One of our employees downloaded a virus by way of an email attachment. Initially the virus launched multiple fake antivirus notices, "questionable" web sites, blocked internet explorer, blocked the installation of alternet antivirus applications, etc. Through a series of processes learned here at GeeksToGo (thank you!) I was finally able to install and run SuperAntiSpyware and MalwareBytes Anti-Malware. Several trojans and some malware/adware were removed--sorry, I did not copy down the names. Things seem to be better but since it was so hard to clean, I'm wondering if I got it all. Could someone take a look at the OTL log below and tell me if anything still looks suspicious?
Thank you so much for your time!
OTL logfile created on: 11/15/2010 2:30:23 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\jhanson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 78.77 Gb Free Space | 70.47% Space Free | Partition Type: NTFS
Drive H: | 931.52 Gb Total Space | 649.65 Gb Free Space | 69.74% Space Free | Partition Type: NTFS
Drive I: | 931.52 Gb Total Space | 649.65 Gb Free Space | 69.74% Space Free | Partition Type: NTFS
Drive K: | 931.52 Gb Total Space | 649.65 Gb Free Space | 69.74% Space Free | Partition Type: NTFS
Computer Name: 57045265H | User Name: jhanson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010/11/15 14:05:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jhanson\Desktop\OTL.exe
PRC - [2010/10/25 13:46:59 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/30 12:22:18 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/09/23 15:44:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2009/12/03 11:29:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/05/08 17:49:20 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
PRC - [2008/11/18 15:37:44 | 000,882,048 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2008/11/14 14:57:00 | 001,069,688 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2008/11/14 14:55:12 | 000,918,824 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2008/11/05 13:58:16 | 000,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
PRC - [2008/11/05 13:58:00 | 000,492,888 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 22:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2006/12/13 06:12:00 | 000,173,600 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
PRC - [2006/12/13 05:56:00 | 000,656,928 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Infineon\Security Platform Software\SpTNA.exe
PRC - [2006/11/13 14:11:00 | 000,136,736 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
PRC - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/05/05 17:39:54 | 000,046,592 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2006/04/24 19:54:04 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2006/04/24 18:09:22 | 000,253,952 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2006/04/24 15:20:56 | 001,448,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
PRC - [2006/04/10 18:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2006/04/07 17:36:46 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/04/07 16:37:32 | 001,773,568 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006/03/23 13:17:42 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2006/01/27 18:17:50 | 000,221,184 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2005/12/20 12:46:20 | 000,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2005/11/29 20:45:36 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2005/05/17 11:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
========== Modules (SafeList) ==========
MOD - [2010/11/15 14:05:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jhanson\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/09/30 12:22:18 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/09/23 15:44:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2009/12/03 11:29:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/14 14:57:00 | 001,069,688 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2008/11/14 14:55:12 | 000,918,824 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2008/11/05 13:58:16 | 000,677,128 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2008/11/05 13:58:00 | 000,492,888 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2006/11/13 14:11:00 | 000,136,736 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/12/20 12:46:20 | 000,176,128 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
========== Driver Services (SafeList) ==========
DRV - [2010/09/30 12:22:09 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/07/05 14:19:50 | 000,154,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/04 15:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmxpflt.sys -- (TmFilter)
DRV - [2009/12/04 15:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2009/12/04 15:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\vsapint.sys -- (VSApiNt)
DRV - [2008/12/05 07:58:48 | 000,241,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/21 17:50:42 | 000,334,352 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2008/07/21 17:50:28 | 000,080,400 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/04 01:14:06 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2006/12/13 01:34:22 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/09/19 20:28:00 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/07/25 18:39:32 | 001,707,776 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/05/09 17:27:24 | 004,273,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/05 18:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/05/05 17:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/05/05 17:43:38 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/05/05 17:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2006/04/13 20:00:28 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/03/16 10:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 10:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006/02/24 01:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/10 11:17:46 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/02/08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/12/26 14:33:26 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2005/09/09 14:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/12/27 23:31:50 | 000,016,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fedscoop.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [OE] C:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\jhanson\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\jhanson\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\install\crssr.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\install\crssr.exe File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1258654180562 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.23.150.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CWcentral.com
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/19 10:46:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/15 14:26:31 | 000,000,000 | R-SD | C] -- H:\OfflineSync\My Safe
[2010/11/15 14:05:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jhanson\Desktop\OTL.exe
[2010/11/15 13:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jhanson\Application Data\Malwarebytes
[2010/11/15 13:23:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/15 13:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/15 13:23:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/15 13:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/15 10:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jhanson\Application Data\SUPERAntiSpyware.com
[2010/11/15 10:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/11/15 10:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/12 12:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/12 12:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/11 11:26:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\install
[2010/10/21 15:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jhanson\Local Settings\Application Data\Help
[2010/10/21 15:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jhanson\Application Data\Help
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 H:\OfflineSync\*.tmp files -> H:\OfflineSync\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/11/15 14:27:51 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2010/11/15 14:24:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/15 14:24:11 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1BDA0E8E-E8D9-4DAE-B888-E4EA19B5663F}.job
[2010/11/15 14:24:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/15 14:05:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jhanson\Desktop\OTL.exe
[2010/11/15 13:47:44 | 000,013,161 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2010/11/15 13:23:05 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/15 13:16:38 | 000,081,474 | -H-- | M] () -- C:\Documents and Settings\jhanson\Application Data\jhansonlog.dat
[2010/11/15 13:01:03 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/15 10:33:25 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/12 07:30:24 | 000,033,511 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\team_kristin_lg.jpg
[2010/11/12 07:26:49 | 000,024,032 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\team_dustee_lg.jpg
[2010/11/11 11:26:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jhanson\Application Data\chrtmp
[2010/11/10 10:36:13 | 000,031,081 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Jack Holt - AFCEA Bethesda Senior Government Executive Dinner.jpg
[2010/11/08 12:53:51 | 001,047,552 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Law Enforcement IT Spending Priorities 2010 - Kevin Plexico, INPUT.ppt
[2010/11/08 12:52:45 | 002,434,106 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Safeguarding the Nation through Secure IT Border Initiatives - Kirit Amin, DOS.pptx
[2010/11/07 12:53:11 | 000,465,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 12:53:10 | 000,079,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/04 16:27:09 | 000,015,060 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Week 9 Lines.xlsx
[2010/11/03 09:28:22 | 001,623,755 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Fusion_Center_Program_Overview 11032010--Final1.pptx
[2010/10/31 17:45:31 | 000,072,476 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Halloween.jpg
[2010/10/30 13:51:03 | 000,015,200 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Week 8 Lines - 2010 Pick 8 REVISED.xlsx
[2010/10/30 13:48:15 | 000,015,198 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Week 8 Lines - 2010 Pick 8.xlsx
[2010/10/26 07:26:04 | 000,099,580 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Hallway.jpg
[2010/10/26 07:23:10 | 000,041,176 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Registration.jpg
[2010/10/24 18:12:36 | 000,037,825 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Jules and James - ahhh.jpg
[2010/10/24 16:09:02 | 000,015,205 | ---- | M] () -- C:\Documents and Settings\jhanson\Desktop\Week 7 Lines - 2010 Pick 7.xlsx
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 H:\OfflineSync\*.tmp files -> H:\OfflineSync\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/11/15 13:23:05 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/15 10:33:25 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/12 07:30:33 | 000,033,511 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\team_kristin_lg.jpg
[2010/11/12 07:26:59 | 000,024,032 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\team_dustee_lg.jpg
[2010/11/11 11:26:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jhanson\Application Data\chrtmp
[2010/11/10 10:40:13 | 000,031,081 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Jack Holt - AFCEA Bethesda Senior Government Executive Dinner.jpg
[2010/11/04 16:22:23 | 000,015,060 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Week 9 Lines.xlsx
[2010/11/03 10:52:29 | 001,623,755 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Fusion_Center_Program_Overview 11032010--Final1.pptx
[2010/11/03 10:48:23 | 001,047,552 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Law Enforcement IT Spending Priorities 2010 - Kevin Plexico, INPUT.ppt
[2010/11/02 21:29:54 | 002,434,106 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Safeguarding the Nation through Secure IT Border Initiatives - Kirit Amin, DOS.pptx
[2010/10/31 17:45:53 | 000,072,476 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Halloween.jpg
[2010/10/30 13:51:02 | 000,015,200 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Week 8 Lines - 2010 Pick 8 REVISED.xlsx
[2010/10/30 13:48:14 | 000,015,198 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Week 8 Lines - 2010 Pick 8.xlsx
[2010/10/26 07:26:21 | 000,099,580 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Hallway.jpg
[2010/10/26 07:23:38 | 000,041,176 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Registration.jpg
[2010/10/24 18:12:55 | 000,037,825 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Jules and James - ahhh.jpg
[2010/10/21 13:10:22 | 000,015,205 | ---- | C] () -- C:\Documents and Settings\jhanson\Desktop\Week 7 Lines - 2010 Pick 7.xlsx
[2009/11/23 14:20:11 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\jhanson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/23 13:39:00 | 000,013,161 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009/11/19 13:41:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/19 12:27:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/11/19 11:32:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/11/19 05:31:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/04/07 21:16:43 | 000,081,474 | -H-- | C] () -- C:\Documents and Settings\jhanson\Application Data\jhansonlog.dat
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
========== LOP Check ==========
[2009/11/19 11:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2009/11/23 13:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/11/15 14:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhanson\Application Data\Dropbox
[2010/02/21 21:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhanson\Application Data\Facebook
[2009/11/23 13:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhanson\Application Data\Infineon
[2009/11/23 13:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhanson\Application Data\Protector Suite
[2010/06/23 11:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhanson\Application Data\TechWizard
[2010/03/11 17:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhanson\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009/11/23 13:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhanson\Application Data\Windows Desktop Search
[2010/03/04 07:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jhanson\Application Data\Windows Search
[2010/11/15 14:24:11 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1BDA0E8E-E8D9-4DAE-B888-E4EA19B5663F}.job
========== Purity Check ==========
< End of report >