Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware has taken over my computer, stopped it from booting (OTL log i

Started by Sakhalinskii , Sep 23 2011 10:51 AM

  • Please log in to reply

#1
Sakhalinskii
Posted 23 September 2011 - 10:51 AM

Sakhalinskii

    Member

  • Member
  • PipPip
  • 14 posts
Earlier today, I noticed a bunch of oddly names programs were coming up on Windows Defender (which I didn't even know I had) asking permission to access the internet. I don't remember any of the names sorry, and I might have clicked 'allow' for at least one. Before I knew it, a message came up saying something like 'your computer has the maximum number of secrets allowed', the windows I had open siezed up, and no program (I tried Malwarebytes) would initialise, and when I pulled the USB cord connected my 1TB external harddrive out the screen went black and I had to turn it off. Now, whenever I try to boot to Windows, it says "update to dmi" or 'verifying dmi pool' and doesn't get any further. I tried the steps to do a manual system restore outlined on this site:
http://community.spi...how_to/show/214
But it didn't do anything. So I used my copy of reatogo, booted it and did a full OTL scan, here it is:


OTL logfile created on: 9/24/2011 2:41:47 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 18.04 Gb Free Space | 16.14% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 20.46 Gb Free Space | 8.78% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2010/07/06 15:32:04 | 000,014,088 | ---- | M] (Memeo) [Auto] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/03/29 11:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/07/23 15:54:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2005/10/19 21:19:10 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Boot] -- -- (sptd)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpt3xx)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2009/10/01 17:46:03 | 000,003,968 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FRIdrv.sys -- (FRIdrv)
DRV - [2009/09/11 17:17:15 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2009/05/22 19:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2009/05/13 17:56:18 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009/02/17 13:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/09/25 10:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\MediaCoder Audio Edition\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/07/09 21:56:00 | 004,449,280 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/10/31 02:35:00 | 003,964,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/06/28 05:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/05/11 01:11:00 | 000,472,096 | ---- | M] (D-Link Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2005/12/11 14:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/01/07 20:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 04:01:10 | 000,139,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2004/08/04 04:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/04 04:01:08 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/04 04:01:08 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/04 02:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2004/08/04 02:20:08 | 000,176,512 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2004/08/04 02:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/04 02:15:54 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/04 02:15:22 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2004/08/04 02:15:18 | 000,451,456 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2004/08/04 02:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2004/08/04 02:15:06 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2004/08/04 02:14:46 | 000,336,256 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2004/08/04 02:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2004/08/04 02:14:38 | 000,162,816 | ---- | M] (Корпорация Майкрософт) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/04 02:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/04 02:14:32 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/04 02:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/04 02:14:30 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/04 02:14:28 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/04 02:14:24 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/04 02:14:18 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/04 02:14:16 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2004/08/04 02:14:12 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/04 02:10:30 | 000,085,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NABTSFEC.sys -- (NABTSFEC)
DRV - [2004/08/04 02:10:22 | 000,019,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WSTCODEC.SYS -- (WSTCODEC)
DRV - [2004/08/04 02:10:18 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CCDECODE.sys -- (CCDECODE)
DRV - [2004/08/04 02:10:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SLIP.sys -- (SLIP)
DRV - [2004/08/04 02:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\StreamIP.sys -- (streamip)
DRV - [2004/08/04 02:10:14 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NdisIP.sys -- (NdisIP)
DRV - [2004/08/04 02:10:12 | 000,078,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV - [2004/08/04 02:08:48 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2004/08/04 02:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2004/08/04 02:08:44 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/04 02:08:38 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2004/08/04 02:08:06 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2004/08/04 02:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/04 02:07:50 | 000,171,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2004/08/04 02:07:48 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/04 02:07:48 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2004/08/04 02:07:48 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/04 02:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2004/08/04 02:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2004/08/04 02:07:38 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2004/08/04 02:07:18 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/04 02:07:18 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/04 02:07:08 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/04 02:06:26 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2004/08/04 02:05:08 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/04 02:05:04 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/04 02:04:58 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/04 02:04:52 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/04 02:04:46 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/04 02:04:20 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/04 02:04:14 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/04 02:03:22 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/04 02:03:14 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/04 02:01:20 | 000,124,800 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2004/08/04 02:01:16 | 000,196,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2004/08/04 02:00:58 | 000,181,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2004/08/04 02:00:48 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/04 02:00:44 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/04 02:00:42 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/04 02:00:32 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/04 02:00:18 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/04 02:00:16 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/04 02:00:14 | 000,263,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2004/08/04 02:00:08 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)
DRV - [2004/08/04 01:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2004/08/04 01:59:56 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/04 01:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/04 01:59:48 | 000,092,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2004/08/04 01:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/08/04 01:59:28 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/04 01:59:28 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/04 01:59:18 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2004/08/04 01:59:08 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\parport.sys -- (Parport)
DRV - [2004/08/04 01:59:08 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2004/08/04 01:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2004/08/04 01:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2004/08/04 01:58:42 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/04 01:58:40 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE)
DRV - [2004/08/04 01:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2004/08/04 01:58:34 | 000,209,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2004/08/04 01:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/04 01:58:34 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/04 01:58:32 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/04 01:58:32 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/04 01:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2004/08/03 11:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2004/08/01 11:09:24 | 000,044,928 | ---- | M] (OrangeWare Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2001/08/23 08:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/23 08:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2001/08/23 08:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2001/08/23 08:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2001/08/23 08:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2001/08/23 08:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2001/08/23 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2001/08/23 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2001/08/23 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/23 08:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2001/08/23 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/23 08:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2001/08/23 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/23 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/23 08:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2001/08/23 08:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2001/08/23 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2001/08/23 08:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2001/08/23 08:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2001/08/23 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2001/08/23 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2001/08/23 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2001/08/23 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2001/08/23 08:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/23 08:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2001/08/23 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2001/08/17 17:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.OH-DEAR_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\freenet_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Furring_Nevertheless_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Furring_Nevertheless_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\Furring_Nevertheless_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freemov2avi.com/search/
IE - HKU\Furring_Nevertheless_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKU\Furring_Nevertheless_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Furring_Nevertheless_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\LocalService.NT_AUTHORITY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService.NT_AUTHORITY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/08/21 15:02:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/09/03 02:14:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 23:33:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 03:30:47 | 000,000,000 | ---D | M]

[2011/05/01 03:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/07 23:33:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/19 03:45:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010/08/21 15:02:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/09/07 23:33:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/08/21 15:02:17 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/05/26 22:18:22 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2003/07/15 01:56:52 | 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2010/06/19 15:34:11 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/03/29 11:53:22 | 000,032,576 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2010/01/01 04:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 04:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 04:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/09/14 02:20:50 | 000,000,882 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 95.64.61.143 www.google.com
O1 - Hosts: 95.64.61.144 www.bing.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\Furring_Nevertheless_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Furring_Nevertheless_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Furring_Nevertheless_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\Administrator.OH-DEAR_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [cd Tools updater] File not found
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [default drivers checker] File not found
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe ()
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [HNUPROXRb21P] C:\Documents and Settings\Furring Nevertheless\Local Settings\Temp\3945639624.exe ()
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [HNUPROXRmSc] C:\Documents and Settings\Furring Nevertheless\Local Settings\Temp\avp32.exe ()
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [HNUPROXRoMc] C:\Documents and Settings\Furring Nevertheless\Local Settings\Temp\gdi32.exe ()
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [HNUPROXRota] C:\Documents and Settings\Furring Nevertheless\Local Settings\Temp\install.exe ()
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [HNUPROXRprc] C:\Documents and Settings\Furring Nevertheless\Local Settings\Temp\login.exe ()
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [HNUPROXRptc] C:\Documents and Settings\Furring Nevertheless\Local Settings\Temp\msmgm.exe ()
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [HNUPROXRre] C:\Documents and Settings\Furring Nevertheless\Local Settings\Temp\user.exe ()
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [HNUPROXRrNe] C:\Documents and Settings\Furring Nevertheless\Local Settings\Temp\u4h4dn.exe ()
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [HNUPROXRrrb] C:\Documents and Settings\Furring Nevertheless\Local Settings\Temp\taskmgr.exe ()
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [HNUPROXRrta] C:\Documents and Settings\Furring Nevertheless\Local Settings\Temp\services.exe ()
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [HNUPROXRrwe] C:\Documents and Settings\Furring Nevertheless\Local Settings\Temp\sysmgm.exe ()
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [MKaoc] C:\WINDOWS\debug.exe ()
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [MKasc] C:\WINDOWS\drweb.exe ()
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [MKbta] C:\WINDOWS\install.exe ()
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [MKerb] C:\WINDOWS\taskmgr.exe ()
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [MKeuf] C:\WINDOWS\spoolsv.exe ()
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [msi system tune] File not found
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\Furring_Nevertheless_ON_C..\Run: [oxfok.exe] C:\Documents and Settings\Furring Nevertheless\Application Data\Xoca\oxfok.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Furring Nevertheless\Start Menu\Programs\Startup\GigaTribe.lnk = File not found
O4 - Startup: C:\Documents and Settings\Furring Nevertheless\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
F3 - HKU\Furring_Nevertheless_ON_C WinNT: Load - (C:\DOCUME~1\FURRIN~1\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Furring Nevertheless\Local Settings\Temp\csrss.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.OH-DEAR_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\freenet_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Furring_Nevertheless_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Furring_Nevertheless_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\Furring_Nevertheless_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8C2D1BF0-5364-403C-9968-E6E348C6B4FB} http://us1.iradiopop...VBIRDPlayer.CAB (VBIRDPlayer.Player)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\Furring_Nevertheless_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Furring_Nevertheless_ON_C Winlogon: Shell - (C:\Documents and Settings\Furring Nevertheless\Application Data\dwm.exe) - C:\Documents and Settings\Furring Nevertheless\Application Data\dwm.exe ()
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/28 02:50:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/06/23 00:35:26 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/09/24 13:19:20 | 000,000,000 | ---D | C] -- C:\temp2
[2011/09/22 07:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Furring Nevertheless\Application Data\PlayPond
[2011/09/22 06:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Furring Nevertheless\Application Data\Boomzap
[2011/09/21 07:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Furring Nevertheless\Application Data\ERS Game Studios
[2011/09/17 02:15:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Furring Nevertheless\Recent
[2011/09/15 05:07:32 | 001,777,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2011/09/01 01:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Furring Nevertheless\Start Menu\Programs\PersonalBrain
[2011/09/01 01:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\PersonalBrain
[2011/08/31 10:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Furring Nevertheless\My Documents\a_brain
[2011/08/31 09:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Furring Nevertheless\My Documents\f_brain
[2011/08/31 09:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Furring Nevertheless\My Documents\Bisc_brain
[2011/08/31 09:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PersonalBrain
[2011/08/28 12:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Furring Nevertheless\Application Data\Azureus
[2010/08/25 22:52:14 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2010/08/25 22:52:14 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2010/08/25 22:52:14 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2010/08/25 22:52:14 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2077/10/30 22:30:54 | 000,136,704 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\MIC00003.WAV
[2077/10/29 23:17:30 | 000,337,920 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\MIC00002.WAV
[2077/10/29 23:13:28 | 000,162,304 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\MIC00001.WAV
[2077/09/04 11:53:34 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\MIC00004.WAV
[2011/09/23 03:54:10 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/23 03:51:50 | 000,002,760 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\Application Data\F3A6.C08
[2011/09/23 03:48:01 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/23 03:47:31 | 000,187,904 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\Application Data\dwm.exe
[2011/09/23 03:39:27 | 000,100,252 | -H-- | M] () -- C:\WINDOWS\spoolsv.exe
[2011/09/23 03:39:27 | 000,100,252 | -H-- | M] () -- C:\WINDOWS\install.exe
[2011/09/23 03:39:25 | 000,100,252 | -H-- | M] () -- C:\WINDOWS\taskmgr.exe
[2011/09/23 03:39:23 | 000,100,252 | -H-- | M] () -- C:\WINDOWS\debug.exe
[2011/09/23 03:39:22 | 000,100,000 | -H-- | M] () -- C:\WINDOWS\drweb.exe
[2011/09/23 03:39:21 | 000,050,000 | ---- | M] () -- C:\WINDOWS\System32\gcu9qxo8.dll
[2011/09/23 03:37:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1962579970
[2011/09/23 03:20:57 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/23 03:20:56 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/23 03:20:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/21 10:25:54 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/21 05:39:45 | 000,409,568 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\56443821.jpg
[2011/09/21 03:12:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/17 13:38:17 | 000,040,371 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\90434_v1.jpg
[2011/09/17 13:33:41 | 000,065,011 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\90436.jpg
[2011/09/17 12:33:05 | 000,053,573 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\304_Monet_C.jpg
[2011/09/17 12:24:18 | 000,205,247 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\1011.jpg
[2011/09/17 12:23:27 | 000,150,390 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\1112.jpg
[2011/09/17 12:20:32 | 000,030,168 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\976.jpg
[2011/09/17 12:17:17 | 000,085,580 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\1176.jpg
[2011/09/17 12:16:58 | 000,214,841 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\1099.jpg
[2011/09/17 12:15:43 | 000,068,199 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\1241.jpg
[2011/09/17 02:01:49 | 000,199,168 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/16 13:48:56 | 000,028,213 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\90974.jpg
[2011/09/16 04:23:13 | 000,014,743 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\chatroulette-trolling-untitled28.jpg
[2011/09/16 04:21:16 | 000,029,432 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\chatroulette-trolling-untitled30.jpg
[2011/09/16 04:20:36 | 000,035,535 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\chatroulette-trolling-fearless.jpg
[2011/09/16 04:00:07 | 000,019,565 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\chatroulette-trolling-untitled35.jpg
[2011/09/16 03:59:57 | 000,037,656 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\chatroulette-trolling-sweet-formal-wear-bro.jpg
[2011/09/15 13:14:05 | 000,061,484 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\90473_v1.jpg
[2011/09/15 13:12:41 | 000,036,234 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\90506_v1.jpg
[2011/09/15 09:17:37 | 000,166,414 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\tankcomp.jpg
[2011/09/15 05:09:17 | 001,181,022 | ---- | M] () -- C:\WINDOWS\System32\TmpA16993656
[2011/09/13 03:33:11 | 000,091,740 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\Desktop\groosssss.jpg
[2011/09/12 12:53:52 | 000,017,938 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\dorky-dork-21.jpg
[2011/09/12 12:52:56 | 000,030,616 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\dorky-dork-13.jpg
[2011/09/12 12:52:49 | 000,020,006 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\dorky-dork-12.jpg
[2011/09/12 12:48:13 | 000,056,327 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\celebs-without-eyebrows-24.jpg
[2011/09/12 12:42:49 | 000,128,027 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\hq-dar-151.jpg
[2011/09/12 12:37:20 | 000,054,419 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\best-photos-of-the-week-71.jpg
[2011/09/11 10:12:08 | 000,027,979 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\89089_v1.jpg
[2011/09/11 10:12:02 | 000,043,853 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\89070_v1.jpg
[2011/09/11 10:11:33 | 000,050,738 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\89053_v1.jpg
[2011/09/10 13:53:31 | 000,004,671 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\Artists.brain
[2011/09/09 13:05:09 | 000,006,214 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\test.brain
[2011/09/09 09:44:13 | 000,013,492 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\5c97088b-0b67-4cad-b4e3-f4e28a41d7ea.jpg
[2011/09/08 13:06:13 | 000,004,297 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\Royalty.brain
[2011/09/07 11:58:02 | 000,052,751 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\facade.jpg
[2011/09/06 09:45:08 | 000,062,433 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\304389_2147947212241_1053144390_32536895_7235248_n.jpg
[2011/09/06 01:45:21 | 000,070,612 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\88158_slide.jpg
[2011/09/03 00:23:09 | 000,383,297 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\SAM_3616s.jpg
[2011/09/01 09:53:39 | 000,044,434 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\enhanced-buzz-27990-1288762014-4.jpg
[2011/08/31 13:26:33 | 000,004,665 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\a.brain
[2011/08/31 10:16:15 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/31 10:16:15 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/31 09:58:07 | 000,004,665 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\f.brain
[2011/08/31 09:52:40 | 000,004,668 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\Bisc.brain
[2011/08/27 12:26:41 | 000,072,705 | ---- | M] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\314827_10150360866300420_550060419_10259698_5582374_n.jpg

========== Files Created - No Company Name ==========

[2011/09/23 03:54:10 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/23 03:47:31 | 000,187,904 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\Application Data\dwm.exe
[2011/09/23 03:47:08 | 000,002,760 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\Application Data\F3A6.C08
[2011/09/23 03:39:27 | 000,100,252 | -H-- | C] () -- C:\WINDOWS\spoolsv.exe
[2011/09/23 03:39:27 | 000,100,252 | -H-- | C] () -- C:\WINDOWS\install.exe
[2011/09/23 03:39:25 | 000,100,252 | -H-- | C] () -- C:\WINDOWS\taskmgr.exe
[2011/09/23 03:39:23 | 000,100,252 | -H-- | C] () -- C:\WINDOWS\debug.exe
[2011/09/23 03:39:22 | 000,100,000 | -H-- | C] () -- C:\WINDOWS\drweb.exe
[2011/09/23 03:39:21 | 000,050,000 | ---- | C] () -- C:\WINDOWS\System32\gcu9qxo8.dll
[2011/09/23 03:37:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1962579970
[2011/09/21 05:39:44 | 000,409,568 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\56443821.jpg
[2011/09/17 13:38:16 | 000,040,371 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\90434_v1.jpg
[2011/09/17 13:33:40 | 000,065,011 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\90436.jpg
[2011/09/17 12:33:04 | 000,053,573 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\304_Monet_C.jpg
[2011/09/17 12:24:17 | 000,205,247 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\1011.jpg
[2011/09/17 12:23:26 | 000,150,390 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\1112.jpg
[2011/09/17 12:20:32 | 000,030,168 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\976.jpg
[2011/09/17 12:17:16 | 000,085,580 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\1176.jpg
[2011/09/17 12:16:57 | 000,214,841 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\1099.jpg
[2011/09/17 12:15:41 | 000,068,199 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\1241.jpg
[2011/09/16 13:48:55 | 000,028,213 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\90974.jpg
[2011/09/16 04:23:10 | 000,014,743 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\chatroulette-trolling-untitled28.jpg
[2011/09/16 04:21:14 | 000,029,432 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\chatroulette-trolling-untitled30.jpg
[2011/09/16 04:20:32 | 000,035,535 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\chatroulette-trolling-fearless.jpg
[2011/09/16 04:00:06 | 000,019,565 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\chatroulette-trolling-untitled35.jpg
[2011/09/16 03:59:57 | 000,037,656 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\chatroulette-trolling-sweet-formal-wear-bro.jpg
[2011/09/15 13:14:05 | 000,061,484 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\90473_v1.jpg
[2011/09/15 13:12:40 | 000,036,234 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\90506_v1.jpg
[2011/09/15 09:17:37 | 000,166,414 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\tankcomp.jpg
[2011/09/15 05:09:16 | 001,181,022 | ---- | C] () -- C:\WINDOWS\System32\TmpA16993656
[2011/09/13 03:33:10 | 000,091,740 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\Desktop\groosssss.jpg
[2011/09/12 12:53:52 | 000,017,938 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\dorky-dork-21.jpg
[2011/09/12 12:52:55 | 000,030,616 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\dorky-dork-13.jpg
[2011/09/12 12:52:48 | 000,020,006 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\dorky-dork-12.jpg
[2011/09/12 12:48:12 | 000,056,327 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\celebs-without-eyebrows-24.jpg
[2011/09/12 12:42:49 | 000,128,027 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\hq-dar-151.jpg
[2011/09/12 12:37:18 | 000,054,419 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\best-photos-of-the-week-71.jpg
[2011/09/11 10:12:08 | 000,027,979 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\89089_v1.jpg
[2011/09/11 10:12:01 | 000,043,853 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\89070_v1.jpg
[2011/09/11 10:11:32 | 000,050,738 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\89053_v1.jpg
[2011/09/09 09:44:13 | 000,013,492 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\5c97088b-0b67-4cad-b4e3-f4e28a41d7ea.jpg
[2011/09/07 11:58:02 | 000,052,751 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\facade.jpg
[2011/09/06 09:45:08 | 000,062,433 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\304389_2147947212241_1053144390_32536895_7235248_n.jpg
[2011/09/06 01:45:20 | 000,070,612 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\88158_slide.jpg
[2011/09/03 00:23:07 | 000,383,297 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\SAM_3616s.jpg
[2011/09/01 09:53:38 | 000,044,434 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\enhanced-buzz-27990-1288762014-4.jpg
[2011/08/31 10:10:08 | 000,004,665 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\a.brain
[2011/08/31 09:57:45 | 000,004,665 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\f.brain
[2011/08/31 09:41:20 | 000,004,668 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\Bisc.brain
[2011/08/27 12:26:41 | 000,072,705 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\My Documents\314827_10150360866300420_550060419_10259698_5582374_n.jpg
[2011/03/13 20:31:35 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/05 00:04:10 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\DSPlayer.dll
[2011/01/02 03:23:11 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/12/25 15:54:25 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll
[2010/12/11 17:40:19 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/24 05:21:50 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2010/10/02 04:53:50 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\.recently-used.xbel
[2010/09/03 02:14:11 | 000,126,616 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/25 22:52:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2010/08/06 15:46:31 | 000,000,097 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\Local Settings\Application Data\EditLiveForJava.ini
[2010/07/18 02:20:50 | 000,002,218 | ---- | C] () -- C:\WINDOWS\TLMPRO.INI
[2010/07/18 02:20:49 | 000,000,933 | ---- | C] () -- C:\WINDOWS\SSCE.INI
[2010/07/18 02:17:49 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
[2010/07/18 02:17:49 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BCAC7EAB37.sys
[2009/10/30 03:04:43 | 000,018,287 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2009/10/30 02:44:26 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/10/30 02:44:26 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/10/30 02:44:26 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/10/30 01:54:12 | 000,000,076 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\.gtk-bookmarks
[2009/10/10 18:19:11 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2009/10/10 18:19:11 | 000,061,440 | ---- | C] () -- C:\WINDOWS\diabunin.exe
[2009/10/01 05:44:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\ff3hr1.2.exe
[2009/10/01 05:30:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\ff3hr1.2
[2009/09/11 17:10:22 | 000,000,482 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/07/12 05:23:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/12 02:37:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/12 02:14:38 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\DWLAB.DAT
[2009/07/12 02:14:23 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/07/12 02:00:56 | 000,199,168 | ---- | C] () -- C:\Documents and Settings\Furring Nevertheless\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/12 01:55:42 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/07/12 01:36:05 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2009/07/12 01:21:53 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/07/12 00:18:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/12 00:14:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/11 16:30:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/11 16:29:46 | 000,220,040 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/10/31 02:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 02:35:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/31 02:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 02:35:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/31 02:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 02:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/31 02:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 02:35:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/31 02:35:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/31 02:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/31 02:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/02 17:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/07/15 08:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\.minecraft
[2011/08/03 12:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\.purple
[2010/11/23 00:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\Audacity
[2011/08/28 12:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\Azureus
[2011/09/22 06:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\Boomzap
[2010/03/31 21:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\Broad Intelligence
[2009/07/25 22:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\DAEMON Tools Lite
[2009/09/11 20:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\DAEMON Tools Pro
[2011/07/30 00:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\DVDVideoSoft
[2011/07/30 00:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\DVDVideoSoftIEHelpers
[2011/09/21 07:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\ERS Game Studios
[2010/03/25 02:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\Facebook
[2010/01/15 18:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\Feedreader
[2011/06/06 07:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\FileZilla
[2011/03/13 21:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\GetRightToGo
[2011/06/06 07:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\GlobalSCAPE
[2010/10/11 02:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\gtk-2.0
[2011/01/02 03:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\HandBrake
[2009/07/12 02:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\InterTrust
[2011/03/19 05:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\Leadertech
[2011/09/23 03:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\LimeWire
[2010/09/02 02:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\LOVE
[2010/01/06 03:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\Map Maker
[2011/01/21 04:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\MumboJumbo
[2010/03/31 03:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\NASA
[2011/04/03 03:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\NewsLeecher
[2009/08/23 04:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\Oberon Media
[2011/08/31 09:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\PersonalBrain
[2009/08/27 21:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\PlayFirst
[2011/09/22 07:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\PlayPond
[2010/08/21 15:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\Processing
[2010/07/18 02:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\Progeny
[2011/03/19 05:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\Seagate
[2010/05/18 03:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\SecondLife
[2010/05/24 04:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\SmartDraw
[2011/01/31 18:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\SuperNZB
[2011/01/21 04:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\Thinstall
[2011/09/22 09:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\uTorrent
[2011/08/02 09:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\Xoca
[2011/09/23 03:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Furring Nevertheless\Application Data\Xuhyk
[2011/03/19 05:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Seagate
[2009/09/11 20:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro
[2011/06/06 07:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GlobalSCAPE
[2011/05/29 10:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Last.fm
[2011/01/21 04:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MumboJumbo
[2011/01/27 05:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MySQL
[2009/08/23 04:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Oberon Media
[2011/02/07 18:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
[2011/09/01 02:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PersonalBrain
[2009/08/27 21:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst
[2011/09/21 09:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/12/25 17:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\vsosdk
[2010/03/31 01:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WorldWindData

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\1962579970:4251387275.exe
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C78DADEA
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C581A570
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CF5C4195
< End of report >

I don't know what to do and I really need my computer back for university-related use, can anybody help?
  • 0

Advertisements

#2
Sakhalinskii
Posted 23 September 2011 - 11:40 AM

Sakhalinskii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Oh yeah, it also started by doing that thing other people have described where it would redirect search engine results to malware sites.

EDIT: I'm running an AVG Rescue Disc scan right now (although the virus editions aren't that up to date) and it says I have a Win32/Alureon virus in a file called "Backup_MBR_0.bin" .

Edited by Sakhalinskii, 24 September 2011 - 03:02 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP