Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows XP SP3 - System Checker Infection

Started by cramit02 , Mar 12 2012 01:05 PM

  • Please log in to reply

#1
cramit02
Posted 12 March 2012 - 01:05 PM

cramit02

    Member

  • Member
  • PipPip
  • 78 posts
Afternoon, Geekstogo. I recently went to a friends house to look into a "full crash" of sorts to find that his machine was infected with System Checker. All of his desktop icons were missing, Start Menu was empty, various "Your hard drive is corrupt"-like symptoms, etc. I restarted the machine in safe mode, hooked up my external drive, loaded TDSSKiller, MBAM, and SUPERAntiSpyware onto his machine (ran in the same order). The internet connection was still intact so updates went well. I got it operational but have yet to go back. I brought the external back to my own laptop and hooked it up only to notice that all of my folder icons had gone from full view to the Cut or Hidden Folder opacity, they're just barely visible. All of my files are still accessible but they all look like they're about to be cut or hidden. I ran MBAM, no results; ran SUPERAntiSpyware, no results. I believe that I've been at least partially infected by something that was lingering on the originally infected computer.

Any and all help would be greatly appreciated as I'd like to get my peace of mind back re: the integrity of the files and the external HDD before taking it back to work and hooking it up only to infect our office network.

Thanks,

Ted


Attached is the OTL Log:

OTL logfile created on: 3/12/2012 2:35:02 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\tgransbury\Desktop\GoFlex_Backup\Utilities
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.45 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 71.07% Memory free
5.29 Gb Paging File | 4.43 Gb Available in Paging File | 83.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 151.67 Gb Free Space | 65.13% Space Free | Partition Type: NTFS

Computer Name: INDY-TGRANSBYLT | User Name: tgransbury | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/12 14:34:02 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tgransbury\Desktop\GoFlex_Backup\Utilities\OTL.exe
PRC - [2012/03/12 09:36:46 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/03/08 12:49:26 | 003,450,832 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/03/07 13:19:58 | 000,438,272 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe
PRC - [2012/02/28 09:53:19 | 000,499,312 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2012/02/28 09:53:18 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/02/20 18:39:54 | 000,224,920 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2012/02/07 19:11:44 | 000,451,856 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/02/07 19:11:42 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/02/07 16:06:02 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2012/02/07 13:57:14 | 000,182,784 | ---- | M] () -- C:\Program Files\Allway Sync\Bin\SyncService.exe
PRC - [2012/01/31 22:30:08 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/01/31 22:30:02 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/12/16 15:35:42 | 005,881,952 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2011/12/16 15:33:14 | 000,403,096 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/12/16 15:33:08 | 000,812,800 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/12/16 15:32:04 | 005,953,992 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/09/16 15:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/08/24 11:00:42 | 000,409,600 | ---- | M] (Kaseya International Limited) -- C:\Program Files\Kaseya\MNDSHF73467808252560\KaUsrTsk.exe
PRC - [2011/08/24 11:00:04 | 000,851,968 | ---- | M] (Kaseya International Limited) -- C:\Program Files\Kaseya\MNDSHF73467808252560\AgentMon.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/04 18:48:12 | 000,488,816 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/12/10 16:03:48 | 000,143,696 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\Verizon\Drivers\VZWMSConfig.exe
PRC - [2010/11/09 07:55:18 | 000,054,640 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/07/06 23:59:22 | 000,054,744 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2010/05/31 00:17:06 | 000,054,640 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/03/10 00:56:02 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/03/10 00:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\stacsv.exe
PRC - [2010/02/05 17:01:00 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010/02/02 17:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010/02/02 17:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010/01/11 15:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2009/12/01 11:13:12 | 000,345,352 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/07/15 17:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2009/07/07 03:06:46 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/01/13 12:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/11/11 17:35:22 | 000,020,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2008/11/11 17:35:20 | 000,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2008/04/13 19:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/19 05:56:36 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/12 11:48:51 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/03/12 11:48:47 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/03/09 10:56:55 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/03/09 10:56:55 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/03/06 18:22:24 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/02/20 18:39:54 | 000,224,920 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
MOD - [2012/02/17 21:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2012/02/07 13:57:14 | 000,182,784 | ---- | M] () -- C:\Program Files\Allway Sync\Bin\SyncService.exe
MOD - [2011/12/19 11:23:49 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2011/12/19 11:23:45 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2011/12/16 15:37:58 | 000,018,784 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
MOD - [2011/12/16 15:02:14 | 000,435,552 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
MOD - [2011/08/24 10:59:24 | 000,135,168 | ---- | M] () -- C:\Program Files\Kaseya\MNDSHF73467808252560\LogParser.dll
MOD - [2011/08/24 10:59:18 | 000,131,072 | ---- | M] () -- C:\Program Files\Kaseya\MNDSHF73467808252560\KEventLog.dll
MOD - [2011/08/24 10:58:24 | 000,131,072 | ---- | M] () -- C:\Program Files\Kaseya\MNDSHF73467808252560\KAgentExt.dll
MOD - [2011/08/23 17:32:42 | 000,446,464 | ---- | M] () -- C:\Program Files\Kaseya\MNDSHF73467808252560\libkacm.dll
MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/01/11 15:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
MOD - [2009/01/13 12:29:00 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/03/08 12:49:26 | 003,450,832 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/03/07 13:19:58 | 000,438,272 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2012/02/20 18:39:54 | 000,224,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV - [2012/02/07 19:11:42 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/02/07 13:57:14 | 000,182,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Allway Sync\Bin\SyncService.exe -- (BotkindSyncService)
SRV - [2012/01/31 22:30:08 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2012/01/31 22:30:02 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/12/16 15:35:42 | 005,881,952 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2011/12/16 15:33:08 | 000,812,800 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/24 11:00:04 | 000,851,968 | ---- | M] (Kaseya International Limited) [Auto | Running] -- C:\Program Files\Kaseya\MNDSHF73467808252560\AgentMon.exe -- (KAMNDSHF73467808252560)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/12/15 15:54:44 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2010/12/10 16:03:48 | 000,143,696 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\Verizon\Drivers\VZWMSConfig.exe -- (VZWConfigService)
SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/03/10 00:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010/02/02 17:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2010/02/02 17:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2010/01/11 15:10:52 | 000,082,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009/12/01 11:13:12 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/07/15 17:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/01/13 12:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/11/11 17:35:22 | 000,020,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008/11/11 17:35:20 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2007/04/19 05:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012/03/08 12:49:27 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2012/03/08 12:49:23 | 000,766,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2012/03/08 12:49:22 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2012/03/08 12:49:19 | 000,126,144 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vididr.sys -- (vididr)
DRV - [2012/03/08 12:49:18 | 000,084,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vsflt61.sys -- (vidsflt61) Acronis Disk Storage Filter (61)
DRV - [2012/03/08 12:49:15 | 000,170,752 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2012/03/08 12:49:12 | 000,077,696 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fltsrv.sys -- (fltsrv)
DRV - [2012/02/20 18:40:08 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap)
DRV - [2012/02/07 19:11:42 | 000,133,392 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/01/31 22:30:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/12/19 11:23:49 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter)
DRV - [2011/07/12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2011/06/23 12:09:02 | 000,017,920 | ---- | M] (Kaseya) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KAPFA.sys -- (KAPFA)
DRV - [2011/01/05 21:42:14 | 000,284,792 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/12/15 15:38:14 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010/12/15 15:38:12 | 000,022,656 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2010/12/15 15:38:10 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctnullport.sys -- (Nmea)
DRV - [2010/12/15 15:35:56 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/12/10 17:04:32 | 000,243,712 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NWRmNet_001.sys -- (NWRmNet_001)
DRV - [2010/12/10 17:04:32 | 000,231,424 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/12/10 17:04:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2_001.sys -- (NWUSBPort2_001)
DRV - [2010/12/10 17:04:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser_001.sys -- (NWUSBPort_001)
DRV - [2010/12/10 17:04:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm_001.sys -- (NWUSBModem_001)
DRV - [2010/07/19 18:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 18:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 18:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/04/14 21:29:22 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2010/03/10 00:56:02 | 001,656,499 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2010/01/11 15:11:46 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/07/15 17:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/04/21 23:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/04/08 11:32:50 | 000,116,224 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2009/01/13 12:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/11/11 17:32:10 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2008/11/11 17:32:08 | 000,035,880 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/11/11 17:32:08 | 000,012,840 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ccidflt.sys -- (CCIDFILTER)
DRV - [2008/08/28 18:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/06/03 18:30:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/05/13 02:01:00 | 000,277,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/04 13:40:50 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/01/07 21:57:44 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE D8 74 C2 76 E6 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Documents and Settings\tgransbury\Local Settings\Application Data\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/10 13:58:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/28 09:53:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/22 10:57:49 | 000,000,000 | ---D | M]

[2012/02/22 10:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tgransbury\Application Data\Mozilla\Extensions
[2012/03/07 09:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/07 09:53:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Documents and Settings\tgransbury\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\tgransbury\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\tgransbury\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\tgransbury\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/03/03 15:42:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [KASHMNDSHF73467808252560] C:\Program Files\Kaseya\MNDSHF73467808252560\KaUsrTsk.exe (Kaseya International Limited)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\tgransbury\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: triangleservices.com ([eams] http in Trusted sites)
O15 - HKCU\..Trusted Domains: triangleservices.com ([owa] https in Trusted sites)
O15 - HKCU\..Trusted Domains: triangleservices.com ([treseam02] http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1320450557250 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} https://kaseya.minds...c/kaxRemote.dll (kasRmtHlp Class)
O16 - DPF: {B65B1DCC-D421-4F3C-8F8F-909BDD967120} https://kaseya.minds...uginManager.cab (PluginManager Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab (SysInfo Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=724 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.47.41
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = triangleservices.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D13D3262-4164-4181-A992-F5B8CF3F1532}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.47.41
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE4BACAC-AF12-48A6-BBD0-F9E18FA020C5}: DhcpNameServer = 192.168.47.41 10.1.0.238 65.24.0.168
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/04 18:47:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/02/12 18:49:16 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/12 10:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Desktop\GoFlex_Backup
[2012/03/09 14:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2012/03/09 14:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/03/09 13:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Desktop\sandbox_temp
[2012/03/09 13:22:30 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012/03/09 13:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2012/03/09 13:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012/03/09 11:05:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\tgransbury\Recent
[2012/03/09 10:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Application Data\SUPERAntiSpyware.com
[2012/03/09 10:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/03/09 10:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/09 10:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/08 13:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2012/03/08 12:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Acronis
[2012/03/08 12:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2012/03/08 12:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2012/03/08 12:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Application Data\Acronis
[2012/03/08 12:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012/03/08 12:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Macrium
[2012/03/08 12:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2012/03/07 11:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Application Data\TuneUp Software
[2012/03/07 11:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/03/07 11:17:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/03/07 10:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco Systems VPN Client
[2012/03/07 10:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2012/03/07 10:15:59 | 000,135,168 | ---- | C] (Kaseya) -- C:\WINDOWS\System32\KaseyaSP.dll
[2012/03/07 10:15:59 | 000,017,920 | ---- | C] (Kaseya) -- C:\WINDOWS\System32\drivers\KAPFA.sys
[2012/03/07 10:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaseya
[2012/03/07 09:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/07 09:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/06 18:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Application Data\OpenOffice.org
[2012/03/06 18:22:16 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
[2012/03/06 18:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012/03/06 18:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/03/06 18:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Application Data\Sun
[2012/03/06 14:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn
[2012/03/05 15:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Desktop\Jud Work
[2012/03/05 13:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.1
[2012/03/05 13:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012/03/05 10:35:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/03 16:02:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/03 15:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDVD 9.5
[2012/03/02 17:55:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/02 17:54:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/02 17:54:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/02 17:54:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/02 17:54:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/02 17:53:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/02 17:52:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/02 17:52:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\tgransbury\Start Menu\Programs\Administrative Tools
[2012/02/29 20:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/02/29 20:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Start Menu\Programs\Revo Uninstaller
[2012/02/28 09:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/02/28 09:53:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/02/28 09:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2012/02/28 09:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012/02/28 09:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2012/02/28 09:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Application Data\Real
[2012/02/26 12:08:26 | 000,000,000 | ---D | C] -- C:\CCE_Quarantine
[2012/02/26 11:52:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Start Menu\Programs\WinRAR
[2012/02/26 11:52:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Application Data\WinRAR
[2012/02/26 11:52:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/02/26 11:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/02/22 17:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Bytemobile
[2012/02/22 17:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Application Data\Sprint
[2012/02/22 17:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Application Data\Kaseya
[2012/02/22 16:58:08 | 000,017,920 | ---- | C] (Sierra Wireless America, Inc.) -- C:\WINDOWS\System32\apintfnt.dll
[2012/02/22 16:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Application Data\Sierra Wireless
[2012/02/22 16:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Desktop\Aircard Apps
[2012/02/22 16:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sprint
[2012/02/22 16:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra Wireless
[2012/02/22 16:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Sprint
[2012/02/22 16:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2012/02/22 16:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Application Data\TeamViewer
[2012/02/22 16:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\temp
[2012/02/22 10:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\My Documents\Downloads
[2012/02/22 10:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Local Settings\Application Data\Mozilla
[2012/02/22 10:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Application Data\Mozilla
[2012/02/22 10:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/02/22 10:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Application Data\Verizon Wireless
[2012/02/21 16:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Application Data\Corel
[2012/02/21 16:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Protexis
[2012/02/21 16:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Application Data\Ulead Systems
[2012/02/21 16:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\My Documents\Corel PaintShop Pro
[2012/02/21 16:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Local Settings\Application Data\Corel PaintShop Pro
[2012/02/21 16:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2012/02/21 16:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Corel
[2012/02/21 16:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Corel PaintShop Pro X4
[2012/02/21 16:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2012/02/21 16:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Desktop\TG
[2012/02/21 11:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Infor EAM
[2012/02/21 11:35:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/02/20 18:40:18 | 000,012,952 | ---- | C] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2012/02/20 18:40:08 | 000,016,024 | ---- | C] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2012/02/20 18:40:00 | 000,047,256 | ---- | C] (Macrium Software) -- C:\WINDOWS\System32\drivers\psmounter.sys
[2012/02/16 16:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Application Data\PrimoPDF
[2012/02/16 15:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PrimoPDF
[2012/02/16 15:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2012/02/12 23:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Alarm Clock
[2012/02/12 23:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Alarm Clock
[2012/02/12 18:49:16 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2012/02/11 19:20:29 | 000,030,592 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2012/02/11 19:20:28 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2012/02/11 19:20:28 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2012/02/11 19:20:26 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2012/02/11 19:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2012/02/11 19:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Local Settings\Application Data\Deployment
[2012/02/11 18:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Local Settings\Application Data\LogMeIn
[2012/02/11 18:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/02/11 16:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/02/11 15:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Start Menu\Programs\Hulu Desktop
[2012/02/11 15:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tgransbury\Local Settings\Application Data\HuluDesktop

========== Files - Modified Within 30 Days ==========

[2012/03/12 14:41:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/12 14:39:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F6AD0D9E-F8D2-47C1-B982-4BC46297BB86}.job
[2012/03/12 14:38:37 | 000,019,696 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2012/03/12 14:21:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580818891-682003330-1003UA.job
[2012/03/12 11:52:26 | 000,494,748 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/12 11:52:26 | 000,090,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/12 11:51:11 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\tgransbury\Desktop\Excel.lnk
[2012/03/12 11:48:21 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2012/03/12 11:48:18 | 000,002,412 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/03/12 11:48:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1292428093-839522115-14837.job
[2012/03/12 11:48:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/12 11:48:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/12 11:47:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/12 11:45:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/12 11:12:28 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\tgransbury\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/09 17:52:02 | 000,001,606 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/03/09 13:20:33 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\tgransbury\Desktop\Sandboxed Web Browser.lnk
[2012/03/09 13:20:33 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\tgransbury\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/03/07 22:21:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580818891-682003330-1003Core.job
[2012/03/07 10:24:45 | 000,001,593 | ---- | M] () -- C:\WINDOWS\VPNInstall.MIF
[2012/03/07 10:23:37 | 000,001,593 | ---- | M] () -- C:\WINDOWS\VPNUnInstall.MIF
[2012/03/07 09:44:57 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/06 18:23:33 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\tgransbury\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012/03/05 12:12:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/03 15:42:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/28 09:54:28 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1292428093-839522115-14837.job
[2012/02/28 09:53:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/02/23 10:33:42 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\tgransbury\Desktop\Outlook.lnk
[2012/02/22 10:57:50 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\tgransbury\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/22 10:57:50 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Firefox.lnk
[2012/02/20 18:40:18 | 000,012,952 | ---- | M] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2012/02/20 18:40:08 | 000,016,024 | ---- | M] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2012/02/20 18:40:00 | 000,047,256 | ---- | M] (Macrium Software) -- C:\WINDOWS\System32\drivers\psmounter.sys
[2012/02/17 19:04:16 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\tgransbury\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/16 15:43:23 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2012/02/16 15:43:18 | 000,000,314 | ---- | M] () -- C:\WINDOWS\primopdf.ini
[2012/02/13 11:58:24 | 000,000,366 | ---- | M] () -- C:\Documents and Settings\tgransbury\Desktop\GoFlex.lnk
[2012/02/11 19:20:26 | 000,001,024 | ---- | M] () -- C:\.rnd

========== Files Created - No Company Name ==========

[2012/03/12 11:12:15 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\tgransbury\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/12 11:10:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/09 13:22:07 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\tgransbury\Desktop\Sandboxed Web Browser.lnk
[2012/03/09 13:22:07 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\tgransbury\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/03/09 13:22:05 | 000,001,606 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/03/07 10:24:23 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2012/03/07 10:22:32 | 000,001,593 | ---- | C] () -- C:\WINDOWS\VPNUnInstall.MIF
[2012/03/06 18:23:33 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\tgransbury\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012/03/02 17:55:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/02 17:55:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/02 17:54:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/02 17:54:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/02 17:54:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/02 17:54:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/02 17:54:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/28 09:54:27 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1292428093-839522115-14837.job
[2012/02/28 09:54:27 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1292428093-839522115-14837.job
[2012/02/22 10:57:50 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\tgransbury\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/22 10:57:50 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/22 10:57:50 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Firefox.lnk
[2012/02/17 20:33:07 | 000,318,872 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/17 19:04:16 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\tgransbury\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/16 15:43:23 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2012/02/16 15:43:19 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2012/02/15 11:13:04 | 000,002,495 | ---- | C] () -- C:\Documents and Settings\tgransbury\Desktop\Excel.lnk
[2012/02/13 11:58:30 | 000,000,366 | ---- | C] () -- C:\Documents and Settings\tgransbury\Desktop\GoFlex.lnk
[2012/02/11 19:20:23 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/02/11 19:20:16 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2012/02/08 11:36:53 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\tgransbury\Application Data\$_hpcst$.hpc
[2011/12/19 16:37:31 | 000,019,696 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2011/12/19 13:06:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/12/19 11:30:19 | 000,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2011/12/19 11:12:49 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2011/12/19 10:25:34 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/12/19 10:25:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/12/19 10:25:34 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/11/04 19:35:22 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/11/04 19:35:22 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/11/04 19:35:22 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011/11/04 19:35:22 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/11/04 18:49:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/04 18:45:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/04 13:41:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/04 13:40:30 | 000,290,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/16 13:31:44 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini

========== LOP Check ==========

[2012/03/08 12:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012/03/12 09:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/03/08 13:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2012/02/22 16:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2012/02/09 18:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sync App Settings
[2012/03/07 11:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/01/20 13:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2012/03/07 11:17:13 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/03/08 13:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tgransbury\Application Data\Acronis
[2012/02/22 17:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tgransbury\Application Data\Kaseya
[2012/03/06 18:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tgransbury\Application Data\OpenOffice.org
[2012/03/09 17:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tgransbury\Application Data\PrimoPDF
[2012/02/22 16:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tgransbury\Application Data\Sierra Wireless
[2012/02/22 17:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tgransbury\Application Data\Sprint
[2012/02/10 12:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tgransbury\Application Data\Sync App Settings
[2012/02/22 16:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tgransbury\Application Data\TeamViewer
[2012/03/07 11:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tgransbury\Application Data\TuneUp Software
[2012/02/21 16:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tgransbury\Application Data\Ulead Systems
[2012/03/12 14:39:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F6AD0D9E-F8D2-47C1-B982-4BC46297BB86}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP