Troj_zac, IE search hijacked, possible rootkit

Do you recognize this file?

O24 - Desktop Components:0 () - file:///C:/DOCUME~1/MATT~1.THO/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

I do not. I tried to find it on my hard drive but couldnt.

Alright, here is the logs!

ComboFix 12-04-18.01 - matt.thomas 04/18/2012 11:13:10.12.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1029 [GMT -4:00]
Running from: c:\documents and settings\matt.thomas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\matt.thomas\Desktop\CFScript.txt
AV: Trend Micro Client-Server Security Agent AntiVirus *Enabled/Updated* {61CB6683-51E0-4335-991A-E86068BDD4B5}
FW: Trend Micro Client-Server Security Agent Firewall *Enabled* {61CB6683-51E0-4335-991A-E86068BDD4B5}
.
file zipped: c:\documents and settings\matt.thomas\Application Data\668F75
file zipped: c:\documents and settings\matt.thomas\Application Data\datafile
file zipped: c:\documents and settings\matt.thomas\Application Data\mcs.rma
file zipped: c:\windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\matt.thomas\Application Data\668F75
c:\documents and settings\matt.thomas\Application Data\datafile
c:\documents and settings\matt.thomas\Application Data\mcs.rma
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-15 14:21 . 2012-04-15 14:21 -------- d-----w- C:\_OTL
2012-04-10 12:47 . 2012-04-10 12:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-06 03:48 . 2012-04-09 17:43 102400 ----a-w- c:\windows\RegBootClean.exe
2012-04-05 00:38 . 2012-04-05 00:38 -------- d-----w- c:\program files\Common Files\Skype
2012-03-31 12:11 . 2012-04-14 17:47 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 11:55 . 2012-03-31 11:55 -------- d-----w- C:\b90779d6e7bb1c16de8c
2012-03-31 11:55 . 2012-03-31 11:55 -------- d-----w- C:\06f8874658948246fc0a81a1039476
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 17:47 . 2011-06-10 03:07 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 03:45 . 2008-11-26 23:32 11264 ----a-w- c:\windows\DCEBoot.exe
2012-04-04 19:56 . 2011-01-06 18:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2004-08-11 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-11 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-11 23:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2004-08-11 23:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-13_20.15.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-18 15:25 . 2012-04-18 15:25 16384 c:\windows\temp\Perflib_Perfdata_2b4.dat
+ 2012-04-18 15:25 . 2007-03-29 12:10 214712 c:\windows\temp\AX5874.EXE
+ 2012-04-14 17:47 . 2012-04-14 17:47 353440 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_Plugin.exe
+ 2012-04-14 16:47 . 2012-04-14 16:47 353440 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
+ 2012-04-14 16:47 . 2012-04-14 16:47 424608 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.dll
+ 2012-03-31 12:11 . 2012-04-14 17:47 253088 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-18 14:06 . 2012-04-18 14:06 814080 c:\windows\Installer\96ffdac.msi
+ 2012-04-14 17:47 . 2012-04-14 17:47 8797344 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\41058a53-5c39-4601-a9be-4e1e6a0cab89.exe" [2009-07-22 1830128]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-03-29 394952]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2011-08-30 46520]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2011-08-30 738776]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2005-01-06 212992]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\Nuance\OmniPageSE4\OpwareSE4.exe" [2007-06-27 79136]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-21 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bloggie Watcher Utility.lnk - c:\program files\Sony\Bloggie Software\BGVolumeWatcher.exe [2010-11-3 746856]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-6-10 1466200]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASSEH.DLL" [2011-12-10 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 11:35 548352 ----a-w- c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-09-26 22:15 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Retriever.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Retriever.lnk
backup=c:\windows\pss\Image Retriever.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^SmartScan.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\SmartScan.lnk
backup=c:\windows\pss\SmartScan.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-08-30 17:24 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]
2011-08-30 22:56 46520 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-03-16 09:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 20:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2007-01-30 21:32 102400 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJTWAIN Setup]
2004-09-01 15:45 126976 ----a-w- c:\windows\twain_32\Fjscan32\FjtwSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 15:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-08-03 20:09 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-01-22 17:53 212992 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-19 05:26 303104 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
2010-09-11 21:18 32960 ----a-w- c:\program files\Starfield\starfieldupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\matt.thomas\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 NEOFLTR_630_14121;Juniper Networks TDI Filter Driver (NEOFLTR_630_14121);c:\windows\system32\drivers\NEOFLTR_630_14121.sys [3/26/2009 11:02 PM 64480]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASDIFSV.SYS [11/17/2008 4:11 PM 12880]
R2 !SASCORE;SAS Core Service;c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE [12/7/2010 4:33 PM 116608]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
R2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 1:47 PM 1310960]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/12/2011 3:03 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 4:09 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2011 2:26 PM 654408]
R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [8/14/2009 11:44 AM 31232]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\tmxpflt.sys [9/17/2007 2:40 PM 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [9/17/2007 2:40 PM 36368]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 7:00 PM 5120]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\WebDrive\wdfsd.sys [4/28/2006 4:23 AM 165888]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2011 2:26 PM 22344]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\matt.thomas\Desktop\SASKUTIL.sys --> c:\documents and settings\matt.thomas\Desktop\SASKUTIL.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 8:11 AM 253088]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\MATT~1.THO\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\MATT~1.THO\LOCALS~1\Temp\CFcatchme.sys [?]
S3 SASENUM;SASENUM;\??\c:\documents and settings\matt.thomas\Desktop\SASENUM.SYS --> c:\documents and settings\matt.thomas\Desktop\SASENUM.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NECUsb3s REG_MULTI_SZ NEC Usb3
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:47]
.
2012-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-03-27 c:\windows\Tasks\HP DArC Task 2003-08-20 09:23ewlett-Packard-6002003-08-20 18:57Y3A733072K3.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 18:57]
.
2012-04-17 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2009-03-27 21:23]
.
2012-04-17 c:\windows\Tasks\User_Feed_Synchronization-{AEF3A359-68A8-427C-8F9A-70E8242AF0B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\biolsp.dll
Trusted Zone: listen.com\www
TCP: DhcpNameServer = 208.98.64.26
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxConsole.cab
FF - ProfilePath - c:\documents and settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home|http://email14.secureserver.net/webmail.php|https://teambeachbody.com/home?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-18 11:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1296)
c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\wdnp32.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\wdUIResDll.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(1356)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(2084)
c:\windows\system32\WININET.dll
c:\program files\Nuance\OmniPageSE4\OpHookSE4.dll
c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\wdnp32.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\wdUIResDll.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\StacSV.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\WebDrive\wdService.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\TEMP\AX5874.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-04-18 11:40:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-18 15:39
ComboFix2.txt 2012-04-14 16:07
ComboFix3.txt 2012-04-13 20:47
ComboFix4.txt 2012-04-11 11:51
ComboFix5.txt 2012-04-18 15:10
.
Pre-Run: 6,721,273,856 bytes free
Post-Run: 6,842,773,504 bytes free
.
- - End Of File - - 72A5A824949660BCB8CC62665EA9F7F4
Upload was successful




OTL logfile created on: 4/17/2012 5:24:34 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\matt.thomas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 30.49% Memory free
3.84 Gb Paging File | 1.83 Gb Available in Paging File | 47.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 6.35 Gb Free Space | 8.53% Space Free | Partition Type: NTFS

Computer Name: MDS0083 | User Name: matt.thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/15 10:18:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\matt.thomas\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/10 14:50:15 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE
PRC - [2011/09/26 18:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/08/30 13:24:59 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2010/07/16 13:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files\Starfield\offSyncService.exe
PRC - [2009/08/14 11:44:40 | 000,031,232 | ---- | M] () -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
PRC - [2009/07/22 12:21:25 | 001,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\41058a53-5c39-4601-a9be-4e1e6a0cab89.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/08 19:04:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/08/06 13:41:06 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/08/03 16:09:34 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/06/27 11:58:44 | 000,079,136 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\OmniPageSE4\OpWareSE4.exe
PRC - [2007/05/14 16:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/03/29 08:10:06 | 000,394,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2007/03/29 08:10:02 | 000,214,712 | ---- | M] () -- C:\WINDOWS\temp\YEF909.EXE
PRC - [2007/03/29 08:09:38 | 000,603,856 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2007/03/29 08:09:36 | 000,685,776 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2007/03/29 08:03:16 | 000,282,704 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
PRC - [2007/02/19 01:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2007/02/01 11:21:22 | 001,466,368 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/29 06:07:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/01/25 04:34:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/02 16:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/09/08 02:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2006/09/08 02:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2006/05/23 10:55:50 | 002,281,472 | ---- | M] (South River Technologies, LLC) -- C:\Program Files\WebDrive\wdService.exe
PRC - [2005/01/06 04:16:24 | 000,212,992 | ---- | M] (PFU LIMITED) -- C:\WINDOWS\twain_32\Fjscan32\SOP\FtLnSOP.exe
PRC - [2003/11/12 05:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/08/25 16:41:30 | 001,421,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2003/08/20 17:15:48 | 000,483,328 | R--- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/05/14 08:45:04 | 000,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/03 11:39:28 | 001,310,752 | ---- | M] () -- C:\Program Files\WOT\WOT.dll
MOD - [2011/08/30 14:25:44 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\ViewerPS.dll
MOD - [2010/03/12 17:21:59 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/14 11:44:40 | 000,031,232 | ---- | M] () -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/03/29 08:10:02 | 000,214,712 | ---- | M] () -- C:\WINDOWS\temp\YEF909.EXE
MOD - [2007/03/29 08:09:20 | 000,108,232 | ---- | M] () -- C:\Program Files\Trend Micro\Client Server Security Agent\WerAgent.dll
MOD - [2007/03/16 05:10:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/08/18 15:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2002/07/04 10:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/14 13:47:24 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/10 14:50:15 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/26 18:15:42 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011/09/26 18:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/07/16 13:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] -- C:\Program Files\Starfield\offSyncService.exe -- (File Backup)
SRV - [2009/08/14 11:44:40 | 000,031,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/08 19:04:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/05/14 16:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/03/29 08:09:38 | 000,603,856 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan)
SRV - [2007/03/29 08:09:36 | 000,685,776 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
SRV - [2007/03/29 08:03:16 | 000,282,704 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe -- (OfcPfwSvc)
SRV - [2007/02/19 01:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/02/01 11:21:22 | 001,466,368 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/29 23:59:58 | 000,487,424 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2006/05/23 10:55:50 | 002,281,472 | ---- | M] (South River Technologies, LLC) [Auto | Running] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV - [2003/11/12 05:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/08/25 16:41:30 | 001,421,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2003/05/14 08:45:04 | 000,065,795 | R--- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\matt.thomas\Desktop\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\matt.thomas\Desktop\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/10 14:50:08 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/09/26 18:16:14 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/12/04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmxpflt.sys -- (TmFilter)
DRV - [2009/12/04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2009/12/04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\VsapiNT.sys -- (VSApiNt)
DRV - [2009/03/26 23:02:00 | 000,064,480 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_630_14121.sys -- (NEOFLTR_630_14121) Juniper Networks TDI Filter Driver (NEOFLTR_630_14121)
DRV - [2008/10/20 11:52:54 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/02/28 15:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/11/20 18:35:48 | 000,049,792 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/03/22 10:54:58 | 001,844,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TM_CFW.sys -- (TM_CFW)
DRV - [2007/03/16 05:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/03/13 01:26:06 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/19 01:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/17 08:00:42 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/01/31 20:19:04 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/01/31 20:19:02 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/01/31 20:19:02 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/01/30 19:37:18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/12/19 16:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 14:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/08/28 17:00:44 | 000,019,968 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/04/28 04:23:32 | 000,165,888 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/04/06 19:46:50 | 000,034,240 | R--- | M] (ADS) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adsexpb.sys -- (ADSEXPB)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/09/20 09:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/08/25 16:40:44 | 000,268,360 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003/05/01 13:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2003/03/03 14:08:56 | 000,176,896 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2002/12/26 10:22:38 | 000,040,448 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/08/26 17:09:42 | 000,138,916 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/?ref=home|http://email14.secureserver.net/webmail.php|https://teambeachbody.com/home?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.10.0.9560
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2008/10/22 15:29:15 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\matt.thomas\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\matt.thomas\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@sony.com/Some: C:\Program Files\Sony\Bloggie Software\npsome.dll (Sony)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/13 16:09:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/27 15:36:33 | 000,000,000 | ---D | M]

[2010/09/10 17:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Extensions
[2010/09/10 17:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/04/06 00:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\extensions
[2009/09/04 20:27:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/29 01:17:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/26 20:34:24 | 000,000,000 | ---D | M] (OldFactory Black) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\extensions\{69D30031-F4A8-452a-A5B3-5D6787C3C5CF}
[2012/04/11 07:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/19 00:10:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/11 00:00:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010/09/11 17:19:08 | 000,000,000 | ---D | M] (WBE Paste) -- C:\DOCUMENTS AND SETTINGS\MATT.THOMAS\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\WBEPASTE@STARFIELD
[2010/09/11 17:19:09 | 000,000,000 | ---D | M] (Starfield Zoom) -- C:\DOCUMENTS AND SETTINGS\MATT.THOMAS\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\ZOOMEXT@STARFIELD
[2009/08/01 18:46:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/04/14 11:56:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acrobat Speed Launch] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [FtLnSOP_setup] C:\WINDOWS\twain_32\Fjscan32\SOP\FtLnSOP.exe (PFU LIMITED)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\Nuance\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010..\Run: [SUPERAntiSpyware] C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\41058a53-5c39-4601-a9be-4e1e6a0cab89.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk = C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O15 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..Trusted Domains: listen.com ([www] http in Trusted sites)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://10.2.2.12:4343/officescan/console/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} https://asp21.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (CentraUpdaterAxCtl Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://10.2.2.12:4343/officescan/console/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://10.2.2.12:4343/officescan/console/ClientInstall/RemoveCtrl.cab (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} https://10.2.2.12:4343/SMB/console/html/root/AtxEnc.cab (Encrypt Class)
O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} https://10.2.2.12:4343/SMB/console/html/root/AtxConsole.cab (Security Server Management Console)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://michiganheart.webex.com/client/T27L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73FA15BD-EB5C-43E6-9329-76F2C740173D}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL) - C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/MATT~1.THO/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/08 21:03:58 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk - C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Retriever.lnk - C:\Program Files\Nuance\PaperPort\xdcla.exe - (Nuance Communications, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk - C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Dropbox.lnk - C:\Documents and Settings\matt.thomas\Application Data\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^SmartScan.lnk - - File not found
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Acrobat Speed Launch - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= - File not found
MsConfig - StartUpReg: Dell QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
MsConfig - StartUpReg: Document Manager - hkey= - key= - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
MsConfig - StartUpReg: FJTWAIN Setup - hkey= - key= - C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe (FUJITSU LIMITED)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogMeIn GUI - hkey= - key= - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
MsConfig - StartUpReg: SecureUpgrade - hkey= - key= - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
MsConfig - StartUpReg: Starfield Updater - hkey= - key= - C:\Program Files\Starfield\StarfieldUpdate.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/15 10:21:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/15 10:18:32 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\matt.thomas\Desktop\OTL.exe
[2012/04/14 15:47:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/14 11:53:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/13 16:24:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/10 13:09:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/10 13:09:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/10 13:09:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/10 13:08:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/10 13:07:02 | 004,455,337 | R--- | C] (Swearware) -- C:\Documents and Settings\matt.thomas\Desktop\ComboFix.exe
[2012/04/10 08:47:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/06 13:39:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\matt.thomas\Desktop\aswMBR.exe
[2012/04/06 00:14:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\matt.thomas\Recent
[2012/04/04 20:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/04/04 20:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/31 08:11:40 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/31 07:55:57 | 000,000,000 | ---D | C] -- C:\b90779d6e7bb1c16de8c
[2012/03/31 07:55:23 | 000,000,000 | ---D | C] -- C:\06f8874658948246fc0a81a1039476

========== Files - Modified Within 30 Days ==========

[2012/04/17 17:34:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AEF3A359-68A8-427C-8F9A-70E8242AF0B4}.job
[2012/04/17 16:40:25 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\Microsoft Office Outlook 2007.lnk
[2012/04/17 15:56:04 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2012/04/17 14:28:50 | 000,001,892 | -H-- | M] () -- C:\Documents and Settings\matt.thomas\My Documents\Default.rdp
[2012/04/17 13:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/17 13:26:11 | 001,386,054 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\ATT07217.bmp
[2012/04/16 20:20:03 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2012/04/16 14:08:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/16 14:07:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/16 14:07:00 | 2136,965,120 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/15 19:52:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/15 10:19:38 | 000,879,714 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\SecurityCheck.exe
[2012/04/15 10:18:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\matt.thomas\Desktop\OTL.exe
[2012/04/14 13:47:24 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/14 13:47:24 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/14 11:56:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/13 11:28:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\MBR.dat
[2012/04/12 10:07:49 | 000,515,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 10:07:49 | 000,098,830 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 10:00:14 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/11 20:34:19 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/10 13:06:58 | 004,455,337 | R--- | M] (Swearware) -- C:\Documents and Settings\matt.thomas\Desktop\ComboFix.exe
[2012/04/10 08:51:54 | 000,115,686 | ---- | M] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/04/10 08:51:54 | 000,000,198 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/04/09 13:43:45 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2012/04/07 23:45:54 | 000,011,264 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2012/04/06 15:08:51 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\matt.thomas\Desktop\aswMBR.exe
[2012/04/05 23:48:38 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Qr
[2012/04/05 23:48:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Q
[2012/04/05 19:32:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5
[2012/04/05 19:21:36 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5r
[2012/04/05 19:21:35 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/03 23:13:30 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\datafile
[2012/04/01 20:40:21 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\mcs.rma
[2012/04/01 20:40:21 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\668F75
[2012/03/30 13:15:05 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\Adobe Acrobat 8 Standard.lnk
[2012/03/27 19:57:06 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7600#MY3A733072K3.job
[2012/03/27 19:44:10 | 000,052,218 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\1332889100329.jpg
[2012/03/21 18:13:38 | 000,046,249 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\John nationals.jpg
[2012/03/21 17:26:47 | 000,044,458 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\Dad nationals1.jpg
[2012/03/21 17:26:07 | 000,046,512 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\Dad nationals.jpg
[2012/03/18 23:43:19 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/04/17 13:29:30 | 001,386,054 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\ATT07217.bmp
[2012/04/16 14:18:52 | 000,000,328 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2012/04/15 10:19:39 | 000,879,714 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\SecurityCheck.exe
[2012/04/13 11:28:28 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\MBR.dat
[2012/04/11 20:34:18 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/10 13:09:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/10 13:09:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/10 13:09:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/10 13:09:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/10 13:09:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/10 08:51:54 | 000,000,198 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/04/10 08:48:26 | 2136,965,120 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/09 23:07:30 | 000,115,686 | ---- | C] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/04/05 23:48:38 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Qr
[2012/04/05 23:48:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Q
[2012/04/05 23:48:24 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/04/05 19:21:36 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5r
[2012/04/05 19:21:35 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/05 19:21:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5
[2012/04/03 23:12:32 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\matt.thomas\Application Data\datafile
[2012/03/31 08:11:41 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/27 19:44:51 | 000,052,218 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\1332889100329.jpg
[2012/03/21 18:14:14 | 000,046,249 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\John nationals.jpg
[2012/03/21 17:27:02 | 000,044,458 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\Dad nationals1.jpg
[2012/03/21 17:26:31 | 000,046,512 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\Dad nationals.jpg
[2012/02/15 10:43:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/05 19:51:38 | 001,101,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." >
[2010/08/12 10:31:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2079403$
[2010/08/12 10:32:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2115168$
[2010/09/16 07:49:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2121546$
[2010/09/16 07:43:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2141007$
[2010/09/29 14:33:11 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2158563$
[2010/08/12 10:21:21 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2160329$
[2010/07/15 09:51:10 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2229593$
[2010/09/16 07:50:21 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2259922$
[2010/10/14 11:51:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2279986$
[2010/08/04 10:20:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2286198$
[2010/10/14 11:51:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2296011$
[2010/12/16 12:24:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2296199$
[2010/10/14 11:51:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2345886$
[2010/09/16 07:49:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2347290$
[2010/10/14 11:35:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2360937$
[2010/10/14 11:51:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2378111_WM9$
[2010/10/14 11:52:11 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2387149$
[2011/02/10 12:19:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2393802$
[2011/04/18 10:03:08 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2412687$
[2011/01/12 16:17:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2419632$
[2010/12/16 12:13:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2423089$
[2010/12/16 12:22:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2436673$
[2010/12/16 12:22:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2440591$
[2010/12/16 12:24:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2443105$
[2010/12/16 12:22:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2443685$
[2010/12/16 12:17:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2447961_WM9L$
[2010/12/16 12:21:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2467659$
[2011/06/17 20:38:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2476490$
[2011/02/10 12:22:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2476687$
[2011/02/10 12:19:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2478960$
[2011/02/10 12:27:43 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2478971$
[2011/02/10 12:27:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2479628$
[2011/03/10 09:49:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2479943$
[2011/03/10 09:45:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2481109$
[2011/02/10 12:26:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2483185$
[2011/02/10 12:27:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2485376$
[2011/04/18 10:06:20 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2485663$
[2011/04/18 10:07:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2491683$
[2011/04/18 09:58:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2503658$
[2011/06/17 20:38:46 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2503665$
[2011/04/18 09:53:46 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2506212$
[2011/04/18 10:06:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2506223$
[2011/04/18 09:56:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2507618$
[2011/07/14 10:56:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2507938$
[2011/04/18 09:59:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2508272$
[2011/04/18 09:56:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2508429$
[2011/04/18 09:47:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2509553$
[2011/04/18 09:56:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2511455$
[2011/03/25 16:54:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2524375$
[2011/06/17 20:38:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2535512$
[2011/06/17 20:37:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2536276$
[2011/08/11 08:56:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2536276-v2$
[2011/06/30 11:44:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2541763$
[2011/06/17 20:36:33 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2544893$
[2011/11/10 09:54:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2544893-v2$
[2011/07/14 10:48:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2555917$
[2011/08/11 08:50:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2562937$
[2011/10/13 11:23:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2564958$
[2011/08/11 08:50:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2566454$
[2011/10/13 11:12:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2567053$
[2011/08/11 08:57:43 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2567680$
[2011/08/11 08:56:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2570222$
[2011/08/25 09:14:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2570791$
[2011/09/15 09:47:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2570947$
[2012/01/12 09:41:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2584146$
[2012/01/13 12:07:19 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2585542$
[2011/10/13 11:12:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2592799$
[2012/01/12 09:45:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2598479$
[2012/01/12 09:42:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2603381$
[2011/09/08 09:42:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2607712$
[2011/09/15 09:54:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2616676$
[2011/12/16 10:52:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2618451$
[2011/12/16 10:52:43 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2619339$
[2011/12/16 10:50:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2620712$
[2012/03/15 07:59:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2621440$
[2011/12/16 11:00:03 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2624667$
[2012/01/12 09:51:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2631813$
[2011/12/16 10:50:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2633171$
[2011/12/16 10:52:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2633952$
[2011/12/16 11:00:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2639417$
[2012/03/15 08:04:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2641653$
[2011/11/12 23:51:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2641690$
[2012/01/12 09:51:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2646524$
[2012/03/15 07:59:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2647518$
[2012/04/12 09:59:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2653956$
[2012/02/16 09:27:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2660465$
[2012/02/16 09:24:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2661637$
[2007/12/08 18:40:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB835221WXP$
[2008/02/05 12:47:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB885836$
[2008/02/05 12:36:46 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB886185$
[2008/02/05 12:37:02 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB888302$
[2008/02/05 12:35:20 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB890859$
[2008/02/05 12:46:54 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB893756$
[2008/02/05 12:35:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB894391$
[2008/02/05 12:35:58 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB896428$
[2008/01/31 11:41:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB898461$
[2008/02/05 12:47:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB899587$
[2008/02/05 12:46:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB900485$
[2008/02/05 12:36:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB900725$
[2008/02/05 12:47:11 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB901017$
[2008/02/05 12:39:01 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB902400$
[2008/09/21 19:27:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB904942$
[2008/02/05 12:37:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB905414$
[2008/02/05 12:36:10 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB905749$
[2008/05/18 10:03:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB909394$
[2008/02/05 12:39:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB910437$
[2008/02/05 12:46:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB911280$
[2008/02/05 12:47:21 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB911927$
[2008/02/05 12:36:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB913580$
[2008/02/05 12:35:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB914389$
[2008/09/21 19:27:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB914440$
[2010/04/09 11:26:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB915800-v4$
[2008/09/21 19:29:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB915865$
[2008/02/05 12:36:41 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB916595$
[2008/02/05 12:37:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB920872$
[2008/02/05 12:37:21 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB922582$
[2008/02/05 12:47:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB922819$
[2009/09/03 19:32:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB923561$
[2009/06/29 15:08:21 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB923561_0$
[2008/02/05 12:47:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB923723$
[2008/05/22 09:34:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB926239$
[2008/02/05 12:47:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB927779$
[2008/02/05 12:46:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB927891$
[2008/05/22 09:38:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB929399$
[2008/02/05 12:36:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB930916$
[2007/12/08 18:39:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB931784$
[2008/09/23 06:51:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB932823-v3$
[2008/02/05 12:47:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB933729$
[2008/02/05 12:46:20 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB936357$
[2008/08/05 08:52:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB936782_WMP11$
[2008/02/05 12:47:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB937894$
[2009/09/03 19:32:33 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB938464$
[2009/09/04 08:39:04 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB938464-v2$
[2008/09/11 09:09:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB938464_0$
[2008/08/05 08:52:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB939683$
[2010/04/09 11:26:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB940157$
[2008/02/05 12:37:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941202$
[2008/02/05 12:37:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941568$
[2008/02/05 12:37:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941569$
[2008/02/05 12:46:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941644$
[2008/04/11 04:26:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941693$
[2011/11/29 15:08:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB942288-v3$
[2008/02/05 12:36:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB942615$
[2008/02/05 12:37:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB942763$
[2008/02/05 12:47:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB942840$
[2008/02/13 10:30:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB943055$
[2008/02/05 12:47:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB943460$
[2008/02/05 12:36:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB943485$
[2008/04/11 04:25:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB944338$
[2008/02/13 10:30:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB944533$
[2008/02/05 12:35:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB944653$
[2008/04/11 04:25:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB945553$
[2008/02/13 10:31:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB946026$
[2009/09/03 19:32:41 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB946648$
[2008/08/14 08:53:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB946648_0$
[2008/04/11 04:27:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB947864$
[2008/04/11 04:26:47 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB948590$
[2008/04/11 04:28:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB948881$
[2008/05/15 07:34:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950749$
[2008/06/12 09:01:41 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950759$
[2008/06/12 09:01:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950760$
[2009/09/03 19:32:51 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950762$
[2008/06/12 09:01:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950762_0$
[2009/09/03 19:32:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950974$
[2008/08/14 08:52:47 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950974_0$
[2009/09/03 19:33:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951066$
[2008/08/14 08:51:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951066_0$
[2008/08/14 08:51:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951072-v2$
[2009/09/03 19:33:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951376$
[2009/09/03 19:33:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951376-v2$
[2008/06/20 15:23:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951376-v2_0$
[2008/06/12 09:01:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951376_0$
[2009/09/03 19:33:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951698$
[2008/06/12 09:02:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951698_0$
[2009/09/03 19:33:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951748$
[2008/07/09 16:25:41 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951748_0$
[2009/09/04 08:45:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951978$
[2009/09/03 19:33:46 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952004$
[2009/06/29 15:12:58 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952004_0$
[2009/04/13 10:44:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952069_WM9$
[2009/09/03 19:33:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952287$
[2008/08/14 08:51:41 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952287_0$
[2009/09/03 19:34:03 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952954$
[2008/08/14 08:53:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952954_0$
[2008/08/14 08:51:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB953838$
[2008/08/14 08:53:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB953839$
[2008/09/11 09:08:20 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954154_WM11$
[2011/12/11 01:21:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954155_WM9$
[2008/11/09 10:50:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954156_WM9L$
[2009/09/03 19:34:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954211$
[2008/10/16 09:51:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954211_0$
[2009/09/04 08:44:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954459$
[2009/09/03 19:34:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954600$
[2009/01/28 18:00:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954600_0$
[2009/09/03 19:34:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB955069$
[2008/11/13 11:11:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB955069_0$
[2010/01/14 07:49:20 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB955759$
[2009/01/28 18:01:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB955839$
[2008/10/16 09:52:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956391$
[2009/09/03 19:34:43 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956572$
[2009/06/29 15:13:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956572_0$
[2009/09/04 08:44:33 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956744$
[2009/09/03 19:34:58 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956802$
[2009/01/28 18:00:03 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956802_0$
[2009/09/03 19:35:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956803$
[2008/10/16 09:52:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956803_0$
[2009/09/03 19:35:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956841$
[2008/10/16 09:50:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956841_0$
[2012/04/06 14:58:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956844$
[2009/09/03 19:35:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB957095$
[2008/10/16 09:52:09 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB957095_0$
[2009/09/03 19:35:30 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB957097$
[2008/11/13 11:11:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB957097_0$
[2009/09/03 17:37:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958470$
[2009/09/03 19:35:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958644$
[2008/10/25 15:02:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958644_0$
[2009/09/03 19:35:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958687$
[2009/04/13 10:43:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958687_0$
[2009/09/03 19:35:54 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958690$
[2009/04/13 10:37:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958690_0$
[2009/10/16 11:47:03 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958869$
[2009/09/03 19:36:02 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB959426$
[2009/06/29 15:16:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB959426_0$
[2009/04/13 10:36:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB959772_WM11$
[2009/09/03 19:36:10 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960225$
[2009/04/13 10:44:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960225_0$
[2009/04/13 10:43:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960715$
[2009/09/03 19:36:20 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960803$
[2009/06/29 15:09:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960803_0$
[2009/09/03 19:36:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960859$
[2009/09/03 18:51:54 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960859_0$
[2009/09/04 08:44:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961118$
[2009/09/03 19:36:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961371-v2$
[2009/09/03 18:51:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961371-v2_0$
[2009/09/03 19:36:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961373$
[2009/06/29 15:15:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961373_0$
[2009/09/03 19:36:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961501$
[2009/06/29 15:13:08 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961501_0$
[2010/10/06 09:35:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961503$
[2010/04/11 14:39:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB963093$
[2009/09/03 19:37:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB967715$
[2009/04/13 10:37:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB967715_0$
[2009/09/03 19:37:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB968389$
[2009/09/03 17:36:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB968389_0$
[2009/09/03 19:37:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB968537$
[2009/06/29 15:09:08 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB968537_0$
[2009/09/10 08:47:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB968816_WM9$
[2009/10/16 11:43:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB969059$
[2009/06/29 15:12:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB969898$
[2009/11/13 11:06:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB969947$
[2009/09/03 19:37:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB970238$
[2009/06/29 15:09:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB970238_0$
[2009/12/11 12:19:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB970430$
[2009/09/03 17:36:30 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB970653-v3$
[2011/02/24 11:38:04 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971029$
[2009/09/03 17:36:43 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971032$
[2010/02/11 10:17:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971468$
[2009/10/16 11:38:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971486$
[2009/09/03 19:37:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971557$
[2009/09/03 18:49:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971557_0$
[2009/09/03 19:37:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971633$
[2009/09/03 18:34:54 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971633_0$
[2009/09/03 19:37:58 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971657$
[2009/09/03 18:50:04 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971657_0$
[2009/12/11 12:15:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971737$
[2010/01/14 07:49:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB972270$
[2009/09/03 18:49:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973346$
[2009/09/03 19:38:08 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973354$
[2009/09/03 17:40:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973354_0$
[2009/09/03 19:38:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973507$
[2009/09/03 18:33:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973507_0$
[2009/10/16 11:38:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973525$
[2009/09/03 18:34:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973540_WM9L$
[2009/11/26 10:44:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973687$
[2009/09/03 19:38:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973815$
[2009/09/03 17:36:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973815_0$
[2009/09/03 19:38:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973869$
[2009/09/03 18:34:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973869_0$
[2009/12/11 12:17:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973904$
[2009/10/16 11:43:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB974112$
[2009/12/11 12:19:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB974318$
[2009/12/11 12:16:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB974392$
[2009/10/16 11:43:09 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB974571$
[2009/10/16 11:43:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975025$
[2009/10/16 11:36:46 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975467$
[2010/09/16 07:50:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975558_WM8$
[2010/02/11 10:14:03 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975560$
[2010/03/12 08:18:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975561$
[2010/06/10 09:57:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975562$
[2010/02/11 10:14:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975713$
[2009/11/26 10:44:41 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB976098-v2$
[2010/02/11 10:11:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB977165$
[2010/04/15 09:36:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB977816$
[2010/02/11 10:12:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB977914$
[2010/02/11 10:14:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978037$
[2010/02/11 10:14:11 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978251$
[2010/02/11 10:17:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978262$
[2010/04/15 09:37:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978338$
[2010/05/13 09:33:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978542$
[2010/04/15 09:36:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978601$
[2010/06/10 10:00:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978695_WM9$
[2010/02/11 10:11:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978706$
[2010/02/24 11:17:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979306$
[2010/04/15 09:34:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979309$
[2010/06/10 09:41:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979332_WM9L$
[2010/06/10 09:58:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979482$
[2010/06/10 10:05:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979559$
[2012/04/06 00:42:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979683$
[2010/10/14 11:49:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979687$
[2010/06/10 10:11:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB980195$
[2010/06/10 10:11:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB980218$
[2010/04/15 09:40:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB980232$
[2010/08/12 10:21:08 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB980436$
[2010/09/16 07:48:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981322$
[2010/05/26 09:48:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981793$
[2010/08/12 10:31:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981852$
[2010/10/14 11:36:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981957$
[2010/08/12 10:14:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981997$
[2010/10/14 11:50:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB982132$
[2010/08/12 10:32:19 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB982214$
[2010/08/12 10:13:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB982665$
[2010/09/16 07:49:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB982802$

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< %SYSTEMDRIVE%\*.exe >
[2008/06/10 09:54:41 | 011,132,416 | ---- | M] () -- C:\vpnclient-win-msi-5.0.03.0530-k9.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NEC Usb3 /s >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NECUsb3s /s >

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/09/03 19:12:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/09/03 19:12:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\cache\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\i386\volsnap.sys
[2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)

< >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\matt.thomas\Desktop\aswMBR.exe:SummaryInformation

< End of report >

Hi Matt!

I'll address that file in a little bit.

Do you recall installing SUPERAntiSpyware? I ask because I'm seeing references to it in your logs, and it looks like it's been saved to a different file location.

It looks like you ran a new OTL scan, rather than the OTL fix.

Please run this OTL fix below:

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  

  :Services
  :Processes
  KILLALLPROCESSES
  :OTL
  O24 - Desktop Components:0 () - file:///C:/DOCUME~1/MATT~1.THO/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
  PRC - [2007/03/29 08:10:02 | 000,214,712 | ---- | M] () -- C:\WINDOWS\temp\YEF909.EXE
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
  [2011/12/11 00:00:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
  File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
  File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
  File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
  File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
  File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
  File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
  O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
  [2012/04/05 23:48:38 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Qr
  [2012/04/05 23:48:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Q
  [2012/04/05 19:32:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5
  [2012/04/05 19:21:36 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5r
  [2012/04/05 19:21:35 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
  [2012/04/03 23:13:30 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\datafile
  [2012/04/01 20:40:21 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\mcs.rma
  [2012/04/01 20:40:21 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\668F75
  [2012/04/05 23:48:38 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Qr
  [2012/04/05 23:48:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Q
  [2012/04/05 19:21:36 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5r
  [2012/04/05 19:21:35 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
  [2012/04/05 19:21:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5
  [2012/04/03 23:12:32 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\matt.thomas\Application Data\datafile
  :Files
  c:\windows\temp\AX5874.EXE
  :Commands
  [EMPTYTEMP]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



VirSCAN Suspicious File Upload
I need to get more information on a file... please perform the following:

Note: Internet Explorer should be used... for best results.

• Please go to VirSCAN.org... a free on-line file scanning service.
• Copy / paste the complete path and file name (below) into the "Suspicious files to scan" box... at the top of the page.
  
  c:\windows\Installer\96ffdac.msi
  
  
• Click on the Upload button. Once the file is uploaded, the scanning process will begin.
• Once the Scan completes... (scroll down) click on the "Copy to Clipboard" button.
• Open Notepad... then paste (Ctrl &V) the contents of the Clipboard into the open Notepad window.
• Save the Notepad file as "VirScan.txt"... save it to your desktop.
• Paste the contents of the VirScan.txt file, in your next reply.

Do you recall installing SUPERAntiSpyware? I ask because I'm seeing references to it in your logs, and it looks like it's been saved to a different file location.

It looks like you ran a new OTL scan, rather than the OTL fix.

I installed SUPERAntiSpyware a long time ago but rarely ever use it. Other than moving the shortcut off the desktop, I have not messed with it.

Yeah, I realize now I ran the scan instead of the fix. Sorry about that. The Fix is below.

One more thing, I copied the path and filename you listed and, when I went to the Virscan website, it would not let me right click and paste, nor could I Ctrl-V it in there either. So, it gave me the option to BROWSE and select the file but the folder named "Intsaller" was not there. I did a search in My Computer for that file name and it did not find it. Any ideas?


All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File file:///C:/DOCUME~1/MATT~1.THO/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg not found.
No active process named YEF909.EXE was found!
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 removed from extensions.enabledItems
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Qr not found.
File C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Q not found.
File C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5 not found.
File C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5r not found.
File C:\Documents and Settings\matt.thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk not found.
File C:\Documents and Settings\matt.thomas\Application Data\datafile not found.
File C:\Documents and Settings\matt.thomas\Application Data\mcs.rma not found.
File C:\Documents and Settings\matt.thomas\Application Data\668F75 not found.
File C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Qr not found.
File C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Q not found.
File C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5r not found.
File C:\Documents and Settings\matt.thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk not found.
File C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5 not found.
File C:\Documents and Settings\matt.thomas\Application Data\datafile not found.
========== FILES ==========
File\Folder c:\windows\temp\AX5874.EXE not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: charlene.oldeck
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: CHARLE~1~OLD

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: matt.thomas
->Temp folder emptied: 534971 bytes
->Temporary Internet Files folder emptied: 20524892 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 218559 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 236036 bytes

Total Files Cleaned = 21.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04192012_123300

Files\Folders moved on Reboot...
C:\Documents and Settings\matt.thomas\Local Settings\Temp\ExchangePerflog_8484fa316e17d908e17e9d2b.dat moved successfully.
File\Folder C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.Word\~WRS{4549264E-9B33-4266-B4EF-34040E6C8834}.tmp not found!
File\Folder C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.Word\~WRS{7BB85CCA-544F-4FAF-A40F-25F2A129ECAC}.tmp not found!
C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.Word\~WRS{8042C005-9D8B-4095-BA93-A3FC4A54531F}.tmp moved successfully.
C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.Word\~WRS{B8443063-AE05-4C42-AA64-4B0F32637558}.tmp moved successfully.
C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.Word\~WRS{B8A9F6D5-4863-49A9-8B00-88F2DAEEA496}.tmp moved successfully.
C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.Word\~WRS{FD76823D-7214-45AE-95D2-737878596300}.tmp moved successfully.
C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.IE5\XMTNMTRI\12[1].htm moved successfully.
C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.IE5\XMTNMTRI\ai[3].htm moved successfully.
C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.IE5\W198CKOP\page__st__30[1].htm moved successfully.
C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.IE5\73CMAVHE\facebook_com[1].txt moved successfully.

Registry entries deleted on Reboot...

"Intsaller"

Sorry. "Installer". I cant freakin spell- haha

Hi Matt!

I installed SUPERAntiSpyware a long time ago but rarely ever use it. Other than moving the shortcut off the desktop, I have not messed with it.

Okay, thanks for that information.

One more thing, I copied the path and filename you listed and, when I went to the Virscan website, it would not let me right click and paste, nor could I Ctrl-V it in there either. So, it gave me the option to BROWSE and select the file but the folder named "Intsaller" was not there. I did a search in My Computer for that file name and it did not find it. Any ideas?

Lets try seeing if changing these settings below allows you to browse to that location using VirScan.

Please Set Your System to Show Hidden Files

• Go to Start -> My Computer (Or click the My Computer icon on your desktop)
• Go to the Tools Menu -> Folder Options.
• Select the "View" tab.
• Where you see , click the radio button.
• Uncheck "Hide extensions for known file types"
• Uncheck "Hide protected operating system files"
• Click Ok.
• Exit/Close My Computer.

Let me know if you're able to browse to that folder and find that file in question.

Please also be sure to let me know what issues your experiencing in your next reply.

~ST.

Hey ST!

I followed the instructions and was able to find the "Installer" folder. However, I did not see the actual file in there. I attached a screenshot to show you what I was seeing. Could it have been deleted in any of the scans we did?

The laptop seems to be running relatively smooth again. Every once in a while it will bog down and for about 10 minutes or so, the available memory useage will be 50%+. Not sure if I remember it doing that before. Do you see other garbage in there that could tie it up like that? I have 5-6 years of heavy usage on the laptop so who knows exactly what is in there.

Thanks!

Matt

Hi Matt!

I followed the instructions and was able to find the "Installer" folder. However, I did not see the actual file in there. I attached a screenshot to show you what I was seeing. Could it have been deleted in any of the scans we did?

When you get to the step where you're looking for the file to upload can you try copy/pasting the name of the file into the window, and try and see if it'll open for you that way?

96ffdac.msi

Do you see other garbage in there that could tie it up like that? I have 5-6 years of heavy usage on the laptop so who knows exactly what is in there.

I do see that you have quite a few programs set to start-up at boot up.

You may want to consider disabling some of these.

See this utility below:

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.


NEXT:


You may also find this information helpful: http://www.bleepingcomputer.com/forums/topic87058.html


Let me know if you're able to locate the file the way mentioned above.

~ST.

Well, I tried to do what you asked and it says that file does not exist. I did a search for that file on my HD and it turned up nothing too. VirSCAN.org wont let me type or paste anything in the "Suspicious Files to Scan:" box at the top. I HAVE to use the browse button. Anything else I can try?

Thanks for the Star Up Lite utility. I'll definitely check that out.

Matt

Hi Matt!

I'm not going to have you worry about that file. If you can't find it, then it's not there anymore, so no need to do anything with that file.

Your logs look good, so I'm going to clean up my tools now.

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  

  :Commands
  [ClearAllRestorePoints]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.

NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

• Reopen on your desktop.
• Click on
• You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Extra Goodies

• It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
  Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
  
• Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
• You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:
  
  
  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates

• Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.
  
  
• FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an addon available for Chrome and Opera.
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
• In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
  Think Prevention.
  PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

Ok, I have done all of the above and things seem good. The last log is copied below. SweetTech, thanks a TON for all your help!!

Matt


========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.39.2 log created on 04252012_122843

Argh.

So, I am pretty sure there is still something infecting my computer. I downloaded Opera and was fiddling around with it. Then I tried to open my Outlook to check email and it loaded but it said "offline". There is no way I can get online. Well, my Trend Micro popped up and said it got the Troj_zac, which is the same thing it was picking up before you and I met. It pops up every 10 minutes or so with the same virus.

I updated and ran a quick scan with Malwarebytes and it found nothing. Outlook was fine yesterday so I know whatever this is is affecting my ability to log in.

Help! and thanks,

Matt

Hi Matt!

Sorry to hear you're still experiencing some issues.

Take a look at this link here: http://davidschrag.com/schlog/303/how-to-get-outlook-out-of-work-offline-mode and see if that gets you out of working in Offline mode.

Does Trend Micro provide you with any details on where the threat is located at? If so, could you please provide me with the location?

Thanks,
ST.

Hey ST,

I was able to capture a screenshot of where TM was/is picking up the virus. TM does not let me print a log, per se, so I had to printscreen it. Attached is the log.

The link did not help my situation with Outlook. I'm almost certain that if we can clean up this virus, it'll start working normally. This issue immediately started when TM picked up the virus.

Anyway, I await your instruction!

Matt

Hi Matt!

Okay, that's interesting, it looks like the infection is back.

Run these scans for me:

Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply





NEXT:


OTL Custom Scan

We need to create a new OTL Report

• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Underneath Extra Registry select the Use Safelist option.
• In the box Cope & Paste the following:
  

  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  "%WinDir%\$NtUninstallKB*$." /30
  C:\Program Files\Common Files\ComObjects\*.* /s
  %systemroot%\*. /mp /s
  %systemroot%\*. /rp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90
  %SYSTEMDRIVE%\*.exe
  /md5start
  volsnap.sys
  atapi.sys
  explorer.exe
  winlogon.exe
  wininit.exe
  afd.sys
  netbt.sys
  tdx.sys
  /md5stop
  

• Push the button.
• One report will open, copy and paste it in a reply here:
• OTL.txt <-- Will be opened

Ok, here are the requested logs!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-26 09:19:37
-----------------------------
09:19:37.062 OS Version: Windows 5.1.2600 Service Pack 3
09:19:37.062 Number of processors: 2 586 0xF0D
09:19:37.062 ComputerName: MDS0083 UserName:
09:19:38.265 Initialize success
09:33:51.000 AVAST engine defs: 12042600
09:57:33.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
09:57:33.734 Disk 0 Vendor: TOSHIBA_MK8037GSX DL240D Size: 76319MB BusType: 3
09:57:33.765 Disk 0 MBR read successfully
09:57:33.765 Disk 0 MBR scan
09:57:33.812 Disk 0 Windows XP default MBR code
09:57:33.812 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
09:57:33.828 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76230 MB offset 176715
09:57:33.828 Disk 0 scanning sectors +156296385
09:57:33.921 Disk 0 scanning C:\WINDOWS\system32\drivers
09:57:50.328 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot-D [Rtk]
09:58:03.218 Disk 0 trace - called modules:
09:58:03.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a2aefd0]<<
09:58:03.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac55ab8]
09:58:03.250 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a9ad950]
09:58:03.250 \Driver\00000942[0x8a9ada78] -> IRP_MJ_CREATE -> 0x8a2aefd0
09:58:04.078 AVAST engine scan C:\WINDOWS
09:58:42.000 AVAST engine scan C:\WINDOWS\system32
10:04:44.203 AVAST engine scan C:\WINDOWS\system32\drivers
10:05:00.156 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot-D [Rtk]
10:05:19.203 AVAST engine scan C:\Documents and Settings\matt.thomas
10:45:18.593 AVAST engine scan C:\Documents and Settings\All Users
10:49:39.468 Scan finished successfully
10:53:43.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\matt.thomas\Desktop\MBR.dat"
10:53:43.875 The log file has been saved successfully to "C:\Documents and Settings\matt.thomas\Desktop\aswMBR.txt"




OTL logfile created on: 4/26/2012 10:57:46 AM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\matt.thomas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.09% Memory free
3.84 Gb Paging File | 2.98 Gb Available in Paging File | 77.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 6.07 Gb Free Space | 8.16% Space Free | Partition Type: NTFS

Computer Name: MDS0083 | User Name: matt.thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/26 09:03:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\matt.thomas\Desktop\OTL.exe
PRC - [2012/04/25 12:46:12 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/10 14:50:15 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE
PRC - [2011/09/26 18:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/08/30 13:24:59 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2010/07/16 13:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files\Starfield\offSyncService.exe
PRC - [2009/08/14 11:44:40 | 000,031,232 | ---- | M] () -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/08 19:04:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/08/06 13:41:06 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/08/03 16:09:34 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/06/27 11:58:44 | 000,079,136 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\OmniPageSE4\OpWareSE4.exe
PRC - [2007/05/14 16:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/03/29 08:10:06 | 000,394,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2007/03/29 08:10:02 | 000,214,712 | ---- | M] () -- C:\WINDOWS\temp\AT901E.EXE
PRC - [2007/03/29 08:09:38 | 000,603,856 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2007/03/29 08:09:36 | 000,685,776 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2007/03/29 08:03:16 | 000,282,704 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
PRC - [2007/02/19 01:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2007/02/01 11:21:22 | 001,466,368 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/29 06:07:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/01/25 04:34:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/02 16:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/09/08 02:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2006/09/08 02:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2006/05/23 10:55:50 | 002,281,472 | ---- | M] (South River Technologies, LLC) -- C:\Program Files\WebDrive\wdService.exe
PRC - [2005/01/06 04:16:24 | 000,212,992 | ---- | M] (PFU LIMITED) -- C:\WINDOWS\twain_32\Fjscan32\SOP\FtLnSOP.exe
PRC - [2003/11/12 05:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/08/25 16:41:30 | 001,421,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2003/08/20 17:15:48 | 000,483,328 | R--- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/07/25 10:14:02 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2003/05/14 08:45:04 | 000,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/25 12:46:20 | 000,276,480 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2012/04/25 12:46:20 | 000,078,336 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2012/04/25 12:46:20 | 000,064,000 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2012/04/25 12:46:20 | 000,046,592 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2012/04/25 12:46:20 | 000,045,568 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2012/04/25 12:46:19 | 000,783,360 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll
MOD - [2012/04/25 12:46:19 | 000,316,928 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2012/04/25 12:46:19 | 000,168,448 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2012/04/25 12:46:19 | 000,099,840 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2012/04/25 12:46:19 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2012/04/25 12:46:19 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2012/04/25 12:46:19 | 000,076,800 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2012/04/25 12:46:19 | 000,068,608 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/14 11:44:40 | 000,031,232 | ---- | M] () -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/03/29 08:10:02 | 000,214,712 | ---- | M] () -- C:\WINDOWS\temp\AT901E.EXE
MOD - [2007/03/29 08:09:20 | 000,108,232 | ---- | M] () -- C:\Program Files\Trend Micro\Client Server Security Agent\WerAgent.dll
MOD - [2007/03/16 05:10:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/08/18 15:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2002/07/04 10:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/14 13:47:24 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/10 14:50:15 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/26 18:15:42 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011/09/26 18:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/07/16 13:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] -- C:\Program Files\Starfield\offSyncService.exe -- (File Backup)
SRV - [2009/08/14 11:44:40 | 000,031,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/08 19:04:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/05/14 16:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/03/29 08:09:38 | 000,603,856 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan)
SRV - [2007/03/29 08:09:36 | 000,685,776 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
SRV - [2007/03/29 08:03:16 | 000,282,704 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe -- (OfcPfwSvc)
SRV - [2007/02/19 01:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/02/01 11:21:22 | 001,466,368 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/29 23:59:58 | 000,487,424 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2006/05/23 10:55:50 | 002,281,472 | ---- | M] (South River Technologies, LLC) [Auto | Running] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV - [2003/11/12 05:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/08/25 16:41:30 | 001,421,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2003/05/14 08:45:04 | 000,065,795 | R--- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\matt.thomas\Desktop\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\matt.thomas\Desktop\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MATT~1.THO\LOCALS~1\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\MATT~1.THO\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/10 14:50:08 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/09/26 18:16:14 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/07/15 09:29:31 | 000,456,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/12/04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmxpflt.sys -- (TmFilter)
DRV - [2009/12/04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2009/12/04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\VsapiNT.sys -- (VSApiNt)
DRV - [2009/03/26 23:02:00 | 000,064,480 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_630_14121.sys -- (NEOFLTR_630_14121) Juniper Networks TDI Filter Driver (NEOFLTR_630_14121)
DRV - [2008/10/20 11:52:54 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/02/28 15:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/11/20 18:35:48 | 000,049,792 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/03/22 10:54:58 | 001,844,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TM_CFW.sys -- (TM_CFW)
DRV - [2007/03/16 05:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/03/13 01:26:06 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/19 01:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/17 08:00:42 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/01/31 20:19:04 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/01/31 20:19:02 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/01/31 20:19:02 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/01/30 19:37:18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/12/19 16:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 14:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/08/28 17:00:44 | 000,019,968 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/04/28 04:23:32 | 000,165,888 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/04/06 19:46:50 | 000,034,240 | R--- | M] (ADS) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adsexpb.sys -- (ADSEXPB)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/09/20 09:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/08/25 16:40:44 | 000,268,360 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003/05/01 13:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2003/03/03 14:08:56 | 000,176,896 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2002/12/26 10:22:38 | 000,040,448 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/08/26 17:09:42 | 000,138,916 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.10.0.9560
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2008/10/22 15:29:15 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\matt.thomas\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\matt.thomas\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@sony.com/Some: C:\Program Files\Sony\Bloggie Software\npsome.dll (Sony)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/13 16:09:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/23 14:23:53 | 000,000,000 | ---D | M]

[2010/09/10 17:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Extensions
[2010/09/10 17:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/04/06 00:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\extensions
[2009/09/04 20:27:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/29 01:17:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/26 20:34:24 | 000,000,000 | ---D | M] (OldFactory Black) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\extensions\{69D30031-F4A8-452a-A5B3-5D6787C3C5CF}
[2012/04/19 14:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/19 00:10:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/09/11 17:19:08 | 000,000,000 | ---D | M] (WBE Paste) -- C:\DOCUMENTS AND SETTINGS\MATT.THOMAS\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\WBEPASTE@STARFIELD
[2010/09/11 17:19:09 | 000,000,000 | ---D | M] (Starfield Zoom) -- C:\DOCUMENTS AND SETTINGS\MATT.THOMAS\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\ZOOMEXT@STARFIELD
[2009/08/01 18:46:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acrobat Speed Launch] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [FtLnSOP_setup] C:\WINDOWS\twain_32\Fjscan32\SOP\FtLnSOP.exe (PFU LIMITED)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\Nuance\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010..\Run: [SUPERAntiSpyware] C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\41058a53-5c39-4601-a9be-4e1e6a0cab89.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [DCERegBootClean] C:\WINDOWS\RegBootClean.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk = C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..Trusted Domains: listen.com ([www] http in Trusted sites)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://10.2.2.12:4343/officescan/console/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} https://asp21.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (CentraUpdaterAxCtl Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://10.2.2.12:4343/officescan/console/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://10.2.2.12:4343/officescan/console/ClientInstall/RemoveCtrl.cab (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} https://10.2.2.12:4343/SMB/console/html/root/AtxEnc.cab (Encrypt Class)
O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} https://10.2.2.12:4343/SMB/console/html/root/AtxConsole.cab (Security Server Management Console)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://michiganheart.webex.com/client/T27L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.98.64.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73FA15BD-EB5C-43E6-9329-76F2C740173D}: DhcpNameServer = 208.98.64.26
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL) - C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/08 21:03:58 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk - C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Retriever.lnk - C:\Program Files\Nuance\PaperPort\xdcla.exe - (Nuance Communications, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk - C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Dropbox.lnk - C:\Documents and Settings\matt.thomas\Application Data\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^SmartScan.lnk - - File not found
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Acrobat Speed Launch - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= - File not found
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Dell QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
MsConfig - StartUpReg: Document Manager - hkey= - key= - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
MsConfig - StartUpReg: FJTWAIN Setup - hkey= - key= - C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe (FUJITSU LIMITED)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: HP Component Manager - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
MsConfig - StartUpReg: IgfxTray - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogMeIn GUI - hkey= - key= - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: Persistence - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
MsConfig - StartUpReg: SecureUpgrade - hkey= - key= - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
MsConfig - StartUpReg: Starfield Updater - hkey= - key= - C:\Program Files\Starfield\StarfieldUpdate.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/26 09:02:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\matt.thomas\Desktop\OTL.exe
[2012/04/26 09:01:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\matt.thomas\Desktop\aswMBR.exe
[2012/04/25 12:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\matt.thomas\Local Settings\Application Data\Opera
[2012/04/25 12:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\matt.thomas\Application Data\Opera
[2012/04/25 12:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/04/23 12:13:16 | 000,000,000 | ---D | C] -- C:\c0df694f82541752e8
[2012/04/18 22:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/18 17:07:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/18 11:23:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/10 08:47:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/06 00:14:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\matt.thomas\Recent
[2012/04/04 20:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/04/04 20:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/31 08:11:40 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/31 07:55:57 | 000,000,000 | ---D | C] -- C:\b90779d6e7bb1c16de8c
[2012/03/31 07:55:23 | 000,000,000 | ---D | C] -- C:\06f8874658948246fc0a81a1039476

========== Files - Modified Within 30 Days ==========

[2012/04/26 10:55:59 | 000,006,234 | ---- | M] () -- C:\WINDOWS\RegBootClean.CFG
[2012/04/26 10:55:58 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2012/04/26 10:53:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\MBR.dat
[2012/04/26 10:47:13 | 000,001,896 | -H-- | M] () -- C:\Documents and Settings\matt.thomas\My Documents\Default.rdp
[2012/04/26 10:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/26 09:03:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\matt.thomas\Desktop\OTL.exe
[2012/04/26 09:03:01 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\matt.thomas\Desktop\aswMBR.exe
[2012/04/26 08:22:50 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\Microsoft Office Outlook 2007.lnk
[2012/04/26 08:21:57 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2012/04/26 08:09:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/26 08:06:01 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/26 08:05:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/26 08:05:43 | 2136,965,120 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/25 22:07:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/25 19:56:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2012/04/25 17:01:48 | 000,011,264 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2012/04/25 16:49:49 | 000,319,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/25 16:31:12 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/04/25 13:44:13 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AEF3A359-68A8-427C-8F9A-70E8242AF0B4}.job
[2012/04/25 13:17:41 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\mcs.rma
[2012/04/25 13:17:40 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\668F75
[2012/04/25 12:46:20 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/04/25 12:46:20 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/04/19 14:44:37 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/04/14 13:47:24 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/14 13:47:24 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/12 10:07:49 | 000,515,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 10:07:49 | 000,098,830 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 10:00:14 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/11 20:34:19 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/10 08:51:54 | 000,115,686 | ---- | M] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/04/10 08:51:54 | 000,000,198 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/30 13:15:05 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\Adobe Acrobat 8 Standard.lnk
[2012/03/27 19:57:06 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7600#MY3A733072K3.job

========== Files Created - No Company Name ==========

[2012/04/26 10:53:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\MBR.dat
[2012/04/26 08:21:56 | 000,000,328 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2012/04/26 08:12:13 | 000,006,234 | ---- | C] () -- C:\WINDOWS\RegBootClean.CFG
[2012/04/25 13:07:46 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Application Data\mcs.rma
[2012/04/25 12:46:20 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/04/25 12:46:20 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2012/04/25 12:46:20 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/04/25 10:46:53 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/20 13:37:18 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Application Data\668F75
[2012/04/11 20:34:18 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/10 08:51:54 | 000,000,198 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/04/10 08:48:26 | 2136,965,120 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/09 23:07:30 | 000,115,686 | ---- | C] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/04/05 23:48:24 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/03/31 08:11:41 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/02/15 10:43:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/05 19:51:38 | 001,101,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< %SYSTEMDRIVE%\*.exe >
[2008/06/10 09:54:41 | 011,132,416 | ---- | M] () -- C:\vpnclient-win-msi-5.0.03.0530-k9.exe

< MD5 for: AFD.SYS >
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011/02/16 09:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 11:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 06:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2004/08/04 07:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\i386\afd.sys
[2004/08/04 07:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008/08/14 05:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/10/16 10:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 09:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 06:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2008/06/20 07:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 06:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 09:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/09/03 19:12:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/09/03 19:12:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\cache\explorer.exe

< MD5 for: NETBT.SYS >
[2004/08/04 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\i386\netbt.sys
[2004/08/04 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2004/08/04 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\system32\dllcache\netbt.sys
[2004/08/04 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\system32\drivers\netbt.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys

< MD5 for: VOLSNAP.SYS >
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\i386\volsnap.sys
[2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB15904$] -> Error: Cannot create file handle -> Unknown point type
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >