Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus hid all files/folders and more.


  • Please log in to reply

#1
MisterCorn

MisterCorn

    Member

  • Member
  • PipPip
  • 25 posts
Leaving details for curious folks...

Thank you in advance!

OTL logfile created on: 6/6/2011 8:38:56 AM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\*********\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.11 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 70.51% Memory free
6.23 Gb Paging File | 5.35 Gb Available in Paging File | 86.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 424.36 Gb Free Space | 91.13% Space Free | Partition Type: NTFS
Drive P: | 1023.99 Gb Total Space | 951.18 Gb Free Space | 92.89% Space Free | Partition Type: NTFS

Computer Name: ********* | User Name: ********* | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 08:19:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\*********\Desktop\OTL.exe
PRC - [2010/04/01 16:46:20 | 000,115,560 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/04/01 16:46:20 | 000,108,392 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/04/01 16:46:18 | 001,864,888 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/04/01 16:46:18 | 001,455,432 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/04/01 16:46:16 | 002,477,304 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/03/23 14:19:32 | 001,528,616 | -H-- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/20 13:25:26 | 000,979,104 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
PRC - [2009/10/20 13:25:22 | 001,489,984 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
PRC - [2009/09/25 04:50:00 | 000,185,664 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/25 04:50:00 | 000,136,512 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/09/25 04:50:00 | 000,120,128 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/09/25 04:50:00 | 000,075,072 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/09/10 12:10:34 | 000,514,632 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Policy Auditor Agent\PASysTray.exe
PRC - [2009/09/02 18:03:36 | 000,070,728 | -H-- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2009/09/02 17:59:20 | 000,035,696 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
PRC - [2009/08/27 15:58:56 | 000,151,552 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Audit Manager\AuditManagerService.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | -H-- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | -H-- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/20 12:28:26 | 000,059,920 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\LBTWiz.exe
PRC - [2009/07/20 12:28:10 | 000,121,360 | -H-- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
PRC - [2009/07/13 19:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/13 19:14:30 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
PRC - [2009/07/13 19:14:27 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
PRC - [2009/07/13 19:14:27 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net.exe
PRC - [2009/07/13 19:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009/07/13 19:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/03 16:16:42 | 000,207,400 | -H-- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 16:16:34 | 000,153,640 | -H-- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 16:13:28 | 000,400,936 | -H-- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/05/18 12:43:58 | 000,360,448 | -H-- | M] (Tumbleweed Communications Inc.) -- C:\Program Files\Tumbleweed\Desktop Validator\DVTrayApp.exe
PRC - [2007/05/18 12:43:30 | 000,073,728 | -H-- | M] (Tumbleweed Communications Inc.) -- C:\Program Files\Tumbleweed\Desktop Validator\DVService.exe
PRC - [2007/04/13 02:50:00 | 000,590,712 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe


========== Modules (SafeList) ==========

MOD - [2011/06/06 08:19:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\*********\Desktop\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/24 21:21:48 | 000,200,704 | -H-- | M] (NetIQ Corporation) [On_Demand | Stopped] -- C:\Program Files\OnePointDomainAgent\DCTAgentService.exe -- (OnePointDomainAdminService)
SRV - [2010/07/01 16:10:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/01 16:46:20 | 000,108,392 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/04/01 16:46:20 | 000,108,392 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/04/01 16:46:18 | 001,864,888 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/04/01 16:46:18 | 000,341,320 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/04/01 16:46:16 | 002,477,304 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/03/23 14:19:32 | 001,528,616 | -H-- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/10/20 13:25:22 | 001,489,984 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent)
SRV - [2009/09/25 04:50:00 | 000,120,128 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/09/16 18:01:16 | 000,020,480 | -H-- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/09/02 18:03:36 | 000,070,728 | -H-- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2009/09/02 17:59:20 | 000,035,696 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe -- (hips)
SRV - [2009/08/27 15:58:56 | 000,151,552 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Audit Manager\AuditManagerService.exe -- (McAfeeAuditManager)
SRV - [2009/08/18 02:36:08 | 000,176,128 | -H-- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/20 12:28:10 | 000,121,360 | -H-- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/03 16:16:42 | 000,207,400 | -H-- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2009/03/20 19:10:15 | 003,093,880 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/05/18 12:43:30 | 000,073,728 | -H-- | M] (Tumbleweed Communications Inc.) [Auto | Running] -- C:\Program Files\Tumbleweed\Desktop Validator\DVService.exe -- (Tumbleweed Desktop Validator)
SRV - [2007/04/13 02:50:00 | 000,590,712 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2006/11/09 15:30:14 | 000,065,536 | -H-- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/09/13 10:32:12 | 000,128,536 | -H-- | M] (iAnywhere Solutions, Inc.) [Disabled | Stopped] -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17)


========== Driver Services (SafeList) ==========

DRV - [2011/06/03 13:46:18 | 001,542,392 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110605.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/06/03 13:46:18 | 000,374,392 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/06/03 13:46:18 | 000,086,008 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110605.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/12 02:00:00 | 000,105,592 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/11/11 23:22:00 | 000,059,136 | -H-- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2010/09/10 22:32:20 | 000,167,936 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/07/02 09:45:12 | 000,124,976 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/01 16:46:24 | 000,042,312 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/04/01 16:46:22 | 000,043,696 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/04/01 16:46:20 | 000,320,560 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/04/01 16:46:20 | 000,281,648 | -H-- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/04/01 16:46:18 | 000,092,488 | -H-- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/04/01 16:46:18 | 000,050,064 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/04/01 16:46:12 | 000,421,424 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/03/23 14:15:36 | 000,308,859 | -H-- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010/02/24 09:02:52 | 000,064,032 | -H-- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/12/18 12:13:02 | 000,020,480 | -H-- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/12/18 12:13:00 | 000,230,912 | -H-- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/18 12:12:58 | 000,174,720 | -H-- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/12/18 12:12:58 | 000,174,720 | -H-- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/12/18 12:12:58 | 000,174,720 | -H-- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/10/20 13:23:46 | 000,030,952 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\firelm01.sys -- (firelm01)
DRV - [2009/10/20 13:23:40 | 000,145,616 | -H-- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FireTDI.sys -- (FireTDI)
DRV - [2009/10/20 13:23:36 | 000,135,872 | -H-- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\FirePM.sys -- (FirePM)
DRV - [2009/09/02 18:02:56 | 000,063,728 | -H-- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/09/02 18:01:36 | 000,343,760 | -H-- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/02 17:59:00 | 000,035,584 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HIPQK.sys -- (HIPQK)
DRV - [2009/09/02 17:58:44 | 000,038,680 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HIPPSK.sys -- (HIPPSK)
DRV - [2009/09/02 17:58:28 | 000,107,960 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HIPK.sys -- (HIPK)
DRV - [2009/08/18 03:48:06 | 004,994,560 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 19:19:10 | 000,175,824 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 19:19:10 | 000,040,896 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 19:19:10 | 000,028,224 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:28:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 17:28:45 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 16:02:51 | 004,231,168 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 16:02:49 | 000,229,888 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2009/06/17 10:56:32 | 000,028,560 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 10:56:16 | 000,037,392 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/11/16 19:39:44 | 000,131,984 | -H-- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/17 15:26:24 | 000,044,680 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\firehk.sys -- (FirehkMP)
DRV - [2008/10/17 15:26:24 | 000,044,680 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\firehk.sys -- (Firehk)
DRV - [2008/09/10 17:47:24 | 000,031,104 | -H-- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BlackBerrySCRDriver.sys -- (Rim)
DRV - [2007/04/13 02:50:00 | 000,023,416 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2007/01/18 21:28:02 | 000,005,275 | -H-- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007/01/03 17:25:18 | 000,027,536 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\frmupgr.sys -- (DFUBTUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1388330954-3705283503-357513848-386105\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://iport
IE - HKU\S-1-5-21-1388330954-3705283503-357513848-386105\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://iport
IE - HKU\S-1-5-21-1388330954-3705283503-357513848-386105\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [ApproveItForOfficeSetup] C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe (Silanis Technology Inc.)
O4 - HKLM..\Run: [AprvRemoveLegacyExcelKeys] File not found
O4 - HKLM..\Run: [AprvRemoveLegacyWordKeys] File not found
O4 - HKLM..\Run: [Bluetooth Connection Assistant] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DVTrayApp] C:\Program Files\Tumbleweed\Desktop Validator\DVTrayApp.exe (Tumbleweed Communications Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfee Policy Auditor Tray Icon] C:\Program Files\McAfee\Policy Auditor Agent\PASysTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickBooksDB17] C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe (iAnywhere Solutions, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylockeduserid = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1388330954-3705283503-357513848-386105\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1388330954-3705283503-357513848-386105\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1388330954-3705283503-357513848-386105\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-1388330954-3705283503-357513848-386105\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} https://ngid-j6-bes2...bComponents.cab (SCDeviceMonitor Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.28)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 55.18.7.225 55.18.247.11 55.18.247.12 55.18.7.227 55.18.7.228 55.18.7.224 55.18.7.226 216.136.95.2 64.132.94.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ng.ds.army.mil
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 08:32:59 | 000,039,816 | -H-- | C] (McAfee, Inc.) -- C:\Windows\System32\HIPIS0e011af.dll
[2011/06/06 08:19:35 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\*********\Desktop\OTL.exe
[2011/06/06 08:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/06/06 08:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/06 07:49:04 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Malwarebytes
[2011/06/06 07:48:56 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/06 07:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/06 07:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/06 07:48:52 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/06 07:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/06 07:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/06/06 07:45:30 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/06/06 07:43:17 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Adobe
[2011/06/06 07:42:01 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\McAfee
[2011/06/06 07:41:57 | 000,000,000 | R--D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/06/06 07:41:57 | 000,000,000 | R--D | C] -- C:\Users\*********\Searches
[2011/06/06 07:41:57 | 000,000,000 | R--D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/06/06 07:41:57 | 000,000,000 | -H-D | C] -- C:\Users\*********\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/06/06 07:41:54 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Identities
[2011/06/06 07:41:52 | 000,000,000 | R--D | C] -- C:\Users\*********\Contacts
[2011/06/06 07:41:51 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Local\Symantec
[2011/06/06 07:41:45 | 000,000,000 | --SD | C] -- C:\Users\*********\AppData\Roaming\Microsoft
[2011/06/06 07:41:45 | 000,000,000 | RH-D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/06/06 07:41:45 | 000,000,000 | RH-D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/06/06 07:41:45 | 000,000,000 | R--D | C] -- C:\Users\*********\Videos
[2011/06/06 07:41:45 | 000,000,000 | R--D | C] -- C:\Users\*********\Saved Games
[2011/06/06 07:41:45 | 000,000,000 | R--D | C] -- C:\Users\*********\Pictures
[2011/06/06 07:41:45 | 000,000,000 | R--D | C] -- C:\Users\*********\Music
[2011/06/06 07:41:45 | 000,000,000 | R--D | C] -- C:\Users\*********\Links
[2011/06/06 07:41:45 | 000,000,000 | R--D | C] -- C:\Users\*********\Favorites
[2011/06/06 07:41:45 | 000,000,000 | R--D | C] -- C:\Users\*********\Downloads
[2011/06/06 07:41:45 | 000,000,000 | R--D | C] -- C:\Users\*********\Documents
[2011/06/06 07:41:45 | 000,000,000 | R--D | C] -- C:\Users\*********\Desktop
[2011/06/06 07:41:45 | 000,000,000 | -HSD | C] -- C:\Users\*********\AppData\Local\Temporary Internet Files
[2011/06/06 07:41:45 | 000,000,000 | -HSD | C] -- C:\Users\*********\Templates
[2011/06/06 07:41:45 | 000,000,000 | -HSD | C] -- C:\Users\*********\Start Menu
[2011/06/06 07:41:45 | 000,000,000 | -HSD | C] -- C:\Users\*********\SendTo
[2011/06/06 07:41:45 | 000,000,000 | -HSD | C] -- C:\Users\*********\Recent
[2011/06/06 07:41:45 | 000,000,000 | -HSD | C] -- C:\Users\*********\PrintHood
[2011/06/06 07:41:45 | 000,000,000 | -HSD | C] -- C:\Users\*********\NetHood
[2011/06/06 07:41:45 | 000,000,000 | -HSD | C] -- C:\Users\*********\Documents\My Videos
[2011/06/06 07:41:45 | 000,000,000 | -HSD | C] -- C:\Users\*********\Documents\My Pictures
[2011/06/06 07:41:45 | 000,000,000 | -HSD | C] -- C:\Users\*********\Documents\My Music
[2011/06/06 07:41:45 | 000,000,000 | -HSD | C] -- C:\Users\*********\My Documents
[2011/06/06 07:41:45 | 000,000,000 | -HSD | C] -- C:\Users\*********\Local Settings
[2011/06/06 07:41:45 | 000,000,000 | -HSD | C] -- C:\Users\*********\AppData\Local\History
[2011/06/06 07:41:45 | 000,000,000 | -HSD | C] -- C:\Users\*********\Cookies
[2011/06/06 07:41:45 | 000,000,000 | -HSD | C] -- C:\Users\*********\Application Data
[2011/06/06 07:41:45 | 000,000,000 | -HSD | C] -- C:\Users\*********\AppData\Local\Application Data
[2011/06/06 07:41:45 | 000,000,000 | -H-D | C] -- C:\Users\*********\AppData\Local\Temp
[2011/06/06 07:41:45 | 000,000,000 | -H-D | C] -- C:\Users\*********\AppData\Local\Microsoft Help
[2011/06/06 07:41:45 | 000,000,000 | -H-D | C] -- C:\Users\*********\AppData\Local\Microsoft
[2011/06/06 07:41:45 | 000,000,000 | -H-D | C] -- C:\Users\*********\AppData\Roaming\Media Center Programs
[2011/06/06 07:41:45 | 000,000,000 | -H-D | C] -- C:\Users\*********\AppData\Roaming\Macromedia
[2011/06/06 07:41:45 | 000,000,000 | -H-D | C] -- C:\Users\*********\AppData
[2011/06/02 15:13:09 | 000,000,000 | -H-D | C] -- C:\Program Files\netiq
[2011/06/02 15:13:06 | 000,000,000 | -H-D | C] -- C:\Program Files\OnePointDomainAgent
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/06 08:36:56 | 000,000,166 | ---- | M] () -- C:\Users\*********\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.url
[2011/06/06 08:36:54 | 000,000,182 | ---- | M] () -- C:\Users\*********\Desktop\Posting New Topic - Geeks to Go Forums.url
[2011/06/06 08:33:52 | 000,012,418 | RHS- | M] () -- C:\Users\*********\ntuser.pol
[2011/06/06 08:33:38 | 000,000,454 | -H-- | M] () -- C:\Windows\SMSCFG.ini
[2011/06/06 08:33:18 | 000,083,022 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/06/06 08:32:59 | 000,000,113 | ---- | M] () -- C:\Windows\System32\api_hook_list.dat
[2011/06/06 08:32:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/06 08:32:35 | 2507,538,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/06 08:19:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\*********\Desktop\OTL.exe
[2011/06/06 08:01:09 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 08:01:09 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 07:42:46 | 000,001,411 | ---- | M] () -- C:\Users\*********\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/05 13:46:07 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~29286136r
[2011/06/05 13:46:07 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~29286136
[2011/06/05 13:46:03 | 000,000,336 | -H-- | M] () -- C:\ProgramData\29286136
[2011/06/05 11:22:16 | 000,637,572 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/05 11:22:16 | 000,111,968 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/27 22:12:53 | 000,000,000 | -H-- | M] () -- C:\t1cc.1
[2011/05/22 15:58:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/06 08:36:56 | 000,000,166 | ---- | C] () -- C:\Users\*********\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.url
[2011/06/06 08:36:54 | 000,000,182 | ---- | C] () -- C:\Users\*********\Desktop\Posting New Topic - Geeks to Go Forums.url
[2011/06/06 08:32:59 | 000,000,113 | ---- | C] () -- C:\Windows\System32\api_hook_list.dat
[2011/06/06 07:42:46 | 000,001,411 | ---- | C] () -- C:\Users\*********\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/06 07:41:58 | 000,001,417 | ---- | C] () -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/06/06 07:41:57 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/06/06 07:41:48 | 000,012,418 | RHS- | C] () -- C:\Users\*********\ntuser.pol
[2011/06/06 07:41:45 | 000,000,290 | -H-- | C] () -- C:\Users\*********\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/06 07:41:45 | 000,000,272 | -H-- | C] () -- C:\Users\*********\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/05 13:46:07 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~29286136r
[2011/06/05 13:46:07 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~29286136
[2011/06/05 13:46:03 | 000,000,336 | -H-- | C] () -- C:\ProgramData\29286136
[2011/05/27 22:12:53 | 000,000,000 | -H-- | C] () -- C:\t1cc.1
[2011/05/22 15:58:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2010/10/06 13:02:31 | 000,000,435 | -H-- | C] () -- C:\Windows\System32\dsac.exe.config
[2010/07/25 02:19:02 | 000,000,454 | -H-- | C] () -- C:\Windows\SMSCFG.ini
[2010/07/09 10:34:01 | 000,000,121 | -H-- | C] () -- C:\Windows\ODBC.INI
[2010/07/06 10:14:48 | 000,000,256 | -H-- | C] () -- C:\Windows\System32\pool.bin
[2010/07/06 09:40:31 | 000,000,036 | -H-- | C] () -- C:\Windows\iltwain.ini
[2010/07/06 09:40:30 | 000,000,056 | -H-- | C] () -- C:\Windows\Addrfixr.ini
[2010/07/06 09:40:27 | 000,009,391 | -H-- | C] () -- C:\Windows\System32\dymourl.ini
[2010/07/06 09:39:44 | 000,061,440 | -H-- | C] () -- C:\Windows\System32\DYMOCFG.DLL
[2010/07/06 09:39:44 | 000,004,096 | -H-- | C] () -- C:\Windows\System32\lmmonres.dll
[2010/07/06 07:53:01 | 000,083,022 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/02 12:01:50 | 000,036,962 | -H-- | C] () -- C:\Windows\System32\ActPanel.dll
[2010/07/02 11:59:03 | 000,004,733 | -H-- | C] () -- C:\Windows\SigPlus.ini
[2010/07/01 16:32:47 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin
[2010/03/23 14:26:48 | 000,201,512 | -H-- | C] () -- C:\Windows\System32\vpnapi.dll
[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,425,168 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,637,572 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,111,968 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 19:29:04 | 000,197,654 | -H-- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/29 23:05:56 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\erainp32.dll
[2009/02/18 17:55:22 | 000,294,912 | -H-- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 20:52:04 | 000,045,056 | -H-- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2007/08/16 16:17:50 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2005/12/21 17:57:04 | 000,024,576 | -H-- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005/12/21 17:54:34 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2004/10/26 16:39:05 | 003,375,104 | -H-- | C] () -- C:\Windows\System32\qt-mt331.dll
[2002/03/13 15:46:46 | 000,053,248 | -H-- | C] () -- C:\Windows\System32\zlib.dll

========== LOP Check ==========

[2011/03/15 12:38:34 | 000,000,000 | -H-D | M] -- C:\Users\*********\AppData\Roaming\PureEdge
[2010/10/28 12:24:50 | 000,000,000 | -H-D | M] -- C:\Users\*********\AppData\Roaming\Blackberry Desktop
[2010/11/01 13:29:08 | 000,000,000 | -H-D | M] -- C:\Users\*********\AppData\Roaming\Leadertech
[2010/07/06 08:03:12 | 000,000,000 | -H-D | M] -- C:\Users\*********\AppData\Roaming\PureEdge
[2010/07/06 08:50:05 | 000,000,000 | -H-D | M] -- C:\Users\*********\AppData\Roaming\reflectionweb
[2010/09/16 13:18:34 | 000,000,000 | -H-D | M] -- C:\Users\*********\AppData\Roaming\Research In Motion
[2011/06/02 15:23:52 | 000,000,000 | -H-D | M] -- C:\Users\*********\AppData\Roaming\PureEdge
[2011/06/02 15:02:57 | 000,000,000 | -H-D | M] -- C:\Users\new\AppData\Roaming\PureEdge
[2011/05/11 17:52:37 | 000,000,000 | -H-D | M] -- C:\Users\user\AppData\Roaming\PureEdge
[2010/07/02 11:35:44 | 000,000,000 | -H-D | M] -- C:\Users\words\AppData\Roaming\PureEdge
[2009/07/13 22:53:46 | 000,031,668 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:010ADD2C

< End of report >

Attached Files


Edited by MisterCorn, 06 June 2011 - 09:21 AM.

  • 0

Advertisements


#2
MisterCorn

MisterCorn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Nevermind, backing up her profile and wiping the computer. Topic can be ignored or deleted.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP