Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDL4 Rootkit


  • This topic is locked This topic is locked
5 replies to this topic

#1 hemicharg3r

hemicharg3r

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 15 March 2011 - 09:28 PM

Combofix has reported on 2 runs that it has disinfected the TDL4 Rootkit, but I am still having symptoms, if minor. I have run every online scanner and rootkit tool I could find, and I finally turned to my last bastion of hope, ComboFix but the Rootkit still seems to be infecting me. It is really not showing itself except that it keeps deleting my STEAM.EXE file for the Steam online gaming loader on reboot, but only then. Well that and the fact that the system seems bogged down a lot. Hopefully I have followed you guide properly and this is the right forum to put this post. If not I apologize. Here is what I have so far, uploaded as logs. The last one "Report.txt" is Rootkit Unhooker's log.

Thanks for any help.

Brian

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:08 PM

Posted 19 March 2011 - 11:36 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Running aswMBR.exe

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply.



NEXT:



Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:



Please be sure to include an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 hemicharg3r

hemicharg3r
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 19 March 2011 - 07:47 PM

Hi ST thanks for your response. I already ran the RKUnhooker and included that log in my initial post. Here is the log from aswMBR. Since I posted this I *think* the virus was detected and cleaned by SuperAntiSpyware Pro, since my "steam.exe" file has stopped disappearing now after reboots. Let me know if you still see anything malicious in my logs. Also, I am running ESET NOD32 AV, SAS Pro, RU Botted and ZAPro. I am feeling pretty clogged with anti-everything programs running but stuff still gets through. I know there isn't a cure-all but do you have other recommendations on what to run instead of those? Thanks.

aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-03-19 19:39:36
-----------------------------
19:39:36.875 OS Version: Windows 5.1.2600 Service Pack 3
19:39:36.875 Number of processors: 8 586 0x1A05
19:39:36.875 ComputerName: 900ASSKICKER UserName:
19:39:41.562 Initialize success
19:39:50.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-1d
19:39:50.453 Disk 0 Vendor: WDC_WD5001AALS-00L3B2 01.03B01 Size: 476940MB BusType: 3
19:39:50.453 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-29
19:39:50.468 Disk 1 Vendor: WDC_WD5001AALS-00L3B2 01.03B01 Size: 476940MB BusType: 3
19:39:50.468 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T1L0-31
19:39:50.484 Disk 2 Vendor: WDC_WD740GD-00FLA2 31.08F31 Size: 70911MB BusType: 3
19:39:52.500 Disk 0 MBR read successfully
19:39:52.500 Disk 0 MBR scan
19:39:54.515 Disk 0 scanning sectors +976768065
19:39:54.546 Disk 0 scanning C:\WINDOWS\system32\drivers
19:39:57.906 Service scanning
19:39:58.703 Disk 0 trace - called modules:
19:39:58.718 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
19:39:58.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b06dab8]
19:39:58.750 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000008e[0x8b0cd900]
19:39:58.765 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-1d[0x8b0ced98]
19:39:58.781 Scan finished successfully

#4 hemicharg3r

hemicharg3r
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 19 March 2011 - 08:02 PM

Attached File  Extras.Txt   54.46KB   1 downloadsAttached File  OTL.Txt   135.15KB   1 downloads Here are my other two logs from OTL. I hope it's ok that I attached vs posting. Thanks


OTL logfile created on: 3/19/2011 7:47:27 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 123.95 Gb Total Space | 84.78 Gb Free Space | 68.40% Space Free | Partition Type: NTFS
Drive D: | 112.30 Gb Total Space | 84.22 Gb Free Space | 74.99% Space Free | Partition Type: NTFS
Drive E: | 112.30 Gb Total Space | 102.97 Gb Free Space | 91.69% Space Free | Partition Type: NTFS
Drive F: | 117.20 Gb Total Space | 115.44 Gb Free Space | 98.50% Space Free | Partition Type: NTFS
Drive G: | 115.24 Gb Total Space | 95.84 Gb Free Space | 83.17% Space Free | Partition Type: NTFS
Drive H: | 115.24 Gb Total Space | 82.92 Gb Free Space | 71.96% Space Free | Partition Type: NTFS
Drive I: | 115.24 Gb Total Space | 30.75 Gb Free Space | 26.69% Space Free | Partition Type: NTFS
Drive J: | 120.05 Gb Total Space | 116.21 Gb Free Space | 96.80% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 202.44 Gb Free Space | 21.73% Space Free | Partition Type: NTFS
Drive L: | 69.24 Gb Total Space | 69.05 Gb Free Space | 99.73% Space Free | Partition Type: NTFS

Computer Name: 900ASSKICKER
Current User Name: Brian J. Hoag
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2011/03/17 21:18:39 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/03/05 23:31:41 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/05 23:31:41 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2011/02/18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/01/27 16:13:50 | 000,226,624 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/01/27 16:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/01/17 15:02:06 | 000,220,824 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2010/12/17 10:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010/12/17 10:33:06 | 001,103,184 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2010/07/20 21:24:38 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/07/20 21:22:56 | 001,038,848 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/06/25 19:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/06/22 14:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/06/01 04:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- E:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/06/01 04:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- E:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/05/26 22:40:30 | 000,087,336 | ---- | M] (Nero AG) -- E:\Program Files\Motorola Media Link\NServiceEntry.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/05/10 00:23:35 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2010/04/21 05:41:12 | 000,006,656 | ---- | M] (Motorola) -- C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe
PRC - [2010/03/18 10:37:26 | 002,787,224 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Imperator\RazerImperatorTray.exe
PRC - [2010/03/16 03:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2010/01/09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009/09/11 14:14:30 | 000,131,072 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
PRC - [2009/09/11 14:13:50 | 000,237,568 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
PRC - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/09/11 07:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/05/25 00:00:00 | 002,389,600 | ---- | M] (Lavalys, Inc.) -- E:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
PRC - [2008/10/14 12:46:14 | 000,172,032 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe
PRC - [2008/07/24 15:22:50 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/07/24 15:22:12 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/04/14 05:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/06 09:53:54 | 000,163,840 | ---- | M] (Proxure, Inc.) -- C:\Program Files\Migo Software\Migo Digital Backup 3 Premium\Engine\KVLService.exe
PRC - [2007/08/06 09:52:16 | 000,172,032 | ---- | M] (Proxure, Inc.) -- C:\Program Files\Migo Software\Migo Digital Backup 3 Premium\Engine\Remote\KVRService.exe
PRC - [2007/07/16 21:54:16 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/05 11:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Lachesis\razerofa.exe
PRC - [2005/09/21 15:05:32 | 000,270,336 | ---- | M] () -- C:\Program Files\GEEK SQUAD POWER MANAGEMENT\pppeuser.exe
PRC - [2005/09/20 17:49:36 | 000,487,424 | ---- | M] () -- C:\Program Files\GEEK SQUAD POWER MANAGEMENT\ppped.exe
PRC - [2003/10/10 11:23:48 | 000,094,208 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
PRC - [2003/01/03 10:20:48 | 000,029,184 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe
PRC - [2001/08/10 06:00:00 | 000,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities\NPROTECT.EXE
PRC - [2001/08/09 06:00:00 | 000,176,161 | ---- | M] (Symantec Corporation) -- C:\Program Files\Speed Disk\NOPDB.EXE


========== Modules (SafeList) ==========

MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/10 00:23:35 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
MOD - [2002/08/28 23:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- e:\Program Files\X-Setup Pro\bin\MSScript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2011/02/18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/01/27 16:13:50 | 000,226,624 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/01/17 15:02:06 | 000,220,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2010/12/17 10:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/07/20 21:24:38 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/06/01 04:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- E:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/05/26 22:40:30 | 000,087,336 | ---- | M] (Nero AG) [Auto | Running] -- E:\Program Files\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/05/06 04:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/04/21 05:41:12 | 000,006,656 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe -- (MotoHelper.exe)
SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/09/11 07:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/05/17 22:04:00 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- e:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/07/24 15:22:50 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008/04/14 05:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2007/08/06 09:53:54 | 000,163,840 | ---- | M] (Proxure, Inc.) [Auto | Running] -- C:\Program Files\Migo Software\Migo Digital Backup 3 Premium\Engine\KVLService.exe -- (Proxure KeepVault Local Backup Service)
SRV - [2007/08/06 09:52:16 | 000,172,032 | ---- | M] (Proxure, Inc.) [Auto | Running] -- C:\Program Files\Migo Software\Migo Digital Backup 3 Premium\Engine\Remote\KVRService.exe -- (Proxure KeepVault Remote Backup Service)
SRV - [2005/09/20 17:49:36 | 000,487,424 | ---- | M] () [Auto | Running] -- C:\Program Files\GEEK SQUAD POWER MANAGEMENT\ppped.exe -- (ppped)
SRV - [2003/01/03 10:20:48 | 000,057,344 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2003/01/03 10:20:48 | 000,029,184 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)
SRV - [2001/08/10 06:00:00 | 000,135,168 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2001/08/09 06:00:00 | 000,176,161 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Speed Disk\NOPDB.EXE -- (Speed Disk service)


========== Driver Services (SafeList) ==========

DRV - [2011/02/27 04:00:22 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2011/01/17 15:02:35 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap)
DRV - [2011/01/17 15:02:21 | 000,045,208 | ---- | M] (Macrium Software) [Kernel | On_Demand | Stopped] -- F:\BartPE\Macrium\Files\psmounter.sys -- (PSMounter)
DRV - [2010/11/30 18:06:04 | 006,261,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/10/16 13:55:00 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/06/09 19:16:12 | 000,528,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/18 04:02:24 | 000,079,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2010/03/18 04:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/03/18 04:01:04 | 000,063,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2010/03/08 18:41:48 | 000,220,112 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/10 23:59:16 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/10/09 05:04:02 | 000,253,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv91xx.sys -- (mv91xx)
DRV - [2009/09/14 15:39:18 | 000,130,056 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiK8020.sys -- (SaiK8020)
DRV - [2009/09/14 09:28:04 | 000,020,744 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiNtBus)
DRV - [2009/09/11 07:26:26 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/09/11 07:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 07:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/06/30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/25 00:00:00 | 000,026,736 | ---- | M] () [Kernel | On_Demand | Running] -- E:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)
DRV - [2009/05/05 23:37:52 | 000,026,216 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- e:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/02/19 09:13:42 | 000,084,320 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (Jraid)
DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/04/14 05:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007/12/11 13:42:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/08/15 08:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2007/08/08 11:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2007/04/11 15:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/15 22:52:12 | 000,124,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/03/21 11:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\sabprocenum.sys -- (SABProcEnum)
DRV - [2004/10/21 13:32:12 | 000,013,107 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2004/08/09 17:49:40 | 000,014,592 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2003/12/25 19:53:10 | 000,067,456 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023)
DRV - [2003/12/25 19:53:10 | 000,011,237 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2003/10/10 11:23:48 | 000,032,640 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2001/12/05 17:51:12 | 000,024,772 | ---- | M] (CyberLink Corp.) [Kernel | On_Demand | Stopped] -- E:\Program Files\CyberLink\PowerDVD\clpciid.sys -- (CLPCIID)
DRV - [2001/08/10 06:00:00 | 000,034,354 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-796845957-706699826-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
IE - HKU\S-1-5-21-796845957-706699826-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.ebay.com/
IE - HKU\S-1-5-21-796845957-706699826-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-706699826-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

IE - HKU\S-1-5-21-796845957-706699826-1417001333-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.ebay.com/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.77
FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.21.1
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z006&form=ZGAADF&q="
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/05 23:31:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 23:31:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: e:\Program Files\Mozilla Sunbird\components [2011/02/15 00:10:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: e:\Program Files\Mozilla Sunbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/05/26 22:23:39 | 000,000,000 | ---D | M]

[2011/02/15 00:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian J. Hoag\Application Data\Mozilla\Extensions
[2011/02/15 00:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brian J. Hoag\Application Data\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2011/03/17 21:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian J. Hoag\Application Data\Mozilla\Firefox\Profiles\our833tt.default\extensions
[2010/07/15 22:34:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brian J. Hoag\Application Data\Mozilla\Firefox\Profiles\our833tt.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/30 07:56:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brian J. Hoag\Application Data\Mozilla\Firefox\Profiles\our833tt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/21 00:37:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Brian J. Hoag\Application Data\Mozilla\Firefox\Profiles\our833tt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/13 23:33:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Brian J. Hoag\Application Data\Mozilla\Firefox\Profiles\our833tt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/27 19:32:04 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Brian J. Hoag\Application Data\Mozilla\Firefox\Profiles\our833tt.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2011/03/16 02:00:01 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Brian J. Hoag\Application Data\Mozilla\Firefox\Profiles\our833tt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/03/25 23:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian J. Hoag\Application Data\Mozilla\Firefox\Profiles\our833tt.default\extensions\ctrl-tab@design-noir.de
[2010/10/22 00:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian J. Hoag\Application Data\Mozilla\Firefox\Profiles\our833tt.default\extensions\DeviceDetection@logitech.com
[2010/09/14 07:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian J. Hoag\Application Data\Mozilla\Firefox\Profiles\our833tt.default\extensions\searchtoolbar@zugo.com
[2011/02/15 00:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian J. Hoag\Application Data\Mozilla\Sunbird\Profiles\rza5djh3.default\extensions
[2010/09/14 07:21:32 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Application Data\Mozilla\Firefox\Profiles\our833tt.default\searchplugins\bing-zugo.xml
[2010/01/10 23:59:39 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Application Data\Mozilla\Firefox\Profiles\our833tt.default\searchplugins\daemon-search.xml
[2011/03/17 21:37:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/20 19:50:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/12/28 00:33:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/05 23:34:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/03/28 01:15:06 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol308.dll
[2010/11/28 23:19:25 | 000,466,944 | ---- | M] (Invenda) -- C:\Program Files\Mozilla Firefox\plugins\NPcolPM460.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/02/21 08:24:52 | 000,660,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2005/04/27 15:10:50 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: ([2011/03/05 22:19:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-706699826-1417001333-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-706699826-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-706699826-1417001333-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-796845957-706699826-1417001333-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] F:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro 3.5 Setup[h33t][eSpNs].exe (SurfRight B.V.)
O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTune.exe (NVIDIA)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] E:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-796845957-706699826-1417001333-1003..\Run: [EVEREST AutoStart] E:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe (Lavalys, Inc.)
O4 - HKU\S-1-5-21-796845957-706699826-1417001333-1003..\Run: [OfficeSyncProcess] F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-796845957-706699826-1417001333-1003..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\GEEK SQUAD POWER MANAGEMENT\pppeuser.exe ()
O4 - HKU\S-1-5-21-796845957-706699826-1417001333-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-796845957-706699826-1417001333-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Brian J. Hoag\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = F:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-706699826-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-706699826-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-796845957-706699826-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-796845957-706699826-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-796845957-706699826-1417001333-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-706699826-1417001333-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - F:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-796845957-706699826-1417001333-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-796845957-706699826-1417001333-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Reg Error: Key error.)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Reg Error: Key error.)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Reg Error: Key error.)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (Reg Error: Key error.)
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} https://gw.walmartbenefits.com/nortel_cacheable/iewiper.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} http://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,37 (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - e:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Brian J. Hoag\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brian J. Hoag\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {a5780613-492e-4a2a-a7fd-549610edf6cc} - C:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/19 20:42:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/09 09:12:24 | 000,647,024 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O32 - AutoRun File - [2009/01/09 09:12:24 | 000,540,016 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]
O32 - AutoRun File - [2002/01/13 19:16:22 | 000,000,398 | -HS- | M] () - E:\AUTOEXEC.DOS -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/19 19:39:29 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Brian J. Hoag\Desktop\aswMBR.exe
[2011/03/18 02:26:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Brian J. Hoag\Recent
[2011/03/16 22:32:11 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/03/16 22:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian J. Hoag\Application Data\Malwarebytes
[2011/03/16 22:27:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/16 22:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/16 22:26:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/16 22:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/16 01:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian J. Hoag\Application Data\NVIDIA
[2011/03/16 00:25:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
[2011/03/05 23:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/05 22:06:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/01 00:27:38 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2011/03/01 00:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/02/28 15:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2011/02/27 17:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011/02/27 04:00:22 | 000,229,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\VMM.sys
[2011/02/24 13:52:34 | 000,000,000 | ---D | C] -- C:\Voice Records
[2011/02/22 18:22:02 | 001,004,072 | ---- | C] (Magical Jelly Bean ) -- C:\Documents and Settings\Brian J. Hoag\My Documents\KeyFinderInstaller.exe
[2011/02/21 21:13:55 | 000,000,000 | ---D | C] -- C:\pebuilder3110a
[2011/02/18 21:45:31 | 000,000,000 | ---D | C] -- C:\pdf995
[2011/02/18 21:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian J. Hoag\Application Data\pdf995
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Brian J. Hoag\*.tmp files -> C:\Documents and Settings\Brian J. Hoag\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/19 19:40:15 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\MBR.dat
[2011/03/19 19:39:33 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Brian J. Hoag\Desktop\aswMBR.exe
[2011/03/19 00:12:43 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/03/18 08:50:27 | 004,620,288 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\World War Cheat Sheet v5.9 031811.xls
[2011/03/18 08:07:04 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\Microsoft Excel 2010.lnk
[2011/03/17 23:54:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/17 23:52:25 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\everest_cpl.ini
[2011/03/17 23:51:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/17 23:51:08 | 3219,214,336 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/17 23:26:21 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/03/17 10:38:01 | 000,002,379 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\Microsoft Word 2010.lnk
[2011/03/16 22:27:03 | 011,796,480 | -H-- | M] () -- C:\Documents and Settings\Brian J. Hoag\NTUSER.DAT
[2011/03/16 22:27:01 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebyts AntiMalware.lnk
[2011/03/16 02:02:30 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\HOMEFRONT.url
[2011/03/16 00:35:33 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\Team Fortress 2.url
[2011/03/16 00:31:00 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk
[2011/03/15 21:01:29 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\gmer.zip
[2011/03/15 20:53:45 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\RKUnhookerLE.EXE
[2011/03/15 20:36:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2011/03/15 01:09:52 | 000,018,601 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\Gordmans1.docx
[2011/03/09 01:34:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Brian J. Hoag\ntuser.ini
[2011/03/09 01:31:43 | 004,618,752 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\World War Cheat Sheet v5.9 030811.xls
[2011/03/09 01:19:12 | 004,618,240 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\Copy of World War Cheat Sheet v5.9 030811.xls
[2011/03/09 01:06:34 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/09 01:00:04 | 004,238,336 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\World War Cheat Sheet v5.5 iPod 030811.xls
[2011/03/06 19:53:08 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2011/03/05 23:42:46 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\catchme.exe
[2011/03/05 23:34:18 | 000,439,754 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/05 23:34:17 | 000,517,348 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/03/05 23:34:17 | 000,070,258 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/05 22:19:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/05 22:02:45 | 000,006,574 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\cc_20110305_210242.reg
[2011/03/05 20:29:48 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/05 01:13:50 | 004,184,064 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\World War Cheat Sheet v5.5 030511.xls
[2011/03/05 00:17:49 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Initial Update.job
[2011/02/28 00:45:59 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MOTOROLA MEDIA LINK.lnk
[2011/02/28 00:43:41 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2011/02/28 00:43:40 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2011/02/28 00:43:39 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/02/27 23:44:29 | 000,017,131 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\Open Door Krischelle 2.docx
[2011/02/27 18:10:12 | 000,537,254 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Local Settings\Application Data\census.cache
[2011/02/27 18:09:53 | 000,250,006 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Local Settings\Application Data\ars.cache
[2011/02/27 17:54:52 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2011/02/27 04:00:22 | 000,229,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\VMM.sys
[2011/02/26 12:37:36 | 000,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Macrium Reflect.lnk
[2011/02/25 12:12:23 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\Steam.lnk
[2011/02/24 09:30:49 | 004,185,088 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\World War Cheat Sheet v5.5 022311.xls
[2011/02/23 04:55:54 | 000,259,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/23 04:52:37 | 000,067,360 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2011/02/23 01:20:39 | 000,000,390 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\OTL.lnk
[2011/02/22 18:23:09 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\KeyFinder.lnk
[2011/02/22 18:22:02 | 001,004,072 | ---- | M] (Magical Jelly Bean ) -- C:\Documents and Settings\Brian J. Hoag\My Documents\KeyFinderInstaller.exe
[2011/02/22 17:19:54 | 000,000,466 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\Shortcut to EzGt 2.2.lnk
[2011/02/22 17:19:43 | 000,000,506 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\Shortcut to Modio.lnk
[2011/02/22 01:52:22 | 000,001,830 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Application Data\ImperatorProfile0.dat
[2011/02/21 23:32:24 | 000,054,862 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\cc_20110221_223215.reg
[2011/02/21 21:13:56 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\PE Builder.lnk
[2011/02/19 01:53:38 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/18 22:01:15 | 000,020,939 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\Lifetime discount application001.png
[2011/02/18 22:01:15 | 000,009,446 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\Lifetime discount application.html
[2011/02/18 21:50:34 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
[2011/02/18 21:50:34 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011/02/18 21:40:17 | 000,035,212 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\Lifetime discount application.pdf
[2011/02/18 17:36:58 | 004,184,352 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/02/18 12:30:04 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\Joel - Shortform 6.doc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Brian J. Hoag\*.tmp files -> C:\Documents and Settings\Brian J. Hoag\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/19 19:40:15 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\MBR.dat
[2011/03/18 08:15:49 | 004,620,288 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\World War Cheat Sheet v5.9 031811.xls
[2011/03/16 22:27:01 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebyts AntiMalware.lnk
[2011/03/16 00:35:33 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\Team Fortress 2.url
[2011/03/16 00:34:36 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\HOMEFRONT.url
[2011/03/15 21:01:24 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\gmer.zip
[2011/03/15 20:53:45 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\RKUnhookerLE.EXE
[2011/03/15 00:28:41 | 000,018,601 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\Gordmans1.docx
[2011/03/09 01:31:38 | 004,618,752 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\World War Cheat Sheet v5.9 030811.xls
[2011/03/09 01:19:06 | 004,618,240 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\Copy of World War Cheat Sheet v5.9 030811.xls
[2011/03/09 01:05:58 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/03/09 01:00:02 | 004,238,336 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\World War Cheat Sheet v5.5 iPod 030811.xls
[2011/03/05 23:42:45 | 000,147,456 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\catchme.exe
[2011/03/05 22:02:44 | 000,006,574 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\cc_20110305_210242.reg
[2011/03/05 20:29:48 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/05 01:04:49 | 004,184,064 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\World War Cheat Sheet v5.5 030511.xls
[2011/03/05 00:17:49 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper Initial Update.job
[2011/02/28 00:43:41 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2011/02/28 00:43:40 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2011/02/28 00:43:39 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/02/27 23:44:29 | 000,017,131 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\Open Door Krischelle 2.docx
[2011/02/27 18:10:12 | 000,537,254 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\Local Settings\Application Data\census.cache
[2011/02/27 18:09:53 | 000,250,006 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\Local Settings\Application Data\ars.cache
[2011/02/27 17:54:52 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1
[2011/02/24 09:30:46 | 004,185,088 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\World War Cheat Sheet v5.5 022311.xls
[2011/02/23 01:30:08 | 000,169,472 | ---- | C] () -- C:\WINDOWS\System32\crnxmon.dll
[2011/02/23 01:30:08 | 000,131,584 | ---- | C] () -- C:\WINDOWS\System32\crnxutil.dll
[2011/02/23 01:30:08 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\mqisnmp.dll
[2011/02/23 01:30:08 | 000,058,928 | ---- | C] () -- C:\WINDOWS\System32\crnsnmp.dll
[2011/02/23 01:30:08 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\crnutil.dll
[2011/02/23 01:30:08 | 000,019,651 | ---- | C] () -- C:\WINDOWS\crnxmon.hlp
[2011/02/23 01:20:39 | 000,000,390 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\OTL.lnk
[2011/02/22 18:23:09 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\KeyFinder.lnk
[2011/02/22 17:19:54 | 000,000,466 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\Shortcut to EzGt 2.2.lnk
[2011/02/22 17:19:43 | 000,000,506 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\Shortcut to Modio.lnk
[2011/02/21 23:32:20 | 000,054,862 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\cc_20110221_223215.reg
[2011/02/21 21:13:56 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\Desktop\PE Builder.lnk
[2011/02/18 21:57:10 | 000,020,939 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\Lifetime discount application001.png
[2011/02/18 21:57:09 | 000,009,446 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\Lifetime discount application.html
[2011/02/18 21:41:42 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2011/02/18 21:40:19 | 000,035,212 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\Lifetime discount application.pdf
[2011/02/18 12:30:07 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Brian J. Hoag\My Documents\Joel - Shortform 6.doc
[2011/01/24 02:13:11 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/01/14 23:08:52 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/05/24 14:33:00 | 004,670,829 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/05/24 14:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/05/24 14:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/05/24 14:33:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/05/24 14:33:00 | 000,810,113 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/24 14:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/05/24 14:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/05/24 14:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/05/24 14:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/05/24 14:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/05/24 14:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/05/24 14:33:00 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/05/24 14:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/05/24 14:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/05/24 14:33:00 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/24 14:33:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/05/24 14:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/05/19 15:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/05/19 15:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2010/05/19 15:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/05/19 15:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/05/19 15:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/05/19 15:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/05/19 15:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2010/05/19 15:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/05/19 15:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/05/19 15:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/10/16 23:08:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/11 21:43:17 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\everest_cpl.ini
[2009/10/04 21:42:56 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009/09/29 22:37:03 | 000,000,318 | ---- | C] () -- C:\WINDOWS\_delis43.ini
[2009/09/29 22:19:13 | 000,138,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/09/26 22:38:15 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2009/09/26 22:37:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009/09/26 22:37:30 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009/09/26 22:37:30 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2009/09/26 22:37:27 | 000,043,517 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2009/09/26 22:37:15 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2009/09/26 22:37:03 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/09/26 22:36:38 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2009/09/26 22:36:37 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2009/09/26 01:11:57 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\XMLParser.dll
[2009/09/26 01:11:33 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Transport.dll
[2009/09/26 01:11:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2009/09/26 01:11:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2009/09/26 01:11:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2009/09/26 01:11:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2009/09/26 01:11:10 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/09/26 01:10:41 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2009/09/26 01:10:32 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2009/09/26 01:10:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2009/09/26 01:10:32 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2009/09/26 01:10:32 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2009/09/26 01:10:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2009/09/26 01:10:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2009/09/26 01:10:30 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2009/09/26 01:10:23 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\InTouchCOMClient.dll
[2009/09/26 01:10:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\InTouchViewer.dll
[2009/09/26 01:10:13 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009/09/26 01:09:59 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\dbsock.dll
[2009/09/26 01:09:45 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2009/09/26 01:09:41 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/09/26 01:09:41 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/09/26 01:09:41 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/09/26 01:09:41 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/09/26 01:09:41 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/09/26 01:09:41 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/09/26 01:09:41 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/09/26 01:09:41 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/09/26 01:09:41 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/09/25 17:20:28 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/09/23 23:58:18 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/09/22 18:32:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/20 15:53:03 | 000,280,064 | ---- | C] () -- C:\WINDOWS\System32\Fgwvb32.dll
[2009/08/29 21:37:42 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/07 11:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/15 15:04:38 | 000,104,520 | ---- | C] () -- C:\WINDOWS\System32\OSD.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2005/05/24 15:02:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MSHRES_U.DLL
[2005/05/10 16:45:00 | 000,033,878 | ---- | C] () -- C:\WINDOWS\MSTMON_U.INI
[2005/04/29 16:14:00 | 000,020,436 | ---- | C] () -- C:\WINDOWS\MSUMLT_U.INI
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


---------------------------


OTL Extras logfile created on: 3/19/2011 7:47:27 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 123.95 Gb Total Space | 84.78 Gb Free Space | 68.40% Space Free | Partition Type: NTFS
Drive D: | 112.30 Gb Total Space | 84.22 Gb Free Space | 74.99% Space Free | Partition Type: NTFS
Drive E: | 112.30 Gb Total Space | 102.97 Gb Free Space | 91.69% Space Free | Partition Type: NTFS
Drive F: | 117.20 Gb Total Space | 115.44 Gb Free Space | 98.50% Space Free | Partition Type: NTFS
Drive G: | 115.24 Gb Total Space | 95.84 Gb Free Space | 83.17% Space Free | Partition Type: NTFS
Drive H: | 115.24 Gb Total Space | 82.92 Gb Free Space | 71.96% Space Free | Partition Type: NTFS
Drive I: | 115.24 Gb Total Space | 30.75 Gb Free Space | 26.69% Space Free | Partition Type: NTFS
Drive J: | 120.05 Gb Total Space | 116.21 Gb Free Space | 96.80% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 202.44 Gb Free Space | 21.73% Space Free | Partition Type: NTFS
Drive L: | 69.24 Gb Total Space | 69.05 Gb Free Space | 99.73% Space Free | Partition Type: NTFS

Computer Name: 900ASSKICKER
Current User Name: Brian J. Hoag
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-796845957-706699826-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "E:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"12345:TCP" = 12345:TCP:*:Enabled:Motorola Helper
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"E:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\RpcAgentSrv.exe" = E:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"I:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = I:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"I:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = I:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"E:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = E:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"E:\Program Files\FrostWire\FrostWire.exe" = E:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"I:\Program Files\Steam\steamapps\common\call of duty black ops rcon\BlackOpsRcon.exe" = I:\Program Files\Steam\steamapps\common\call of duty black ops rcon\BlackOpsRcon.exe:*:Enabled:Call of Duty Black Ops - Remote Console -- (Treyarch)
"E:\Program Files\Vuze\Azureus.exe" = E:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"F:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = F:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"F:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = F:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"F:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = F:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"I:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe" = I:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe:*:Enabled:Call of Duty: Black Ops - Multiplayer -- ()
"I:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOps.exe" = I:\Program Files\Steam\steamapps\common\call of duty black ops\BlackOps.exe:*:Enabled:Call of Duty: Black Ops -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"I:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = I:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"I:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = I:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"I:\Program Files\Steam\steamapps\common\homefront\Binaries\HOMEFRONT.exe" = I:\Program Files\Steam\steamapps\common\homefront\Binaries\HOMEFRONT.exe:*:Enabled:HOMEFRONT -- (Kaos Studios)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02C02368-FF6B-4F10-B2F1-7B3E2A4D719A}" = H&R Block Iowa 2010
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{11405EC0-9E33-4ED0-9718-F3DBD4E2BF75}" = Migo Digital Backup 3 Premium
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4218F0E1-CBAF-4D68-B6FE-B3504770829F}" = AutoStreamer
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F0E80D3-AAAD-4C30-AB1E-CDD45A9A0917}" = Saitek SD6 Programming Software 6.7.5.2
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C593C70-EFB9-4103-8328-C774698F72EF}" = Mototools Software Update
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{768A94B4-5FD7-487E-DE3E-7C7516E3C6A9}" = MP3 Download Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FD0AC90-1268-4A53-977E-E8E90D10EF6A}" = Crown Print Monitor+
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92150379-3141-46DF-AE5F-5C3B83C0854C}" = Moto Helper Service
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1E1A376-49D4-4960-8599-D5D26A4C2E7B}" = Razer Imperator
"{A1EFAC47-885A-4E74-AAA4-8B56B71B706A}" = Garmin City Navigator North America NT 2010.40
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A8DF1374-7E6B-448A-87BB-2DCE71874F2B}" = Macrium Reflect - Free Edition
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{B0625F16-B742-4F75-9FD8-20B47ACC7DE2}" = ACDSee 7.0 PowerPack
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B9D0551E-FF9C-4E86-A3F6-8FFD83C57D29}" = H&R Block Iowa 2009
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7C7C686-8479-4173-9570-F4B350D91B37}" = Motorola Mobile Drivers Installation 4.9.0
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CCD04643-5246-48AC-9D8C-F43A37BB8F36}" = WD Drive Manager (x86)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9292112-253F-438D-B1AB-432E5A1FE1B5}" = Imperator Firmware Updater 1.13
"{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EFA800BF-C5C8-46D1-B49D-13920D05417C}" = ESET NOD32 Antivirus
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FDF64A37-4842-48CD-A424-2C38444D36FD}" = LG Android Drivers
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4249-7808-9389-3199" = Verizon Wireless Download Manager 2.2.6-SNAPSHOT-r10832
"8461-7759-5462-8226" = Vuze
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"com.verizon.mediastore.vzwdownloadmanager.BEEF85639ECFAE88C004EA3A5F976EE5386C7526.1" = MP3 Download Manager
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"CS_Fire_Monitor" = CS Fire Monitor 3.0.1
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02
"Fences" = Fences
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Fraps" = Fraps (remove only)
"FrostWire" = FrostWire 4.21.3
"HD Tach_is1" = HD Tach version 3
"Hide Your IP Address_is1" = Hide Your IP Address
"HijackThis" = HijackThis 2.0.2
"HitmanPro35" = Hitman Pro 3.5
"ImgBurn" = ImgBurn
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"IsoBuster_is1" = IsoBuster 2.8
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"KONICA MINOLTA magicolor 2430DL" = KONICA MINOLTA magicolor 2430DL
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.6
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotoHelper" = MotoHelper 2.0.44 Driver 4.9.0
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MXOFX" = USB Storage Adapter FX (MXO)
"Norton Speed Disk" = Norton Speed Disk 6.0 for Windows NT
"Norton Utilities" = Norton Utilities 2002 for Windows
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"PE Builder_is1" = PE Builder 3.1.10a
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.91
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SP6" = Logitech SetPoint 6.15
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Steam App 55100" = HOMEFRONT
"Verizon V CAST Media Manager" = Verizon V CAST Media Manager
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"winusb0100" = Microsoft WinUsb 1.0
"xqdcXSP_is1" = XQDC X-Setup Pro 9.2.100
"ZoneAlarm Pro" = ZoneAlarm Pro

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/18/2011 12:17:05 AM | Computer Name = 900ASSKICKER | Source = Application Hang | ID = 1002
Description = Hanging application HOMEFRONT.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/18/2011 12:17:17 AM | Computer Name = 900ASSKICKER | Source = Application Hang | ID = 1002
Description = Hanging application HOMEFRONT.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/18/2011 12:17:44 AM | Computer Name = 900ASSKICKER | Source = Application Hang | ID = 1002
Description = Hanging application HOMEFRONT.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/18/2011 12:19:14 AM | Computer Name = 900ASSKICKER | Source = Application Hang | ID = 1002
Description = Hanging application HOMEFRONT.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/18/2011 12:19:17 AM | Computer Name = 900ASSKICKER | Source = Application Hang | ID = 1001
Description = Fault bucket -2106448543.

Error - 3/18/2011 12:19:44 AM | Computer Name = 900ASSKICKER | Source = Application Hang | ID = 1002
Description = Hanging application HOMEFRONT.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/18/2011 12:19:48 AM | Computer Name = 900ASSKICKER | Source = Application Hang | ID = 1001
Description = Fault bucket -2106448543.

Error - 3/18/2011 12:24:06 AM | Computer Name = 900ASSKICKER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 3/18/2011 12:24:31 AM | Computer Name = 900ASSKICKER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 3/18/2011 12:52:37 AM | Computer Name = 900ASSKICKER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ Application Events ]
Error - 3/18/2011 12:17:05 AM | Computer Name = 900ASSKICKER | Source = Application Hang | ID = 1002
Description = Hanging application HOMEFRONT.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/18/2011 12:17:17 AM | Computer Name = 900ASSKICKER | Source = Application Hang | ID = 1002
Description = Hanging application HOMEFRONT.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/18/2011 12:17:44 AM | Computer Name = 900ASSKICKER | Source = Application Hang | ID = 1002
Description = Hanging application HOMEFRONT.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/18/2011 12:19:14 AM | Computer Name = 900ASSKICKER | Source = Application Hang | ID = 1002
Description = Hanging application HOMEFRONT.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/18/2011 12:19:17 AM | Computer Name = 900ASSKICKER | Source = Application Hang | ID = 1001
Description = Fault bucket -2106448543.

Error - 3/18/2011 12:19:44 AM | Computer Name = 900ASSKICKER | Source = Application Hang | ID = 1002
Description = Hanging application HOMEFRONT.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/18/2011 12:19:48 AM | Computer Name = 900ASSKICKER | Source = Application Hang | ID = 1001
Description = Fault bucket -2106448543.

Error - 3/18/2011 12:24:06 AM | Computer Name = 900ASSKICKER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 3/18/2011 12:24:31 AM | Computer Name = 900ASSKICKER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 3/18/2011 12:52:37 AM | Computer Name = 900ASSKICKER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ System Events ]
Error - 3/15/2011 7:56:12 AM | Computer Name = 900ASSKICKER | Source = Service Control Manager | ID = 7003
Description = The Remote Access Connection Manager service depends on the following
nonexistent service: Tapisrv

Error - 3/15/2011 7:56:12 AM | Computer Name = 900ASSKICKER | Source = Service Control Manager | ID = 7003
Description = The Remote Access Connection Manager service depends on the following
nonexistent service: Tapisrv

Error - 3/15/2011 7:56:12 AM | Computer Name = 900ASSKICKER | Source = Service Control Manager | ID = 7003
Description = The Remote Access Connection Manager service depends on the following
nonexistent service: Tapisrv

Error - 3/15/2011 7:56:12 AM | Computer Name = 900ASSKICKER | Source = Service Control Manager | ID = 7003
Description = The Remote Access Connection Manager service depends on the following
nonexistent service: Tapisrv

Error - 3/15/2011 7:56:12 AM | Computer Name = 900ASSKICKER | Source = Service Control Manager | ID = 7003
Description = The Remote Access Connection Manager service depends on the following
nonexistent service: Tapisrv

Error - 3/15/2011 7:56:12 AM | Computer Name = 900ASSKICKER | Source = Service Control Manager | ID = 7003
Description = The Remote Access Connection Manager service depends on the following
nonexistent service: Tapisrv

Error - 3/15/2011 7:56:12 AM | Computer Name = 900ASSKICKER | Source = Service Control Manager | ID = 7003
Description = The Remote Access Connection Manager service depends on the following
nonexistent service: Tapisrv

Error - 3/15/2011 7:56:12 AM | Computer Name = 900ASSKICKER | Source = Service Control Manager | ID = 7003
Description = The Remote Access Connection Manager service depends on the following
nonexistent service: Tapisrv

Error - 3/15/2011 7:56:12 AM | Computer Name = 900ASSKICKER | Source = Service Control Manager | ID = 7003
Description = The Remote Access Connection Manager service depends on the following
nonexistent service: Tapisrv

Error - 3/15/2011 7:56:12 AM | Computer Name = 900ASSKICKER | Source = Service Control Manager | ID = 7003
Description = The Remote Access Connection Manager service depends on the following
nonexistent service: Tapisrv


< End of report >

Edited by SweetTech, 20 March 2011 - 08:23 AM.
expanded OTL logs.-ST


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:08 PM

Posted 20 March 2011 - 08:28 AM

Howdy hemicharg3r!

How are you doing today?


I know there isn't a cure-all but do you have other recommendations on what to run instead of those? Thanks.

That is correct. There is no cure-all for preventing malware. The best way to prevent becoming infected is by safe browsing.

I will provide my recommendations for how to prevent becoming re-infected in my all clean speech.

It looks like ComboFix was run on this computer.

I'd like to see that log file from it. It can be found at C:\ComboFix.txt
____________________________________________________

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    IE - HKU\S-1-5-21-796845957-706699826-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
    FF - prefs.js..network.proxy.http_port: 8080
    FF - prefs.js..network.proxy.no_proxies_on: ""
    FF - prefs.js..network.proxy.type: 0
    FF - user.js..network.proxy.type: 0
    FF - user.js..network.proxy.http: ""
    FF - user.js..network.proxy.http_port: 
    FF - user.js..network.proxy.no_proxies_on: ""
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found.
    O3 - HKU\S-1-5-21-796845957-706699826-1417001333-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-796845957-706699826-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Reg Error: Key error.)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Reg Error: Key error.)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (Reg Error: Key error.)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Reg Error: Key error.)
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Reg Error: Key error.)
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Reg Error: Key error.)
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab (Reg Error: Key error.)
    O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (Reg Error: Key error.)
    O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} https://gw.walmartbenefits.com/nortel_cacheable/iewiper.cab (Reg Error: Key error.)
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (Reg Error: Key error.)
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} http://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,37 (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB (Reg Error: Key error.)
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2011/02/27 17:54:52 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Brian J. Hoag\*.tmp files -> C:\Documents and Settings\Brian J. Hoag\*.tmp -> ]
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:08 PM

Posted 23 March 2011 - 11:03 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users