Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rootkit Removal Please help

Started by geogoon , Mar 31 2011 10:40 AM

  • Please log in to reply

#1
geogoon
Posted 31 March 2011 - 10:40 AM

geogoon

    New Member

  • Member
  • Pip
  • 3 posts
So according to Hitman Pro I have 2 rootkits that I would really like to delete. The program "Eraser" isn't even able to delete the source file. When I startup in safemode and run Hitman Pro I can delete the files but when I return to windows and run Hitman Pro they are back again. This tells me that they are infecting other files which means that it is probably not as simple a fix as I had thought. I don't have any symptoms other than the Hitman Pro tells me they are there. I really don't want something hiding in my computer ravaging through information. Attached is the OTL log for you guys.

If you have any info for me lemme know.

Thanks
Pat
  • 0

Advertisements

#2
geogoon
Posted 31 March 2011 - 11:35 AM

geogoon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
OTL logfile created on: 3/31/2011 4:44:46 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = Z:\Software\Anti Virus
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 81.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 16.41 Gb Free Space | 29.40% Space Free | Partition Type: NTFS
Drive Z: | 2793.84 Gb Total Space | 891.87 Gb Free Space | 31.92% Space Free | Partition Type: NTFS

Computer Name: [bleep]OFF-PC | User Name: [bleep]OFF | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/31 04:42:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- Z:\Software\Anti Virus\OTL.exe
PRC - [2011/03/31 04:35:45 | 000,016,384 | ---- | M] () -- C:\Users\[bleep]OFF\AppData\Roaming\Xbox.360.live.code.generator.exe
PRC - [2011/03/26 23:37:03 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/03/25 02:54:33 | 000,888,832 | ---- | M] () -- C:\Users\[bleep]OFF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xbox.360.live.code.generator.exe
PRC - [2011/03/20 09:58:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
PRC - [2011/03/20 09:58:50 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
PRC - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- Z:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/09/15 21:39:24 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\DNA\btdna.exe
PRC - [2010/07/06 12:30:48 | 000,240,480 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
PRC - [2010/07/01 05:45:02 | 000,136,616 | ---- | M] () -- Z:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
PRC - [2009/07/30 19:10:04 | 000,380,928 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2011/03/31 04:42:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- Z:\Software\Anti Virus\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/25 21:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/01 15:22:58 | 000,063,488 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\SysNative\ATKFUSService.exe -- (ATKFUSService)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/05/06 12:56:08 | 002,601,848 | ---- | M] (RealVNC Ltd.) [On_Demand | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2011/03/26 23:37:03 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- Z:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/07/01 05:45:02 | 000,136,616 | ---- | M] () [Auto | Running] -- Z:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/20 19:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/25 23:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/25 21:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/17 07:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/03/17 05:24:00 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/11/10 19:11:32 | 000,234,040 | R--- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/17 19:22:22 | 000,039,424 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV:64bit: - [2009/02/17 19:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2009/01/29 17:58:03 | 000,030,888 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/01/26 13:57:52 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/05/06 11:43:36 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/07/01 05:44:34 | 000,052,352 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- Z:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 43 81 D7 F2 54 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBLN&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/09/15 23:31:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/15 23:31:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/05 19:09:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/25 13:52:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/03/20 09:58:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins

[2010/09/15 12:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[bleep]OFF\AppData\Roaming\Mozilla\Extensions
[2011/03/27 10:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[bleep]OFF\AppData\Roaming\Mozilla\Firefox\Profiles\ty2xw3o9.default\extensions
[2011/03/23 16:51:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\[bleep]OFF\AppData\Roaming\Mozilla\Firefox\Profiles\ty2xw3o9.default\extensions\[email protected]
[2011/01/20 11:52:00 | 000,001,919 | ---- | M] () -- C:\Users\[bleep]OFF\AppData\Roaming\Mozilla\Firefox\Profiles\ty2xw3o9.default\searchplugins\bing-zugo.xml
[2010/09/15 23:42:58 | 000,001,832 | ---- | M] () -- C:\Users\[bleep]OFF\AppData\Roaming\Mozilla\Firefox\Profiles\ty2xw3o9.default\searchplugins\bing.xml
[2011/03/26 16:46:27 | 000,001,189 | ---- | M] () -- C:\Users\[bleep]OFF\AppData\Roaming\Mozilla\Firefox\Profiles\ty2xw3o9.default\searchplugins\scroogle.xml
[2011/03/06 19:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/14 19:39:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/24 13:37:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/25 04:06:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\[bleep]OFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TY2XW3O9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/23 22:40:57 | 000,431,482 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14850 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O4:64bit: - HKLM..\Run: [Eraser] Z:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] Z:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [printers] C:\Users\[bleep]OFF\AppData\Roaming\WinDef.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Core Temp] C:\Program Files\CoreTemp\Core Temp.exe ()
O4 - HKCU..\Run: [printers] C:\Users\[bleep]OFF\AppData\Roaming\WinDef.exe ()
O4 - Startup: C:\Users\[bleep]OFF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dllhost.dll ()
O4 - Startup: C:\Users\[bleep]OFF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xbox.360.live.code.generator.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: printers = C:\Users\[bleep]OFF\AppData\Roaming\WinDef.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cf57eccc-2a5f-11e0-af0b-20cf3021420b}\Shell - "" = AutoRun
O33 - MountPoints2\{cf57eccc-2a5f-11e0-af0b-20cf3021420b}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Launch.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/31 04:18:25 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\AppData\Local\Eraser 6
[2011/03/31 02:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/03/31 02:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/03/31 02:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/03/30 03:29:24 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\jwalk_cache
[2011/03/28 21:04:25 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\AppData\Local\{6425C812-5FB8-41CE-B15F-997F80150000}
[2011/03/26 23:37:02 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\AppData\Roaming\PunkBuster
[2011/03/26 03:14:39 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\Documents\DeductionPro
[2011/03/26 00:03:34 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\Desktop\USGS Paperwork
[2011/03/26 00:03:33 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\Desktop\Paper
[2011/03/25 14:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Editor
[2011/03/25 14:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF IFilter
[2011/03/25 13:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2011/03/25 13:23:32 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\AppData\Roaming\pdf995
[2011/03/25 13:11:25 | 000,320,512 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\pdfmona64.dll
[2011/03/25 13:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software995
[2011/03/25 13:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\pdf995
[2011/03/25 13:11:25 | 000,000,000 | ---D | C] -- C:\pdf995
[2011/03/25 11:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxCut 2008
[2011/03/25 11:02:27 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\Documents\TaxCut
[2011/03/25 08:28:30 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\AppData\Roaming\TaxCut
[2011/03/25 08:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeductionPro 2009
[2011/03/25 08:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2009
[2011/03/25 08:26:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF995
[2011/03/25 08:26:26 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\Documents\HRBlock
[2011/03/25 08:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TaxCut
[2011/03/25 04:20:07 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\Desktop\Phone Pictures
[2011/03/24 22:50:51 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\Documents\bitpim
[2011/03/24 22:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitPim
[2011/03/24 20:14:21 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\Desktop\Roms-Emulators sized for Emailing
[2011/03/24 18:59:31 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\Desktop\PCSX2 plugins
[2011/03/24 09:40:32 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\Desktop\PCSX2 bios
[2011/03/24 09:37:48 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\AppData\Local\PCSX2
[2011/03/24 09:36:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/03/24 09:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
[2011/03/09 17:02:01 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\AppData\Local\id Software
[2011/03/09 16:52:26 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2011/03/09 12:47:39 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/03/05 19:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12
[2011/03/03 22:34:02 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\AppData\Local\AOL
[2011/03/03 22:34:02 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\AppData\Local\AIM
[2011/03/03 22:34:02 | 000,000,000 | ---D | C] -- C:\Users\[bleep]OFF\AppData\Roaming\acccore
[2011/03/03 22:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2011/03/03 22:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/03/03 22:33:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2011/03/03 22:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011/03/03 22:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\[bleep]OFF\Desktop\*.tmp files -> C:\Users\[bleep]OFF\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/31 04:42:46 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/31 04:42:46 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/31 04:39:54 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/31 04:39:54 | 000,632,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/31 04:39:54 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/31 04:36:46 | 000,074,975 | ---- | M] () -- C:\Users\[bleep]OFF\AppData\Roaming\data.dat
[2011/03/31 04:35:55 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/03/31 04:35:45 | 000,016,384 | ---- | M] () -- C:\Users\[bleep]OFF\AppData\Roaming\Xbox.360.live.code.generator.exe
[2011/03/31 04:35:45 | 000,016,384 | ---- | M] () -- C:\Users\[bleep]OFF\AppData\Roaming\WinDef.exe
[2011/03/31 04:35:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/31 04:35:37 | 2133,921,791 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/31 04:29:15 | 000,000,166 | ---- | M] () -- C:\Windows\SysNative\bootdelete.lst
[2011/03/31 04:23:46 | 000,002,680 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2011/03/31 03:49:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-727743233-1957652227-2396796851-1000UA.job
[2011/03/31 03:49:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-727743233-1957652227-2396796851-1000Core.job
[2011/03/31 03:25:15 | 000,001,557 | ---- | M] () -- C:\Users\Public\Desktop\Eraser.lnk
[2011/03/31 03:24:04 | 000,000,149 | -HS- | M] () -- C:\Windows\E88D4.exe
[2011/03/31 02:50:07 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/03/27 10:17:42 | 000,013,824 | -H-- | M] () -- C:\Users\[bleep]OFF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dllhost.dll
[2011/03/27 10:17:39 | 000,417,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/03/26 23:37:04 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/26 23:37:03 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/03/25 18:53:40 | 003,000,619 | ---- | M] () -- C:\Users\[bleep]OFF\Desktop\Allwardt 07 curvature sheep mtn.pdf
[2011/03/25 18:04:54 | 000,436,361 | ---- | M] () -- C:\Users\[bleep]OFF\Documents\Advising Report.pdf
[2011/03/25 14:24:36 | 000,067,751 | ---- | M] () -- C:\Users\[bleep]OFF\Desktop\HRBlock taxes 2009 to be filed.pdf
[2011/03/25 14:23:50 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2011/03/25 14:08:42 | 000,000,827 | ---- | M] () -- C:\Users\[bleep]OFF\Desktop\Foxit PDF Editor.lnk
[2011/03/25 13:53:34 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011/03/25 13:23:32 | 000,000,028 | ---- | M] () -- C:\Windows\pdf995.ini
[2011/03/25 13:21:37 | 000,047,616 | ---- | M] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2011/03/25 11:02:44 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\H&R Block TaxCut 2008.lnk
[2011/03/25 08:27:17 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\DeductionPro 2009.lnk
[2011/03/25 02:54:33 | 000,888,832 | ---- | M] () -- C:\Users\[bleep]OFF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xbox.360.live.code.generator.exe
[2011/03/24 16:57:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/03/24 10:55:46 | 000,000,747 | ---- | M] () -- C:\Users\[bleep]OFF\Desktop\pcsx2-r3878 - Shortcut.lnk
[2011/03/24 09:36:38 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\PCSX2 0.9.7 (r3878).lnk
[2011/03/23 22:40:57 | 000,431,482 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/03/05 19:33:02 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 12.lnk
[2011/03/03 22:34:02 | 000,000,358 | -H-- | M] () -- C:\IPH.PH
[2011/03/03 22:33:48 | 000,001,933 | ---- | M] () -- C:\Users\[bleep]OFF\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/03/03 22:33:48 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/03/02 17:26:42 | 000,207,684 | ---- | M] () -- C:\Users\[bleep]OFF\Desktop\188532 - RMA.pdf
[2011/03/02 13:30:30 | 000,394,856 | ---- | M] () -- C:\Users\[bleep]OFF\Desktop\PPC RMA.PDF
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\[bleep]OFF\Desktop\*.tmp files -> C:\Users\[bleep]OFF\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/31 04:35:45 | 000,016,384 | ---- | C] () -- C:\Users\[bleep]OFF\AppData\Roaming\Xbox.360.live.code.generator.exe
[2011/03/31 04:35:45 | 000,016,384 | ---- | C] () -- C:\Users\[bleep]OFF\AppData\Roaming\WinDef.exe
[2011/03/31 04:29:15 | 000,000,166 | ---- | C] () -- C:\Windows\SysNative\bootdelete.lst
[2011/03/31 04:23:46 | 000,002,680 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2011/03/31 03:25:15 | 000,001,557 | ---- | C] () -- C:\Users\Public\Desktop\Eraser.lnk
[2011/03/31 03:25:15 | 000,001,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2011/03/31 03:08:16 | 000,000,149 | -HS- | C] () -- C:\Windows\E88D4.exe
[2011/03/31 02:17:10 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/03/31 02:17:09 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/03/27 10:17:42 | 000,013,824 | -H-- | C] () -- C:\Users\[bleep]OFF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dllhost.dll
[2011/03/26 23:37:04 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/26 23:37:03 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/03/26 00:03:35 | 000,067,751 | ---- | C] () -- C:\Users\[bleep]OFF\Desktop\HRBlock taxes 2009 to be filed.pdf
[2011/03/26 00:03:34 | 003,000,619 | ---- | C] () -- C:\Users\[bleep]OFF\Desktop\Allwardt 07 curvature sheep mtn.pdf
[2011/03/25 18:04:53 | 000,436,361 | ---- | C] () -- C:\Users\[bleep]OFF\Documents\Advising Report.pdf
[2011/03/25 14:04:44 | 000,000,827 | ---- | C] () -- C:\Users\[bleep]OFF\Desktop\Foxit PDF Editor.lnk
[2011/03/25 13:53:34 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011/03/25 13:23:32 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2011/03/25 13:11:25 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2011/03/25 13:11:25 | 000,047,616 | ---- | C] () -- C:\Windows\SysNative\pdf995mon64.dll
[2011/03/25 13:11:25 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\pdf995mon64ui.dll
[2011/03/25 13:11:25 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/03/25 11:02:44 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\H&R Block TaxCut 2008.lnk
[2011/03/25 08:27:17 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\DeductionPro 2009.lnk
[2011/03/25 02:55:18 | 000,074,975 | ---- | C] () -- C:\Users\[bleep]OFF\AppData\Roaming\data.dat
[2011/03/25 02:54:47 | 000,888,832 | ---- | C] () -- C:\Users\[bleep]OFF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xbox.360.live.code.generator.exe
[2011/03/24 16:57:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/03/24 10:55:48 | 000,000,747 | ---- | C] () -- C:\Users\[bleep]OFF\Desktop\pcsx2-r3878 - Shortcut.lnk
[2011/03/24 09:36:38 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\PCSX2 0.9.7 (r3878).lnk
[2011/03/05 19:33:02 | 000,001,242 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 12.lnk
[2011/03/05 19:33:02 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 12.lnk
[2011/03/03 22:33:48 | 000,001,933 | ---- | C] () -- C:\Users\[bleep]OFF\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/03/03 22:33:48 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/03/03 22:33:35 | 000,000,358 | -H-- | C] () -- C:\IPH.PH
[2011/03/02 17:26:41 | 000,207,684 | ---- | C] () -- C:\Users\[bleep]OFF\Desktop\188532 - RMA.pdf
[2011/03/02 13:30:30 | 000,394,856 | ---- | C] () -- C:\Users\[bleep]OFF\Desktop\PPC RMA.PDF
[2011/02/25 03:59:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll
[2011/02/25 03:59:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll
[2011/02/25 03:59:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll
[2011/02/25 03:59:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll
[2011/02/25 03:59:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll
[2011/02/25 03:59:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll
[2011/02/25 03:59:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll
[2011/02/25 03:59:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll
[2011/01/26 11:11:15 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.dll
[2010/11/13 15:50:01 | 000,000,011 | ---- | C] () -- C:\Windows\OSA.INI
[2010/11/13 06:42:20 | 000,005,120 | ---- | C] () -- C:\Users\[bleep]OFF\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/14 03:19:08 | 000,000,095 | ---- | C] () -- C:\Users\[bleep]OFF\AppData\Local\fusioncache.dat
[2010/10/09 14:48:52 | 000,755,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/09 14:46:22 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/09/17 14:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/09/17 13:26:50 | 000,007,602 | ---- | C] () -- C:\Users\[bleep]OFF\AppData\Local\resmon.resmoncfg
[2010/09/17 12:10:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/09/17 11:57:58 | 000,005,824 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2010/09/17 11:57:58 | 000,001,574 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/09/15 12:27:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/15 11:32:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/02 18:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/09/24 00:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

========== LOP Check ==========

[2011/03/03 22:34:10 | 000,000,000 | ---D | M] -- C:\Users\[bleep]OFF\AppData\Roaming\acccore
[2010/10/13 08:53:59 | 000,000,000 | ---D | M] -- C:\Users\[bleep]OFF\AppData\Roaming\Astroburn Pro
[2011/02/21 01:01:40 | 000,000,000 | ---D | M] -- C:\Users\[bleep]OFF\AppData\Roaming\Bioshock
[2011/03/31 03:05:01 | 000,000,000 | ---D | M] -- C:\Users\[bleep]OFF\AppData\Roaming\BitTorrent
[2011/03/31 04:35:44 | 000,000,000 | ---D | M] -- C:\Users\[bleep]OFF\AppData\Roaming\DNA
[2010/09/21 23:17:57 | 000,000,000 | ---D | M] -- C:\Users\[bleep]OFF\AppData\Roaming\Foxit
[2010/12/16 08:44:50 | 000,000,000 | ---D | M] -- C:\Users\[bleep]OFF\AppData\Roaming\GameRanger
[2011/01/26 11:40:38 | 000,000,000 | ---D | M] -- C:\Users\[bleep]OFF\AppData\Roaming\HorizonWimba
[2010/12/27 14:43:27 | 000,000,000 | ---D | M] -- C:\Users\[bleep]OFF\AppData\Roaming\MAXON
[2011/03/25 13:23:32 | 000,000,000 | ---D | M] -- C:\Users\[bleep]OFF\AppData\Roaming\pdf995
[2011/03/26 23:37:02 | 000,000,000 | ---D | M] -- C:\Users\[bleep]OFF\AppData\Roaming\PunkBuster
[2010/11/05 10:05:23 | 000,000,000 | ---D | M] -- C:\Users\[bleep]OFF\AppData\Roaming\SecondLife
[2011/03/25 14:20:37 | 000,000,000 | ---D | M] -- C:\Users\[bleep]OFF\AppData\Roaming\TaxCut
[2010/09/17 12:57:01 | 000,000,000 | ---D | M] -- C:\Users\[bleep]OFF\AppData\Roaming\Ubisoft
[2010/09/21 23:19:36 | 000,000,000 | ---D | M] -- C:\Users\[bleep]OFF\AppData\Roaming\Win7codecs
[2011/02/26 14:00:50 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 1
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP