otl.txt 2 of 3
O1 HOSTS File: ([2012/03/28 23:32:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:
64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2:
64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2:
64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:
64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:
64bit: - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2835041227-4052452234-1243871708-1002\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2835041227-4052452234-1243871708-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:
64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:
64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:
64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:
64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:
64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:
64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:
64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [csapp5] C:\Program Files (x86)\Common Files\Microsoft Shared\IC\bin\rswp.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [ping37w] C:\Program Files (x86)\Common Files\Microsoft Shared\pse7\rnappp7.exe ()
O4 - HKLM..\Run: [wmproc] C:\Program Files (x86)\Common Files\Microsoft Shared\IC\bin\WMPROC.exe ()
O4 - HKU\S-1-5-21-2835041227-4052452234-1243871708-1002..\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-2835041227-4052452234-1243871708-1004..\Run: [Google Update] "C:\Users\brianm\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKU\S-1-5-21-2835041227-4052452234-1243871708-1004..\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-2835041227-4052452234-1243871708-1004..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-2835041227-4052452234-1243871708-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\brianm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: =
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2835041227-4052452234-1243871708-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2835041227-4052452234-1243871708-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2835041227-4052452234-1243871708-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2835041227-4052452234-1243871708-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2835041227-4052452234-1243871708-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6}
https://support.dell.com/systemprofiler/SysProExe.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6}
https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77}
http://dell.com/support/troubleshooting/Content/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8F01E00-F9E1-4871-8C17-8101DB0B08A0}: DhcpNameServer = 192.168.1.1
O18:
64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\qbwc - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:
64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:
64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:
64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:
64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32:
64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/03/28 23:49:13 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\brianm\Desktop\OTL.exe
[2012/03/28 23:38:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/28 23:09:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/28 23:09:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/28 23:09:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/28 23:09:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/28 23:09:32 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/28 23:09:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/28 23:08:01 | 004,448,457 | R--- | C] (Swearware) -- C:\Users\brianm\Desktop\ComboFix.exe
[2012/03/28 22:53:30 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\brianm\Desktop\FixTDSS.exe
[2012/03/28 22:07:08 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\brianm\Desktop\aswMBR.exe
[2012/03/28 21:05:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\brianm\Desktop\dds.scr
[2012/03/28 20:52:25 | 000,000,000 | ---D | C] -- C:\Users\brianm\AppData\Roaming\Malwarebytes
[2012/03/28 11:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/03/28 11:30:53 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/03/26 13:41:12 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\brianm\Desktop\TDSSKiller.exe
[2012/03/26 00:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/25 21:33:39 | 000,000,000 | ---D | C] -- C:\Users\brianm\AppData\Local\Google
[2012/03/25 21:33:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/03/25 21:33:36 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/25 21:33:33 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/24 13:44:58 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/03/13 17:28:00 | 000,000,000 | ---D | C] -- C:\Users\brianm\AppData\Local\Windows Live
[2012/03/12 13:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012/03/12 13:39:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/03/12 13:18:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Dell
[2012/03/12 13:15:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Dell
[2012/03/10 20:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2012/03/10 20:53:01 | 000,000,000 | ---D | C] -- C:\Users\brianm\AppData\Roaming\PCDr
[2012/03/10 15:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QCM20QDriver
[2012/03/10 14:41:52 | 000,000,000 | ---D | C] -- C:\Users\brianm\Documents\Dell WebCam Central
[2012/03/10 14:39:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2012/03/10 14:00:12 | 000,000,000 | ---D | C] -- C:\Users\brianm\AppData\Local\Powercinema
[2012/03/10 14:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/03/10 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\brianm\AppData\Roaming\CyberLink
[2012/03/06 09:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/06 09:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/03/28 23:49:13 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\brianm\Desktop\OTL.exe
[2012/03/28 23:32:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/28 23:08:05 | 004,448,457 | R--- | M] (Swearware) -- C:\Users\brianm\Desktop\ComboFix.exe
[2012/03/28 23:00:08 | 000,733,948 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/28 23:00:08 | 000,629,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/28 23:00:08 | 000,108,628 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/28 23:00:04 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/28 23:00:04 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/28 22:54:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/28 22:54:47 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/28 22:53:31 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\brianm\Desktop\FixTDSS.exe
[2012/03/28 22:36:31 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\brianm\Desktop\TDSSKiller.exe
[2012/03/28 22:36:25 | 002,048,299 | ---- | M] () -- C:\Users\brianm\Desktop\tdsskiller.zip
[2012/03/28 22:28:37 | 000,000,512 | ---- | M] () -- C:\Users\brianm\Desktop\MBR.dat
[2012/03/28 22:08:33 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\brianm\Desktop\boot_cleaner.exe
[2012/03/28 22:08:14 | 000,044,607 | ---- | M] () -- C:\Users\brianm\Desktop\bootkit_remover.zip
[2012/03/28 22:07:15 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\brianm\Desktop\aswMBR.exe
[2012/03/28 21:41:40 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/03/28 21:05:40 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\brianm\Desktop\dds.scr
[2012/03/28 21:00:41 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/28 20:57:35 | 000,302,592 | ---- | M] () -- C:\Users\brianm\Desktop\el3k621k.exe
[2012/03/28 12:00:26 | 000,001,137 | ---- | M] () -- C:\Users\brianm\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/03/28 11:35:18 | 005,044,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/28 09:56:19 | 000,000,020 | ---- | M] () -- C:\Windows\xõt
[2012/03/27 09:38:23 | 000,007,603 | ---- | M] () -- C:\Users\brianm\AppData\Local\Resmon.ResmonCfg
[2012/03/26 09:24:14 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/26 09:24:07 | 000,748,098 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/26 03:50:05 | 000,014,058 | ---- | M] () -- C:\Users\brianm\Documents\cc_20120326_035000.reg
[2012/03/22 11:15:53 | 000,000,132 | ---- | M] () -- C:\Users\brianm\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/13 17:22:08 | 000,005,120 | ---- | M] () -- C:\Users\brianm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/12 13:54:28 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/03/08 17:33:07 | 004,129,035 | ---- | M] () -- C:\Users\brianm\Desktop\Brian 2012-03-08 13-37-53.tcx
[2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/03/28 23:09:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/28 23:09:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/28 23:09:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/28 23:09:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/28 23:09:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/28 22:36:22 | 002,048,299 | ---- | C] () -- C:\Users\brianm\Desktop\tdsskiller.zip
[2012/03/28 22:28:37 | 000,000,512 | ---- | C] () -- C:\Users\brianm\Desktop\MBR.dat
[2012/03/28 22:08:13 | 000,044,607 | ---- | C] () -- C:\Users\brianm\Desktop\bootkit_remover.zip
[2012/03/28 20:57:18 | 000,302,592 | ---- | C] () -- C:\Users\brianm\Desktop\el3k621k.exe
[2012/03/28 09:56:19 | 000,000,020 | ---- | C] () -- C:\Windows\xõt
[2012/03/26 09:24:14 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/26 09:24:05 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/26 03:50:03 | 000,014,058 | ---- | C] () -- C:\Users\brianm\Documents\cc_20120326_035000.reg
[2012/03/13 17:14:48 | 000,005,120 | ---- | C] () -- C:\Users\brianm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/12 13:39:20 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/03/12 13:39:18 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/08 17:33:07 | 004,129,035 | ---- | C] () -- C:\Users\brianm\Desktop\Brian 2012-03-08 13-37-53.tcx
[2012/02/07 11:24:02 | 000,000,022 | -HS- | C] () -- C:\Users\brianm\AppData\Roaming\Sys2662.Config.Repository.bin
[2012/02/07 10:49:44 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/07 10:49:43 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/01/04 11:44:25 | 000,823,296 | ---- | C] () -- C:\Windows\j3dcore-d3d.dll
[2012/01/04 11:44:25 | 000,163,840 | ---- | C] () -- C:\Windows\j3dcore-ogl.dll
[2012/01/04 11:44:25 | 000,049,152 | ---- | C] () -- C:\Windows\j3dcore-ogl-chk.dll
[2012/01/04 11:44:25 | 000,040,960 | ---- | C] () -- C:\Windows\j3dcore-ogl-cg.dll
[2011/12/14 16:25:46 | 000,000,132 | ---- | C] () -- C:\Users\brianm\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/11/06 22:24:45 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/10/24 13:07:57 | 000,000,322 | ---- | C] () -- C:\Users\brianm\AppData\Local\netApps.info
[2011/09/20 16:36:39 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/09/20 11:12:18 | 000,000,149 | ---- | C] () -- C:\Windows\EWF840.ini
[2011/08/14 18:01:21 | 000,220,252 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/06/23 14:54:32 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/03/30 13:01:49 | 000,748,098 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/29 16:53:51 | 000,007,603 | ---- | C] () -- C:\Users\brianm\AppData\Local\Resmon.ResmonCfg
[2011/03/24 18:08:59 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/03/24 18:08:17 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2010/05/27 16:52:00 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\lspent7c.dll
[2010/05/27 16:52:00 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\lspent7.dll
[2010/05/27 16:50:00 | 000,699,392 | ---- | C] () -- C:\Windows\lspent7y.dll
[2010/05/27 16:50:00 | 000,699,392 | ---- | C] () -- C:\Windows\lspent7x.dll
[2010/05/19 16:37:12 | 000,787,456 | R--- | C] () -- C:\Windows\ICUinstl64.exe
[2010/05/19 16:35:52 | 000,184,320 | R--- | C] () -- C:\Windows\ICUinstl.exe
========== LOP Check ==========
[2011/11/17 15:59:48 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\.chimera
[2011/11/06 22:10:54 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\.poweragent
[2011/11/17 16:15:25 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\Advanced Chemistry Development
[2011/08/06 06:10:33 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\Amazon
[2011/11/30 13:31:43 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/21 16:17:14 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\ChemAxon
[2011/10/24 13:23:19 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\CodonCode Aligner
[2011/12/06 13:15:38 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\com.trainerroad.desktop
[2012/01/13 14:10:11 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\CoreFTP
[2011/10/24 12:48:31 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\DB
[2011/10/27 12:52:08 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\DNA Baser
[2011/11/09 14:15:14 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\Enthought
[2011/12/09 12:47:39 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\Epson
[2011/04/29 14:25:03 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\GARMIN
[2012/01/13 14:12:17 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\IObit
[2011/09/20 12:16:15 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\Leadertech
[2011/10/06 11:55:51 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\MEGA5_5110426
[2011/06/29 09:37:31 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\MySQL
[2011/05/04 11:29:28 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\OverDrive
[2012/03/10 20:53:07 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\PCDr
[2011/03/30 14:31:50 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\Portable PuTTY
[2011/10/20 08:47:00 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\Resource Tuner
[2011/03/30 13:59:33 | 000,000,000 | ---D | M] -- C:\Users\brianm\AppData\Roaming\WirelessManager
[2012/03/12 13:54:28 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/07 10:23:28 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/28 21:00:41 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2012/03/28 23:38:55 | 000,021,551 | ---- | M] () -- C:\ComboFix.txt
[2011/03/22 21:26:40 | 000,004,135 | RH-- | M] () -- C:\dell.sdr
[2011/03/04 22:42:34 | 000,094,500 | ---- | M] () -- C:\DownloadCenter.xml
[2011/03/24 15:42:14 | 000,001,159 | ---- | M] () -- C:\freefallprotection.log
[2012/02/11 11:05:02 | 000,004,542 | ---- | M] () -- C:\genespringGX_install_err.log
[2012/02/11 11:05:02 | 000,000,098 | ---- | M] () -- C:\genespringGX_install_out.log
[2012/03/28 22:54:47 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/28 11:21:54 | 000,002,157 | ---- | M] () -- C:\hotfix.txt
[2011/11/17 13:12:18 | 000,000,319 | ---- | M] () -- C:\io.mc
[2012/03/28 22:54:52 | 4183,994,367 | -HS- | M] () -- C:\pagefile.sys
[2011/02/06 22:19:32 | 000,007,264 | ---- | M] () -- C:\relocation.pl.bat
[2011/11/17 13:08:25 | 000,012,287 | ---- | M] () -- C:\strawberry-merge-module.reloc.txt
[2012/03/28 09:29:29 | 000,137,462 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_28.03.2012_09.26.55_log.txt
[2012/03/28 22:53:45 | 000,137,072 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_28.03.2012_22.36.40_log.txt
< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2011/09/09 11:58:44 | 000,001,638 | -HS- | M] () -- C:\Users\brianm\AppData\Roaming\Microsoft\LastFlashConfig.wfc
< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/08 09:48:57 | 000,000,221 | -HS- | M] () -- C:\Users\brianm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2012/03/28 22:07:15 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\brianm\Desktop\aswMBR.exe
[2012/03/28 22:08:33 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\brianm\Desktop\boot_cleaner.exe
[2012/03/28 23:08:05 | 004,448,457 | R--- | M] (Swearware) -- C:\Users\brianm\Desktop\ComboFix.exe
[2012/03/28 20:57:35 | 000,302,592 | ---- | M] () -- C:\Users\brianm\Desktop\el3k621k.exe
[2012/03/28 22:53:31 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\brianm\Desktop\FixTDSS.exe
[2012/03/28 23:49:13 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\brianm\Desktop\OTL.exe
[2012/03/28 22:36:31 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\brianm\Desktop\TDSSKiller.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\tasks\*.* >
[2012/03/12 13:54:28 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/03/28 22:55:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/02/07 10:23:28 | 000,032,592 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
[2012/03/28 21:00:41 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >