This topic is locked
The first thing I ran was MalwareBytes and Hitman Pro.
Hitman Pro said I had C:\MBR TDSS Alureon Olmarik root kit virus
I then ran Sypbot, Stinger and some other rootkit removal programs.
TDSSkiller.exe, etc.
However I am still having issues.
stinger found artemis
Spybot found avkill
Removed them, booted into safe mode.
Ran malwarebytes again, found 2 infections
Removed them
Ran Hitman Pro, removed Trojan temp.exe
I was having an issue with every time I click my mouse the windows installer would start. This is not happening in Safe Mode, but I have not rebooted back into normal mode yet.
So at this point in safe mode, MalwareBytes in clean, spybot is clean and hitman pro is clean.
Here is my Otl.exe logs
OTL logfile created on: 9/9/2011 4:37:34 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\stat040\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
989.54 Mb Total Physical Memory | 301.84 Mb Available Physical Memory | 30.50% Memory free
2.33 Gb Paging File | 1.77 Gb Available in Paging File | 76.04% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 29.88 Gb Free Space | 20.06% Space Free | Partition Type: NTFS
Drive G: | 1019.80 Gb Total Space | 723.42 Gb Free Space | 70.94% Space Free | Partition Type: NTFS
Drive H: | 1019.80 Gb Total Space | 723.42 Gb Free Space | 70.94% Space Free | Partition Type: NTFS
Drive N: | 1019.80 Gb Total Space | 723.42 Gb Free Space | 70.94% Space Free | Partition Type: NTFS
Drive P: | 465.71 Gb Total Space | 409.48 Gb Free Space | 87.93% Space Free | Partition Type: NTFS
Computer Name: TONYNA-HUDGENS | User Name: tonyna | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/09 15:55:46 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\stat040\Desktop\OTL.exe
PRC - [2011/03/10 14:01:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/03/10 14:01:22 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/10 03:12:46 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/10 03:10:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/10 03:10:40 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/10 03:10:30 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/10 03:08:50 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/10 03:07:13 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/06/30 03:07:43 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/11/18 17:18:32 | 000,005,120 | ---- | M] () -- C:\Program Files\RPost\RPostOffice\ManagedAggregator.dll
MOD - [2010/11/08 11:41:12 | 000,408,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
MOD - [2010/11/08 11:41:06 | 000,004,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll
MOD - [2009/08/13 16:01:56 | 000,025,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
MOD - [2008/04/30 14:38:50 | 000,226,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\office.dll
MOD - [2008/02/27 02:09:16 | 002,560,000 | ---- | M] () -- C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll
MOD - [2008/02/27 02:04:40 | 000,098,304 | ---- | M] () -- C:\Program Files\Nuance\PDF Professional 5\PDFCWordAddin.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (RSHUT Pro)
SRV - File not found [Auto | Stopped] -- -- (PRTG7ProbeService)
SRV - File not found [Auto | Stopped] -- -- (PRTG7CoreService)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - [2011/09/07 16:07:59 | 006,394,688 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe -- (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot)
SRV - [2011/03/10 14:01:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/03/10 14:01:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/03/10 14:01:24 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2011/03/10 14:01:24 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SNAC.EXE -- (SNAC)
SRV - [2011/03/10 14:01:22 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/17 11:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/02/08 10:59:05 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008/02/27 02:21:48 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Stopped] -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2007/09/20 18:10:02 | 000,032,768 | ---- | M] (Inter-Tel (Delaware), Inc) [Disabled | Stopped] -- C:\Documents and Settings\stat040\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe -- (LkWebLink)
SRV - [2007/07/26 20:03:46 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/23 04:58:04 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
========== Driver Services (SafeList) ==========
DRV - [2011/08/16 21:08:50 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110907.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/16 21:08:50 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110907.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/04 17:46:10 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/04 17:46:10 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/03/10 14:33:07 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/10 14:01:28 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/03/10 14:01:28 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011/03/10 14:01:18 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/10/22 20:17:34 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/10/22 20:17:34 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/07/15 00:20:10 | 004,407,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/14 02:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Stopped] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/03/06 12:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/09/24 20:12:48 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/07/23 19:42:12 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/07/06 06:33:04 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.swagbucks.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\stat040\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\stat040\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/12/28 17:51:41 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011/09/08 10:07:19 | 000,439,179 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15113 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (UCSBrowserHelper Class) - {F1D49A84-8656-43ce-AE3D-AABC1A12243E} - C:\WINDOWS\system32\BhoUCS.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [GoToAssist Express Expert] C:\Program Files\Citrix\GoToAssist Express Expert\309\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\RunOnce: [asupdatebg.exe] G:\WINTAM\asupdatebg.exe ()
O4 - HKCU..\RunOnce: [Tucan] File not found
F3 - HKCU WinNT: Run - (C:\DOCUME~1\stat040\APPLIC~1\start.js) - C:\Documents and Settings\stat040\Application Data\start.js ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O15 - HKLM\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://au.appliedsys...yer/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1209578617383 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {77DAB859-DDE3-4C49-A86B-FAFEA51039FB} http://download.conn...ols/TUSched.dll (SchedulerConfig Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www1.gotomee...ets/g2mdlax.cab (GoToMeeting/GoToWebinar Web Starter)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/d...lugin_0.5.1.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://freetrial.we...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.co...upldr-2k-xp.cab (Plaxo Auto-Import Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PALMETTOINSURANCE.COM
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED907E71-5E5B-4C15-8468-5C138D0B875A}: DhcpNameServer = 192.168.1.202
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\stat040\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\stat040\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/11/03 08:42:02 | 000,050,592 | ---- | M] () - N:\Auto Parts Stretch Summary.pdf -- [ NTFS ]
O32 - AutoRun File - [2011/01/07 11:10:44 | 000,000,000 | ---D | M] - N:\Automation -- [ NTFS ]
O33 - MountPoints2\{1c053f99-05fd-11df-94b8-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe folder.htt 480 480
O33 - MountPoints2\{4781394b-a0c8-11df-adb2-001e4fb727c0}\Shell - "" = AutoRun
O33 - MountPoints2\{4781394b-a0c8-11df-adb2-001e4fb727c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4781394b-a0c8-11df-adb2-001e4fb727c0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{496d157b-19ea-11e0-adc4-001e4fb727c0}\Shell - "" = AutoRun
O33 - MountPoints2\{496d157b-19ea-11e0-adc4-001e4fb727c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{496d157b-19ea-11e0-adc4-001e4fb727c0}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{b352b8da-d2f7-11de-9392-001e4fb727c0}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bootdelete) - C:\WINDOWS\System32\bootdelete.exe (SurfRight B.V.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/09 15:55:45 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\stat040\Desktop\OTL.exe
[2011/09/09 15:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/09 15:31:21 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/09/09 13:14:41 | 000,008,576 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\drivers\idahcgmuwaew.sys
[2011/09/09 13:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stat040\Pavark
[2011/09/09 12:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2011/09/09 12:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyFinder
[2011/09/08 10:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/09/08 10:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/07 09:44:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/08/29 09:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/08/25 14:29:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Paessler
[2011/08/25 14:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PRTG Network Monitor
[2011/08/25 14:26:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ABCpdf6
[2011/08/25 14:26:39 | 010,080,200 | ---- | C] (WebSupergoo) -- C:\WINDOWS\System32\ABCpdf6.dll
[2011/08/24 11:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Disabled Startup
[2011/08/24 11:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TweakNow PowerPack 2011
[2011/08/24 11:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\TweakNow PowerPack 2011
[2011/08/24 11:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stat040\Application Data\TweakNow PowerPack 2011
[2011/08/19 16:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stat040\My Documents\My Kindle Content
[2011/08/19 16:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stat040\Start Menu\Programs\Amazon
[2011/08/19 16:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stat040\Local Settings\Application Data\Amazon
[2011/08/19 16:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2011/08/19 11:44:20 | 000,000,000 | ---D | C] -- C:\WINTAM
[2010/03/08 18:26:23 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\stat040\Application Data\pcouffin.sys
[1998/08/24 09:31:44 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
========== Files - Modified Within 30 Days ==========
[2011/09/09 15:55:46 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\stat040\Desktop\OTL.exe
[2011/09/09 15:31:21 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/09/09 15:31:21 | 000,000,602 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/09/09 15:31:21 | 000,000,198 | ---- | M] () -- C:\WINDOWS\System32\bootdelete.lst
[2011/09/09 15:30:46 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\bgehe.sys
[2011/09/09 13:20:59 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/09/09 13:19:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/09 13:18:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/09 13:12:59 | 000,008,576 | ---- | M] (Panda Software International) -- C:\WINDOWS\System32\drivers\idahcgmuwaew.sys
[2011/09/09 13:11:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/09 13:07:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/09 13:05:18 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2011/09/09 12:46:39 | 000,039,884 | ---- | M] () -- C:\Documents and Settings\stat040\Application Data\test
[2011/09/09 12:46:39 | 000,039,884 | ---- | M] () -- C:\Documents and Settings\stat040\Application Data\start.js
[2011/09/09 10:24:01 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Check Disk.job
[2011/09/09 10:15:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Disk Defrag.job
[2011/09/08 14:30:09 | 000,002,052 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/09/08 14:14:50 | 000,138,604 | ---- | M] () -- C:\Documents and Settings\stat040\Desktop\Eddie James.jpg
[2011/09/08 14:14:29 | 000,166,132 | ---- | M] () -- C:\Documents and Settings\stat040\Desktop\Eddie James.pdf
[2011/09/08 10:32:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/08 10:26:01 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\stat040\Desktop\HijackThis.lnk
[2011/09/08 10:08:16 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/08 10:07:19 | 000,439,179 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/08 09:42:55 | 000,000,044 | ---- | M] () -- C:\WINDOWS\RshutPro.INI
[2011/09/07 16:10:50 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/09/07 15:43:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\426790193
[2011/09/07 15:29:53 | 000,007,904 | ---- | M] () -- C:\Documents and Settings\stat040\Application Data\1.js
[2011/09/07 15:19:15 | 007,911,991 | ---- | M] () -- C:\Documents and Settings\stat040\Desktop\Attachments_2011_09_7.zip
[2011/09/07 09:58:55 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\stat040\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/07 09:52:39 | 000,001,776 | -H-- | M] () -- C:\Documents and Settings\stat040\My Documents\Default.rdp
[2011/09/03 23:23:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/02 16:29:44 | 000,000,043 | ---- | M] () -- C:\WINDOWS\A_OWNERS.INI
[2011/08/31 10:08:06 | 004,718,646 | ---- | M] () -- C:\WINDOWS\PrintKey18.bmp
[2011/08/31 09:39:00 | 000,424,274 | ---- | M] () -- C:\Documents and Settings\stat040\Desktop\2011-08-30 15.09.09.jpg
[2011/08/29 09:47:40 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/25 14:27:09 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\stat040\Application Data\Microsoft\Internet Explorer\Quick Launch\PRTG Windows GUI.lnk
[2011/08/24 11:00:27 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TweakNow PowerPack 2011.lnk
[2011/08/23 09:35:43 | 000,110,968 | ---- | M] () -- C:\Documents and Settings\stat040\g2ax_expert_downloadhelper_win32_x86.exe
[2011/08/19 16:01:50 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\stat040\Desktop\Kindle.lnk
[2011/08/12 09:16:44 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\stat040\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
========== Files Created - No Company Name ==========
[2011/09/09 15:31:21 | 000,000,198 | ---- | C] () -- C:\WINDOWS\System32\bootdelete.lst
[2011/09/09 15:30:46 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\bgehe.sys
[2011/09/08 15:17:39 | 000,039,884 | ---- | C] () -- C:\Documents and Settings\stat040\Application Data\test
[2011/09/08 14:30:09 | 000,002,052 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/09/08 14:14:49 | 000,138,604 | ---- | C] () -- C:\Documents and Settings\stat040\Desktop\Eddie James.jpg
[2011/09/08 14:14:29 | 000,166,132 | ---- | C] () -- C:\Documents and Settings\stat040\Desktop\Eddie James.pdf
[2011/09/08 10:26:00 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\stat040\Desktop\HijackThis.lnk
[2011/09/08 09:37:16 | 000,000,602 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/09/07 15:30:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\426790193
[2011/09/07 15:29:53 | 000,039,884 | ---- | C] () -- C:\Documents and Settings\stat040\Application Data\start.js
[2011/09/07 15:29:53 | 000,007,904 | ---- | C] () -- C:\Documents and Settings\stat040\Application Data\1.js
[2011/09/07 15:19:01 | 007,911,991 | ---- | C] () -- C:\Documents and Settings\stat040\Desktop\Attachments_2011_09_7.zip
[2011/09/07 09:58:54 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\stat040\Start Menu\Programs\Internet Explorer.lnk
[2011/09/07 09:45:48 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/31 09:39:33 | 000,424,274 | ---- | C] () -- C:\Documents and Settings\stat040\Desktop\2011-08-30 15.09.09.jpg
[2011/08/29 09:47:40 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/25 14:27:09 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\stat040\Application Data\Microsoft\Internet Explorer\Quick Launch\PRTG Windows GUI.lnk
[2011/08/24 11:00:27 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TweakNow PowerPack 2011.lnk
[2011/08/19 16:01:50 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\stat040\Desktop\Kindle.lnk
[2011/07/06 11:27:28 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/01 14:31:32 | 000,013,030 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PDOXUSRS.NET
[2011/01/19 11:21:43 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/01/07 12:41:49 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/06 17:20:59 | 000,001,096 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2010/12/14 11:11:28 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\stat040\Local Settings\Application Data\ie_runner_app.exe
[2010/10/27 14:40:12 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\mp3Media2.dll
[2010/04/30 15:50:39 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/04/30 15:50:39 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/04/30 15:49:02 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/04/30 15:49:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/04/30 15:49:01 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/04/30 15:46:47 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/04/30 14:20:43 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/04/30 14:20:42 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7840W.DAT
[2010/04/30 14:04:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\delexe.exe
[2010/04/29 16:35:34 | 000,000,307 | ---- | C] () -- C:\WINDOWS\007DVDCopy.INI
[2010/04/16 14:41:16 | 000,004,905 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2010/04/16 14:35:50 | 000,000,141 | ---- | C] () -- C:\WINDOWS\SetScan.ini
[2010/03/08 18:26:23 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\stat040\Application Data\inst.exe
[2010/03/08 18:26:23 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\stat040\Application Data\pcouffin.cat
[2010/03/08 18:26:23 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\stat040\Application Data\pcouffin.inf
[2009/09/18 10:03:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/08 10:32:47 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/09/04 15:50:24 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ASLotus.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/07 10:03:09 | 000,000,231 | ---- | C] () -- C:\WINDOWS\Awshkwv.ini
[2009/02/04 15:29:07 | 000,157,824 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/01/27 23:30:55 | 000,000,044 | ---- | C] () -- C:\WINDOWS\RshutPro.INI
[2009/01/23 11:57:39 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\stat040\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/22 11:48:59 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\eSTsnmp.dll
[2009/01/08 12:08:02 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2009/01/08 12:08:02 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2009/01/08 12:08:02 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2008/10/01 15:05:57 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2008/08/04 15:47:28 | 000,164,864 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008/07/31 10:54:15 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/05/28 11:10:26 | 000,000,094 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2008/05/28 11:09:47 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2008/05/28 11:09:47 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\BiMResNT.dll
[2008/05/19 15:18:04 | 000,000,043 | ---- | C] () -- C:\WINDOWS\A_OWNERS.INI
[2008/04/30 16:05:03 | 000,000,659 | ---- | C] () -- C:\WINDOWS\FMTMSAM.INI
[2008/04/30 16:04:53 | 000,000,259 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/04/30 13:58:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/25 08:40:47 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\stat040\Local Settings\Application Data\fusioncache.dat
[2008/04/18 08:30:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/18 08:28:25 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/04/18 08:28:25 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/18 08:11:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/04/18 08:09:29 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/04/18 08:09:28 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/04/18 08:09:28 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/04/18 08:09:28 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/04/18 08:09:28 | 000,197,655 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/04/18 08:09:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/04/18 08:09:28 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/04/18 08:09:26 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/04/18 08:08:17 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/02/28 06:03:32 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/01/23 04:45:40 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2006/11/07 05:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/01/17 03:10:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2004/12/21 11:13:56 | 000,191,136 | ---- | C] () -- C:\WINDOWS\System32\plx_upldr.dll
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 001,171,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:28 | 000,446,174 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:28 | 000,073,254 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 03:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/01/26 10:44:34 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ASAPI.dll
[1999/09/22 14:03:54 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\PG32CONV.DLL
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/09/30 14:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
========== LOP Check ==========
[2010/06/09 14:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1click dvd copy pro
[2010/05/13 15:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/09/24 15:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DietPower4.4
[2011/07/07 16:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/04/04 12:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MingSoft
[2010/12/10 14:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/07/31 14:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/08/25 14:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paessler
[2008/05/23 16:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2010/04/30 15:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/09/08 09:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/30 10:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vso
[2010/04/29 10:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/07/31 14:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2009/03/18 10:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2008/11/26 10:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/03/30 22:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/15 22:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 09:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/28 13:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\Applied Systems
[2011/08/29 09:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\BitTorrent
[2010/04/16 14:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\Canon Electronics
[2010/03/17 13:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\CopyToDvd
[2010/04/29 16:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\DeepBurner
[2010/07/19 10:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\E-centives
[2010/03/24 09:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\Facebook
[2010/05/12 09:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\FileZilla
[2010/04/29 09:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\GetRightToGo
[2011/01/07 12:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\iPodtoComputer
[2011/01/07 13:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\Macroplant, LLC
[2009/04/03 14:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\NCH Swift Sound
[2011/05/05 10:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\Notepad++
[2011/08/29 09:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\PriceGong
[2009/04/03 14:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\Recordpad
[2011/09/09 08:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\RPost
[2010/12/22 16:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\Scan2PDF
[2011/04/07 15:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\ScanSoft
[2008/12/03 16:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\Snapfish
[2011/04/15 10:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\start
[2011/08/24 11:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\TweakNow PowerPack 2011
[2010/04/29 10:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\Vso
[2008/09/18 10:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\webex
[2010/08/16 14:53:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\stat040\Application Data\wyUpdate AU
[2009/01/08 12:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\Xilisoft Corporation
[2008/07/31 14:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stat040\Application Data\Zeon
[2011/09/09 10:24:01 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Check Disk.job
[2011/09/09 13:05:18 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2011/09/09 10:15:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Defrag.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A870F8B
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC53BBE6
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05D195EC
< End of report >
Sign In
Create Account
