2010/08/08 21:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\X-Setup Pro
[2009/11/14 10:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\YoudaGames
[2010/07/25 01:43:11 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/07/28 15:04:03 | 000,000,246 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2002/07/24 05:00:00 | 000,150,528 | RHS- | M] () -- C:\arcldr.exe
[2002/07/24 05:00:00 | 000,163,840 | RHS- | M] () -- C:\arcsetup.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF
@Alternate Data Stream - 37 bytes -> C:\Documents and Settings\Renee Evans\Desktop\OTL.scr:FS_dl_url
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEB1746D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F59BA980
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D2892D9
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43C9D140
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Attached Files


  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP