BleepingComputer.com: Sophos not working and Windows not Updating

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Sophos not working and Windows not Updating Lots of red flags, think I need a deep clean

#1 User is offline   Gryphon410 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 31
  • Joined: 29-December 10

Posted 07 September 2011 - 05:34 AM

Referred from here: http://www.bleepingcomputer.com/forums/topic410694.html ~ OB

My Sophos continues to not update and I get a lot of Windows Updates that fail as well. I also seem to have a lot of services running that I'm not sure they should be (at least not that many). Sometimes Resource Monitor also shows a ton of read/write activity, as does the Network.

I just want to have a warm fuzzy and have Sophos and Windows Update all where they should be, and make sure I don't have programs I shouldn't that are causing me problems.

Also, I tried running Gmer.exe and I could only select "Services", "Registry", "Files" and "ADS". The other options were grayed out. But I will still attach the Gmer log if it will help.

Below is my DDS.txt log.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by dward at 3:53:51 on 2011-09-07
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3892.1979 [GMT -6:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\SASCORE64.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcWmaxSvr.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe
C:\Program Files\Avatron\Air Display\AirDisplay.exe
C:\Program Files (x86)\SUPERAntiSpyware.exe
C:\Program Files (x86)\Macro Express Pro\MacExp.exe
C:\Users\dward\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Macro Express Pro\MEProx64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\CSISCMGR.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 10.0.0.17:80
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ShoreTel Personal Call Manager] C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe
uRun: [AdobeBridge]
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Air Display Support] "C:\Program Files\Avatron\Air Display\AirDisplay.exe"
uRun: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\dward\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\dward\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MACROE~1.LNK - C:\Program Files (x86)\Macro Express Pro\MacExp.exe
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
LSP: C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: careerbuilder.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: download.com
Trusted Zone: freerealms.com
Trusted Zone: mainman.dcs
Trusted Zone: mastercontrol.com
Trusted Zone: miniaturemarket.com
Trusted Zone: openair.com
Trusted Zone: salesforce.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: stewartcoopercoon.com
DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} - hxxp://10.0.0.82/ShoreWareResources/ClientInstall/ShoretelClientInstall.ocx
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{2D5DA643-BFEA-4485-98F9-AF0EF6AD02EA} : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{9BDD7AAE-2865-4F30-9819-017BF9564AA4}\2494F435944554D27455543545 : DhcpNameServer = 204.117.214.10 199.2.252.10
TCP: Interfaces\{9BDD7AAE-2865-4F30-9819-017BF9564AA4}\3556175756E6F6D60274575637470275966496 : DhcpNameServer = 209.242.128.100 209.242.128.101
TCP: Interfaces\{9BDD7AAE-2865-4F30-9819-017BF9564AA4}\8686F6E6F62737 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{9BDD7AAE-2865-4F30-9819-017BF9564AA4}\D4143545542534F4E44525F4C40275946494 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9BDD7AAE-2865-4F30-9819-017BF9564AA4}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll, C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO-X64: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO-X64: WhiteSmoke Toolbar - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
BHO-X64: Password Manager Browser Helper Object - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll, C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\sasdifsv64.sys [2011-7-12 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\saskutil64.sys [2011-7-12 12368]
R1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys --> C:\Windows\system32\DRIVERS\savonaccess.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files (x86)\SASCore64.exe [2011-5-4 128384]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-1-7 116536]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-3-17 408576]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2010-11-19 50536]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-4-23 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-11-19 74088]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-3-1 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-11-19 1616488]
R2 OCS INVENTORY;OCS INVENTORY SERVICE;C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe [2009-4-16 69632]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-8-19 167960]
R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-8-19 99864]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-12 1153368]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]
R2 Sophos Agent;Sophos Agent;C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [2011-8-19 282624]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2011-8-19 232472]
R2 Sophos Message Router;Sophos Message Router;C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [2011-8-19 806912]
R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-8-19 1543192]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-4-23 63928]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-6-17 2533400]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-5-21 539184]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-3-17 911872]
R3 AirDisplay;Air Display Support;C:\Windows\system32\DRIVERS\AVVideoCard.sys --> C:\Windows\system32\DRIVERS\AVVideoCard.sys [?]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;bpmp;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-15 135664]
S3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-6-17 164200]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PCDSRVC{127174DC-C366ED8B-06020000}_0;PCDSRVC{127174DC-C366ED8B-06020000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2010-9-8 24560]
S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-6-17 75112]
S3 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
S3 sdcfilter;sdcfilter;C:\Windows\system32\DRIVERS\sdcfilter.sys --> C:\Windows\system32\DRIVERS\sdcfilter.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-24 366640]
S4 SophosBootDriver;SophosBootDriver;C:\Windows\system32\DRIVERS\SophosBootDriver.sys --> C:\Windows\system32\DRIVERS\SophosBootDriver.sys [?]
.
=============== Created Last 30 ================
.
2011-09-07 03:27:24 -------- d-----w- C:\Users\dward\AppData\Local\{7D805636-2B21-4DAE-93D4-EDF75400DEC3}
2011-09-07 03:27:09 -------- d-----w- C:\Users\dward\AppData\Local\{99D0F410-42C0-409F-9F16-122D2AF509D9}
2011-09-06 15:26:58 -------- d-----w- C:\Users\dward\AppData\Local\{865F9B31-47CD-4C41-8C72-61E29A5E2A93}
2011-09-05 17:36:45 -------- d-----w- C:\Users\dward\AppData\Local\{5BD4CA88-91F0-49C2-85C2-90607F8772CD}
2011-09-05 17:35:29 -------- d-----w- C:\Users\dward\AppData\Local\{40B9040E-141F-474A-BC39-3230D37F03C4}
2011-09-05 02:14:29 -------- d-----w- C:\Users\dward\AppData\Local\{A0A30294-94E5-433A-99AC-8C162FFCA143}
2011-09-05 02:14:18 -------- d-----w- C:\Users\dward\AppData\Local\{694D403E-80A6-467C-926B-6D5BD507C421}
2011-09-04 14:13:47 -------- d-----w- C:\Users\dward\AppData\Local\{B7A13F8C-AF3C-4BE1-A562-23864DCA9CF8}
2011-09-04 14:11:04 -------- d-----w- C:\Users\dward\AppData\Local\{4210387E-DC37-4B70-99D8-46181354AE43}
2011-09-03 20:07:06 -------- d-----w- C:\Users\dward\AppData\Local\{ED1B993B-4AE4-4DA5-937F-8C5AFF4E8AD0}
2011-09-03 20:06:01 -------- d-----w- C:\Users\dward\AppData\Local\{2C8BF42A-02C9-4FE5-9649-AD0C1E81D155}
2011-09-02 15:07:06 -------- d-----w- C:\Users\dward\AppData\Local\{6F6E9E0E-1ADE-4B44-B83D-4B5E85318EA2}
2011-09-02 02:20:38 -------- d-----w- C:\Users\dward\AppData\Local\{E00F658D-5E44-46D1-BFA0-D05937E52B6C}
2011-09-01 14:20:11 -------- d-----w- C:\Users\dward\AppData\Local\{1EA434DF-ECEA-4155-A582-2E396B1C0155}
2011-09-01 14:19:02 -------- d-----w- C:\Users\dward\AppData\Local\{BFDC1B88-21B2-4567-B15A-B36FB17E1159}
2011-09-01 08:10:35 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{146638A4-6C3D-41A1-85CD-D22573AAC9DA}\mpengine.dll
2011-09-01 02:11:28 -------- d-----w- C:\Users\dward\AppData\Local\{FE2AEEA8-F18E-42C6-AE43-BB892F60FC3E}
2011-09-01 02:10:20 -------- d-----w- C:\Users\dward\AppData\Local\{A5BE3044-2185-4ED4-B7F2-096F22AD379B}
2011-08-31 12:58:04 -------- d-----w- C:\Users\dward\AppData\Local\{F1F2B43A-5C25-491F-A0C3-465FA78AD47E}
2011-08-30 22:35:39 -------- d-----w- C:\Users\dward\New folder
2011-08-30 21:06:07 -------- d-----w- C:\Users\dward\AppData\Local\{40A520DE-A725-461E-A2C2-7FAA5AA2AA64}
2011-08-30 21:03:36 -------- d-----w- C:\Users\dward\AppData\Local\{F64C4BAC-2A0D-489A-AC0B-94054FF51A86}
2011-08-30 08:46:58 -------- d-----w- C:\Users\dward\AppData\Local\{1C8755E3-C56D-4856-9AB4-E91BD376DFE3}
2011-08-30 08:45:43 -------- d-----w- C:\Users\dward\AppData\Local\{2C9A8D1B-8090-4ECC-AC2D-E84A35486850}
2011-08-30 07:18:33 -------- d-----w- C:\Users\dward\AppData\Local\{A99566AC-04B0-4C81-97BA-1FDD80CE887E}
2011-08-30 07:18:08 -------- d-----w- C:\Users\dward\AppData\Local\{A45453B0-23E5-467E-9FA1-6563862D97DC}
2011-08-30 00:56:15 -------- d-----w- C:\Users\dward\AppData\Local\{C4538918-87D7-4E03-8ADE-C07FF82F8C82}
2011-08-30 00:56:05 -------- d-----w- C:\Users\dward\AppData\Local\{56EFED7C-7BC3-4BF4-9386-5CDA7729480C}
2011-08-29 12:56:06 -------- d-----w- C:\Users\dward\AppData\Local\{4EC9C8DC-65C8-45BB-9FC4-F2A08B0DA49D}
2011-08-29 00:46:32 -------- d-----w- C:\Users\dward\AppData\Local\{FA753D27-52B5-4366-8D67-F9B17C583FF8}
2011-08-28 12:34:08 -------- d-----w- C:\Users\dward\AppData\Local\{FA7C2B5D-85D0-465F-8BE4-493145F8966F}
2011-08-28 12:32:25 -------- d-----w- C:\Users\dward\AppData\Local\{4E4AA205-DD63-4AD8-A615-A4C991B5C2CC}
2011-08-27 23:29:37 -------- d-----w- C:\Users\dward\AppData\Local\{CF49468F-EE80-4F21-92AA-580060157033}
2011-08-27 23:28:35 -------- d-----w- C:\Users\dward\AppData\Local\{597DE19C-C4A0-4175-A7C2-139C055EA27C}
2011-08-27 11:28:20 -------- d-----w- C:\Users\dward\AppData\Local\{260821BE-F0E3-4DDA-A054-9BD1633C0F61}
2011-08-27 11:28:10 -------- d-----w- C:\Users\dward\AppData\Local\{2CB03331-37D9-43B2-835E-DB0720F7B80E}
2011-08-26 10:45:03 -------- d-----w- C:\Users\dward\AppData\Local\{BEC84439-F7E8-430E-B436-CEB289754785}
2011-08-25 22:44:35 -------- d-----w- C:\Users\dward\AppData\Local\{2A8DF00F-3732-4BC2-92BD-4F8C7378428D}
2011-08-25 22:44:17 -------- d-----w- C:\Users\dward\AppData\Local\{D333DEBC-EB04-4F19-8DD1-0D62C2F9CBFC}
2011-08-24 23:34:25 -------- d-----w- C:\Users\dward\AppData\Local\{279C9726-00FF-4E04-8137-9F659FF51728}
2011-08-24 23:34:14 -------- d-----w- C:\Users\dward\AppData\Local\{EA1A5D1E-AF48-4123-9737-062E77CD7F20}
2011-08-23 04:58:42 -------- d-----w- C:\Users\dward\AppData\Local\{98A35560-BD92-4570-B1A1-AB4C526D9301}
2011-08-23 04:58:26 -------- d-----w- C:\Users\dward\AppData\Local\{81E74E8D-6B2B-4F7B-8640-69A27E5B1889}
2011-08-22 11:11:24 -------- d-----w- C:\Users\dward\AppData\Local\{81653E97-3ABF-4FCA-85C8-50DE1DD78888}
2011-08-21 18:05:20 -------- d-----w- C:\Users\dward\AppData\Local\{481D9F0C-8560-4A2C-9F6E-100CBD598052}
2011-08-20 03:57:45 -------- d-----w- C:\Users\dward\AppData\Local\{FDB9C31D-64D6-4E47-8E6B-82AB3E16511F}
2011-08-19 17:02:28 26104 ----a-w- C:\Windows\System32\drivers\sdcfilter.sys
2011-08-19 17:02:28 144160 ----a-w- C:\Windows\System32\drivers\savonaccess.sys
2011-08-19 17:02:24 183024 ----a-w- C:\Windows\System32\sdccoinstaller.dll
2011-08-19 16:56:42 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-08-19 16:56:41 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-08-19 16:56:41 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-08-19 16:56:41 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-08-19 16:56:41 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-08-19 15:44:54 -------- d-----w- C:\ProgramData\GroupPolicy
2011-08-19 14:04:00 -------- d-----w- C:\Users\dward\AppData\Local\{171A7FED-6088-41A7-B757-2CC5B84F7086}
2011-08-19 14:02:17 -------- d-----w- C:\Users\dward\AppData\Local\{92DBE009-7F73-4529-8B38-37C0FAA59D09}
2011-08-18 16:54:17 -------- d-----w- C:\Users\dward\AppData\Local\{26734443-EC0B-4336-A5A6-EAB72B0001AD}
2011-08-18 03:25:12 -------- d-----w- C:\Users\dward\AppData\Local\{A9706458-E9AA-4D2F-B36C-31FE8074FBBB}
2011-08-18 03:22:45 -------- d-----w- C:\Users\dward\AppData\Local\{9FA8ADA4-D7E6-4520-8217-FF59744F0D0E}
2011-08-17 14:04:45 -------- d-----w- C:\Users\dward\AppData\Local\{EFAD5769-03BA-44DD-A19A-CCA8EDB8673F}
2011-08-17 14:03:34 -------- d-----w- C:\Users\dward\AppData\Local\{49A3DC00-0837-40F8-B176-F4BC89F470B5}
2011-08-17 00:38:28 -------- d-----w- C:\Users\dward\AppData\Local\{745698C7-D05F-48E6-BD08-E83AC57FAB62}
2011-08-17 00:38:10 -------- d-----w- C:\Users\dward\AppData\Local\{E30EBE1F-3A36-4BBD-A9E7-7C85FAFA2FE4}
2011-08-16 05:11:12 -------- d-----w- C:\Users\dward\AppData\Local\{1F399405-A57F-4BE6-B9A9-7CDBEA0949A4}
2011-08-16 05:10:48 -------- d-----w- C:\Users\dward\AppData\Local\{2FEE60E4-A9A9-462B-835E-6FC749A9B136}
2011-08-15 04:16:47 -------- d-----w- C:\Users\dward\AppData\Local\{AE436568-519D-4490-9801-577463AA086B}
2011-08-15 04:16:29 -------- d-----w- C:\Users\dward\AppData\Local\{76A766CD-9E05-435E-9F5F-0B95ECF59E25}
2011-08-12 14:42:11 -------- d-----w- C:\Users\dward\AppData\Local\{A624FC4A-9ED6-4547-ACBB-11D9F3546E15}
2011-08-12 14:41:55 -------- d-----w- C:\Users\dward\AppData\Local\{BFCB3EB1-F2BF-429C-B8FE-08059DC0C8C4}
2011-08-12 02:41:55 -------- d-----w- C:\Users\dward\AppData\Local\{2D63BA94-715E-4CC5-9243-AD89AD42CDC9}
2011-08-11 14:41:22 -------- d-----w- C:\Users\dward\AppData\Local\{D3836DA5-54F8-46CF-8B85-F266B646CE9D}
2011-08-11 14:41:12 -------- d-----w- C:\Users\dward\AppData\Local\{F78BEF7E-4F78-443F-A80B-3937CF305098}
2011-08-10 13:48:42 -------- d-----w- C:\Users\dward\AppData\Local\{51D122D6-3F7F-451E-B850-A2439ABF3DA3}
2011-08-10 13:48:24 -------- d-----w- C:\Users\dward\AppData\Local\{903EEFE1-F03E-4822-B404-90DC0C4AA935}
2011-08-10 01:26:35 -------- d-----w- C:\Windows\en
2011-08-10 01:23:42 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-10 01:16:56 -------- d-----w- C:\Users\dward\AppData\Local\{0AB7ED84-63A9-4225-9758-EAD177F074AC}
2011-08-10 01:16:42 -------- d-----w- C:\Users\dward\AppData\Local\{5B6CCBDB-B391-4884-9945-7C3E516B1FA3}
2011-08-09 19:11:56 -------- d-----w- C:\Users\dward\AppData\Local\{B84F48DE-98F9-4DE5-B769-0EAF89054CB6}
2011-08-09 19:11:47 -------- d-----w- C:\Users\dward\AppData\Local\{91021907-2F98-4D67-87E0-11582B5EA6BD}
2011-08-09 05:37:06 -------- d-----w- C:\Users\dward\AppData\Local\{3BD2E3C0-298D-448E-A384-609227267C85}
2011-08-09 05:36:51 -------- d-----w- C:\Users\dward\AppData\Local\{1A28A744-F079-495D-AA8C-DC9A0F946813}
.
==================== Find3M ====================
.
2011-08-19 17:02:25 37400 ----a-w- C:\Windows\System32\SophosBootTasks.exe
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 21:55:18 14928 ----a-w- C:\Program Files (x86)\sasdifsv64.sys
2011-07-12 21:55:18 12368 ----a-w- C:\Program Files (x86)\saskutil64.sys
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-07 01:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 01:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-30 13:50:13 2988928 ----a-w- C:\Program Files (x86)\SUPERAntiSpyware.exe
2011-06-23 05:29:39 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:38:05 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:38:04 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-20 23:56:33 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-05-04 17:56:26 528768 ----a-w- C:\Program Files (x86)\Uninstall.exe
2011-05-04 17:56:10 27520 ----a-w- C:\Program Files (x86)\SASINST.EXE
2011-05-04 17:55:20 411008 ----a-w- C:\Program Files (x86)\SSUpdate64.exe
2011-05-04 17:55:09 128384 ----a-w- C:\Program Files (x86)\SASCore64.exe
2010-09-13 19:04:24 300544 ----a-w- C:\Program Files (x86)\RUNSAS.EXE
2010-06-29 17:48:34 1401856 ----a-w- C:\Program Files (x86)\deupx2964.dll
2010-01-07 20:12:12 190976 ----a-w- C:\Program Files (x86)\SASCTXMN64.DLL
2004-05-07 22:31:40 348160 ----a-w- C:\Program Files (x86)\msvcr71.dll
.
============= FINISH: 3:54:43.64 ===============

Attached File(s)


This post has been edited by Orange Blossom: 07 September 2011 - 03:06 PM

#2 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,504
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 09 September 2011 - 06:11 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is offline   Gryphon410 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 31
  • Joined: 29-December 10

Posted 11 September 2011 - 01:29 AM

I'm unable to disable Sophos. The administrator account is disabled and I can't login as it. I'm supposed to be in the administrators group but the only thing I have access to in the configuration is the Right Click scanning. So if I try to run Combo-Fix Sophos is blocking it. Not sure what to do to disable it.

#4 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,504
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 11 September 2011 - 01:56 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.


after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is offline   Gryphon410 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 31
  • Joined: 29-December 10

Posted 13 September 2011 - 12:13 PM

Just to let you know, I haven't forgotten, I just haven't had a chance to try this yet with work. I plan on trying this either tonight or tomorrow, but basically ASAP. Thanks for your help!

#6 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,504
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 13 September 2011 - 12:37 PM

no problem


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#7 User is offline   Gryphon410 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 31
  • Joined: 29-December 10

Posted 14 September 2011 - 12:34 AM

Ok, so I ran this in Safe Mode and I got a window showing what was executing in ComboFix with green text but then there was no other window that popped up. I'm still giving it a bit just to see if by some chance something comes up, but it doesn't appear to be doing anything. Nothing appears obvious in task manager either to lead me to think it's running successfully.

#8 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,504
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 14 September 2011 - 09:15 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#9 User is offline   Gryphon410 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 31
  • Joined: 29-December 10

Posted 14 September 2011 - 09:25 AM

Nothing found with TDSS.

When I was suspecting something was up back on like 9/2 or somewhere around there, I started checking files that were recently modified. One of them I found (that I wish I had copied out since I can't find it again) really went into detail about how it was testing password attempts, setting up so that previous System Restore points would be deleted, and went into more detail about how the virus/rootkit/whatever it is will check for files, especially active ones, and then e-mail those to the specified address. I'm summarizing here, but I know I found that somewhere on my computer which has me more convicted I have some sort of Rootkit on my machine. Not sure if that information helps without being able to actually copy and paste the text I had found. It was late at night, and I thought I'd be able to run across it again.

2011/09/14 08:19:39.0898 7588 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/14 08:19:40.0553 7588 ================================================================================
2011/09/14 08:19:40.0553 7588 SystemInfo:
2011/09/14 08:19:40.0553 7588
2011/09/14 08:19:40.0553 7588 OS Version: 6.1.7600 ServicePack: 0.0
2011/09/14 08:19:40.0553 7588 Product type: Workstation
2011/09/14 08:19:40.0553 7588 ComputerName: DWARD
2011/09/14 08:19:40.0553 7588 UserName: dward
2011/09/14 08:19:40.0553 7588 Windows directory: C:\Windows
2011/09/14 08:19:40.0553 7588 System windows directory: C:\Windows
2011/09/14 08:19:40.0553 7588 Running under WOW64
2011/09/14 08:19:40.0553 7588 Processor architecture: Intel x64
2011/09/14 08:19:40.0553 7588 Number of processors: 4
2011/09/14 08:19:40.0553 7588 Page size: 0x1000
2011/09/14 08:19:40.0553 7588 Boot type: Normal boot
2011/09/14 08:19:40.0553 7588 ================================================================================
2011/09/14 08:19:41.0161 7588 Initialize success
2011/09/14 08:19:44.0266 3000 ================================================================================
2011/09/14 08:19:44.0266 3000 Scan started
2011/09/14 08:19:44.0266 3000 Mode: Manual;
2011/09/14 08:19:44.0266 3000 ================================================================================
2011/09/14 08:19:45.0857 3000 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/09/14 08:19:45.0935 3000 5U877 (708ccd77b9363f245d9f9ace480824ca) C:\Windows\system32\DRIVERS\5U877.sys
2011/09/14 08:19:45.0998 3000 ACPI (794ff35015209b9d44f1360c42c9776d) C:\Windows\system32\DRIVERS\ACPI.sys
2011/09/14 08:19:46.0138 3000 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/09/14 08:19:46.0263 3000 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/14 08:19:46.0388 3000 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/14 08:19:46.0450 3000 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/14 08:19:46.0544 3000 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/09/14 08:19:46.0653 3000 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/09/14 08:19:46.0731 3000 AirDisplay (e685ff61decf1a5e47df309bbb962ca4) C:\Windows\system32\DRIVERS\AVVideoCard.sys
2011/09/14 08:19:46.0793 3000 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/09/14 08:19:46.0840 3000 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/09/14 08:19:46.0871 3000 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/14 08:19:46.0965 3000 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/14 08:19:47.0012 3000 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/09/14 08:19:47.0058 3000 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/14 08:19:47.0105 3000 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/09/14 08:19:47.0168 3000 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/09/14 08:19:47.0292 3000 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/14 08:19:47.0355 3000 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/14 08:19:47.0417 3000 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/14 08:19:47.0511 3000 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/09/14 08:19:47.0573 3000 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/14 08:19:47.0714 3000 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/14 08:19:47.0792 3000 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/14 08:19:47.0854 3000 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/14 08:19:47.0994 3000 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/14 08:19:48.0057 3000 bpenum (1fd2d23c6768cd4fe1278db3ecf8231a) C:\Windows\system32\DRIVERS\bpenum.sys
2011/09/14 08:19:48.0104 3000 bpmp (f476ff697dc01079ff515adfa58bbaf2) C:\Windows\system32\DRIVERS\bpmp.sys
2011/09/14 08:19:48.0135 3000 bpusb (cc24cdfcc1b8af73cbc66a8be652f844) C:\Windows\system32\Drivers\bpusb.sys
2011/09/14 08:19:48.0197 3000 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/14 08:19:48.0228 3000 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/14 08:19:48.0260 3000 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/14 08:19:48.0353 3000 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/14 08:19:48.0384 3000 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/14 08:19:48.0416 3000 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/14 08:19:48.0462 3000 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/09/14 08:19:48.0494 3000 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/14 08:19:48.0525 3000 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/14 08:19:48.0587 3000 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/09/14 08:19:48.0681 3000 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/09/14 08:19:48.0821 3000 CAXHWAZL (48360b88c4bf45850653bb7c86888ed4) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
2011/09/14 08:19:48.0899 3000 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/14 08:19:48.0993 3000 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/14 08:19:49.0071 3000 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/14 08:19:49.0118 3000 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/14 08:19:49.0211 3000 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/14 08:19:49.0227 3000 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/09/14 08:19:49.0274 3000 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/09/14 08:19:49.0398 3000 CnxtHdAudService (22bc1c27274d1cb1c3a8c14cdba0cdf2) C:\Windows\system32\drivers\CHDRT64.sys
2011/09/14 08:19:49.0476 3000 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/14 08:19:49.0539 3000 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/09/14 08:19:49.0632 3000 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/14 08:19:49.0695 3000 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/09/14 08:19:49.0804 3000 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
2011/09/14 08:19:49.0882 3000 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
2011/09/14 08:19:49.0929 3000 dc3d (26c9db5fb11aa1c90ca4b7a986cca4f3) C:\Windows\system32\DRIVERS\dc3d.sys
2011/09/14 08:19:50.0007 3000 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/09/14 08:19:50.0038 3000 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/14 08:19:50.0147 3000 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/14 08:19:50.0241 3000 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
2011/09/14 08:19:50.0319 3000 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/14 08:19:50.0537 3000 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/14 08:19:50.0678 3000 DzHDD64 (5bdef3faa1bfd9c9c5d3dc972049f0fa) C:\Windows\system32\DRIVERS\DzHDD64.sys
2011/09/14 08:19:50.0740 3000 e1kexpress (3fac023e44bcae77e62770f8fd476a2a) C:\Windows\system32\DRIVERS\e1k62x64.sys
2011/09/14 08:19:50.0849 3000 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/14 08:19:51.0021 3000 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/09/14 08:19:51.0099 3000 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/14 08:19:51.0146 3000 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/09/14 08:19:51.0255 3000 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/14 08:19:51.0286 3000 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/14 08:19:51.0364 3000 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/14 08:19:51.0411 3000 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/14 08:19:51.0426 3000 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/14 08:19:51.0489 3000 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/14 08:19:51.0520 3000 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/09/14 08:19:51.0645 3000 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/14 08:19:51.0676 3000 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/14 08:19:51.0738 3000 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/14 08:19:51.0785 3000 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/14 08:19:51.0926 3000 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/14 08:19:52.0004 3000 hcmon (fa675389630dcf26cac45ed036a1e146) C:\Windows\system32\drivers\hcmon.sys
2011/09/14 08:19:52.0050 3000 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/14 08:19:52.0160 3000 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/09/14 08:19:52.0253 3000 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/14 08:19:52.0331 3000 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/09/14 08:19:52.0378 3000 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/14 08:19:52.0425 3000 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/14 08:19:52.0472 3000 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/14 08:19:52.0550 3000 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/14 08:19:52.0612 3000 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/09/14 08:19:52.0674 3000 HSF_DPV (f6ac1087a131fbb385400667bea64fbe) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2011/09/14 08:19:52.0752 3000 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/09/14 08:19:52.0846 3000 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/14 08:19:52.0940 3000 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/14 08:19:53.0080 3000 iaStor (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
2011/09/14 08:19:53.0314 3000 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/09/14 08:19:53.0439 3000 IBMPMDRV (3761fab385f1c2f51b2fad48cfabbe9d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
2011/09/14 08:19:53.0688 3000 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/09/14 08:19:54.0094 3000 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/14 08:19:54.0437 3000 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/09/14 08:19:54.0812 3000 IntcDAud (d248aae81c156c0d47a77cd61bc24cd4) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/09/14 08:19:54.0890 3000 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/09/14 08:19:55.0014 3000 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/14 08:19:55.0077 3000 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/14 08:19:55.0124 3000 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/09/14 08:19:55.0217 3000 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/14 08:19:55.0311 3000 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/14 08:19:55.0389 3000 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/09/14 08:19:55.0451 3000 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/14 08:19:55.0560 3000 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/14 08:19:55.0623 3000 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/14 08:19:55.0685 3000 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/14 08:19:55.0748 3000 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/14 08:19:55.0826 3000 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/14 08:19:55.0904 3000 lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys
2011/09/14 08:19:55.0982 3000 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/14 08:19:56.0153 3000 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
2011/09/14 08:19:56.0294 3000 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
2011/09/14 08:19:56.0356 3000 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
2011/09/14 08:19:56.0434 3000 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/14 08:19:56.0465 3000 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/14 08:19:56.0496 3000 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/14 08:19:56.0528 3000 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/14 08:19:56.0590 3000 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/14 08:19:56.0730 3000 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/09/14 08:19:56.0824 3000 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/09/14 08:19:56.0886 3000 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/14 08:19:56.0933 3000 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/14 08:19:56.0980 3000 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/14 08:19:57.0105 3000 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/14 08:19:57.0214 3000 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/14 08:19:57.0261 3000 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/14 08:19:57.0339 3000 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/09/14 08:19:57.0386 3000 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/09/14 08:19:57.0464 3000 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/14 08:19:57.0510 3000 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/14 08:19:57.0557 3000 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/14 08:19:57.0620 3000 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/14 08:19:57.0666 3000 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/14 08:19:57.0744 3000 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/09/14 08:19:57.0776 3000 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/09/14 08:19:57.0869 3000 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/14 08:19:57.0900 3000 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/14 08:19:57.0932 3000 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/09/14 08:19:58.0010 3000 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/14 08:19:58.0072 3000 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/14 08:19:58.0119 3000 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/14 08:19:58.0244 3000 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/09/14 08:19:58.0290 3000 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/14 08:19:58.0337 3000 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/14 08:19:58.0353 3000 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/14 08:19:58.0415 3000 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/14 08:19:58.0509 3000 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/14 08:19:58.0587 3000 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/09/14 08:19:58.0618 3000 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/14 08:19:58.0665 3000 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/14 08:19:58.0727 3000 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/14 08:19:58.0790 3000 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/14 08:19:58.0821 3000 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/09/14 08:19:58.0899 3000 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/14 08:19:58.0930 3000 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/14 08:19:59.0117 3000 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
2011/09/14 08:19:59.0382 3000 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/09/14 08:19:59.0538 3000 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/14 08:19:59.0585 3000 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/14 08:19:59.0679 3000 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/14 08:19:59.0741 3000 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/09/14 08:19:59.0835 3000 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/14 08:20:00.0084 3000 nvlddmkm (6ef8c7a051804570000670800f6174fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/14 08:20:00.0552 3000 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/09/14 08:20:00.0584 3000 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/09/14 08:20:00.0646 3000 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/09/14 08:20:00.0708 3000 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/14 08:20:00.0755 3000 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/14 08:20:00.0802 3000 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/09/14 08:20:00.0911 3000 PCDSRVC{127174DC-C366ED8B-06020000}_0 (acd84d961942e2204a4475f9af356f2e) c:\program files\pc-doctor\pcdsrvc_x64.pkms
2011/09/14 08:20:01.0005 3000 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/09/14 08:20:01.0052 3000 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/09/14 08:20:01.0098 3000 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/14 08:20:01.0130 3000 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/14 08:20:01.0176 3000 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/14 08:20:01.0332 3000 pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys
2011/09/14 08:20:01.0410 3000 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/14 08:20:01.0442 3000 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/14 08:20:01.0520 3000 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
2011/09/14 08:20:01.0644 3000 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/14 08:20:01.0707 3000 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/14 08:20:01.0847 3000 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/14 08:20:01.0925 3000 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/14 08:20:01.0988 3000 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/14 08:20:02.0034 3000 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/14 08:20:02.0097 3000 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/14 08:20:02.0190 3000 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/14 08:20:02.0253 3000 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/14 08:20:02.0346 3000 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/14 08:20:02.0424 3000 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/14 08:20:02.0471 3000 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/14 08:20:02.0549 3000 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/09/14 08:20:02.0612 3000 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/14 08:20:02.0690 3000 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/14 08:20:02.0736 3000 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/09/14 08:20:02.0799 3000 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/09/14 08:20:03.0080 3000 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/14 08:20:03.0142 3000 rimspci (3dca561aaf776aa2e356fb5b142aa5f8) C:\Windows\system32\DRIVERS\rimspe64.sys
2011/09/14 08:20:03.0220 3000 rixdpcie (be42f817597d3049960a54ce280c2493) C:\Windows\system32\DRIVERS\rixdpe64.sys
2011/09/14 08:20:03.0267 3000 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/14 08:20:03.0360 3000 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/09/14 08:20:03.0485 3000 SASDIFSV (b2a29cc6c019fe738c39037c6218444c) C:\Program Files (x86)\SASDIFSV64.SYS
2011/09/14 08:20:03.0563 3000 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files (x86)\SASKUTIL64.SYS
2011/09/14 08:20:03.0750 3000 SAVOnAccess (00b68c5250b99ad72835281855061631) C:\Windows\system32\DRIVERS\savonaccess.sys
2011/09/14 08:20:03.0813 3000 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/09/14 08:20:03.0875 3000 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/14 08:20:03.0938 3000 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
2011/09/14 08:20:04.0000 3000 sdcfilter (7e450d5b46ff8fe82dab822d3b48e3b3) C:\Windows\system32\DRIVERS\sdcfilter.sys
2011/09/14 08:20:04.0203 3000 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/14 08:20:04.0281 3000 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/14 08:20:04.0312 3000 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/14 08:20:04.0390 3000 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/14 08:20:04.0452 3000 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/14 08:20:04.0484 3000 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/09/14 08:20:04.0562 3000 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/14 08:20:04.0671 3000 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/14 08:20:04.0796 3000 Shockprf (29e316de2c0261c30c08f872032c53a2) C:\Windows\system32\DRIVERS\Apsx64.sys
2011/09/14 08:20:04.0889 3000 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/14 08:20:04.0983 3000 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/14 08:20:05.0045 3000 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/14 08:20:05.0139 3000 smihlp (c5b1a19b14f19b08ae72fcb20a3075b6) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
2011/09/14 08:20:05.0310 3000 SophosBootDriver (69fbe35a8165adbc313aa7f64b868ca1) C:\Windows\system32\DRIVERS\SophosBootDriver.sys
2011/09/14 08:20:05.0388 3000 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/14 08:20:05.0560 3000 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
2011/09/14 08:20:05.0685 3000 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/09/14 08:20:05.0732 3000 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/14 08:20:05.0841 3000 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/09/14 08:20:05.0903 3000 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/09/14 08:20:06.0075 3000 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/09/14 08:20:06.0168 3000 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/14 08:20:06.0340 3000 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/14 08:20:06.0402 3000 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/09/14 08:20:06.0465 3000 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/09/14 08:20:06.0512 3000 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/14 08:20:06.0574 3000 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/14 08:20:06.0714 3000 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
2011/09/14 08:20:06.0808 3000 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/14 08:20:06.0855 3000 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/14 08:20:06.0933 3000 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/14 08:20:06.0964 3000 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/14 08:20:06.0995 3000 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/14 08:20:07.0026 3000 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/14 08:20:07.0089 3000 TPDIGIMN (8b359a7f4c715b84c76de3c5167797c5) C:\Windows\system32\DRIVERS\ApsHM64.sys
2011/09/14 08:20:07.0167 3000 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
2011/09/14 08:20:07.0229 3000 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
2011/09/14 08:20:07.0292 3000 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/14 08:20:07.0448 3000 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/14 08:20:07.0479 3000 TurboB (53ff5f00eab07e329abe48ae3de4f5d7) C:\Windows\system32\DRIVERS\TurboB.sys
2011/09/14 08:20:07.0557 3000 TVTI2C (4daae0413cd4e816258838e2fafb3147) C:\Windows\system32\DRIVERS\Tvti2c.sys
2011/09/14 08:20:07.0635 3000 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/14 08:20:07.0666 3000 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/14 08:20:07.0760 3000 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/09/14 08:20:07.0822 3000 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/14 08:20:07.0884 3000 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/14 08:20:07.0994 3000 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/09/14 08:20:08.0072 3000 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/09/14 08:20:08.0118 3000 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/14 08:20:08.0212 3000 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/09/14 08:20:08.0274 3000 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/14 08:20:08.0337 3000 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/14 08:20:08.0399 3000 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/14 08:20:08.0415 3000 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/14 08:20:08.0462 3000 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/14 08:20:08.0524 3000 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/14 08:20:08.0586 3000 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/09/14 08:20:08.0664 3000 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
2011/09/14 08:20:08.0742 3000 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/09/14 08:20:08.0789 3000 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/14 08:20:08.0836 3000 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/14 08:20:08.0883 3000 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/09/14 08:20:08.0914 3000 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/09/14 08:20:08.0992 3000 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/09/14 08:20:09.0039 3000 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/09/14 08:20:09.0070 3000 vmci (0ea38c344b827666d46825999447c903) C:\Windows\system32\drivers\vmci.sys
2011/09/14 08:20:09.0132 3000 vmkbd (6a8811edcdea8415f9d6aba8823780df) C:\Windows\system32\drivers\VMkbd.sys
2011/09/14 08:20:09.0179 3000 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2011/09/14 08:20:09.0242 3000 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2011/09/14 08:20:09.0335 3000 VMnetuserif (bcd99fe3fb5651a2686f6fddc3f7c2d9) C:\Windows\system32\drivers\vmnetuserif.sys
2011/09/14 08:20:09.0382 3000 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\System32\Drivers\vmusb.sys
2011/09/14 08:20:09.0429 3000 vmx86 (5472661ecd7e0e3be213e80449b51c8d) C:\Windows\system32\drivers\vmx86.sys
2011/09/14 08:20:09.0491 3000 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/09/14 08:20:09.0522 3000 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/09/14 08:20:09.0585 3000 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/09/14 08:20:09.0663 3000 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/14 08:20:09.0741 3000 vstor2-ws60 (b57cc2c482b5b1fe66dabaf12266960e) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
2011/09/14 08:20:09.0803 3000 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/09/14 08:20:09.0897 3000 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/09/14 08:20:09.0944 3000 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/14 08:20:09.0990 3000 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/14 08:20:10.0006 3000 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/14 08:20:10.0100 3000 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/14 08:20:10.0131 3000 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/14 08:20:10.0287 3000 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/14 08:20:10.0334 3000 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/14 08:20:10.0396 3000 winachsf (1edbbf412a382550af6eb35f5e46928e) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/09/14 08:20:10.0536 3000 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/09/14 08:20:10.0630 3000 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/14 08:20:10.0692 3000 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/14 08:20:10.0755 3000 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
2011/09/14 08:20:10.0848 3000 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
2011/09/14 08:20:10.0880 3000 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
2011/09/14 08:20:10.0895 3000 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
2011/09/14 08:20:10.0942 3000 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
2011/09/14 08:20:10.0989 3000 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/09/14 08:20:11.0036 3000 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/14 08:20:11.0098 3000 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
2011/09/14 08:20:11.0223 3000 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/09/14 08:20:11.0238 3000 Boot (0x1200) (bdde8efe0bd9ebbddafd8cf4f7443ef9) \Device\Harddisk0\DR0\Partition0
2011/09/14 08:20:11.0238 3000 Boot (0x1200) (3f9a3b8cc158bd9ee14ba77eb018b63c) \Device\Harddisk0\DR0\Partition1
2011/09/14 08:20:11.0254 3000 ================================================================================
2011/09/14 08:20:11.0254 3000 Scan finished
2011/09/14 08:20:11.0254 3000 ================================================================================
2011/09/14 08:20:11.0254 5884 Detected object count: 0
2011/09/14 08:20:11.0254 5884 Actual detected object count: 0

#10 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,504
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 14 September 2011 - 09:34 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

  • Please post the contents of OTListIt.txt in your next reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#11 User is offline   Gryphon410 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 31
  • Joined: 29-December 10

Posted 14 September 2011 - 10:19 PM

Ok, here is the result from OTL, file named OTL.txt (you said OTLListIt.txt but I didn't see one called that - hoping that was a typo?).

OTL logfile created on: 9/14/2011 8:44:26 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\dward\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 40.38% Memory free
7.60 Gb Paging File | 5.15 Gb Available in Paging File | 67.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.56 Gb Total Space | 294.17 Gb Free Space | 63.19% Space Free | Partition Type: NTFS

Computer Name: DWARD | User Name: dward | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\dward\Desktop\LTO.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe (http://www.ocsinventory-ng.org)
PRC - C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Player\zlib1.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Player\libxml2.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (LENOVO.TPKNRSVC) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV:64bit: - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV:64bit: - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel® Corporation)
SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (Sophos Message Router) -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe (Sophos Limited)
SRV - (Sophos Agent) -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Limited)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Program Files (x86)\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (SUService) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (OCS INVENTORY) -- C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe (http://www.ocsinventory-ng.org)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Limited)
DRV:64bit: - (sdcfilter) -- C:\Windows\SysNative\drivers\sdcfilter.sys (Sophos Plc)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (AirDisplay) -- C:\Windows\SysNative\drivers\AVVideoCard.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (PCDSRVC{127174DC-C366ED8B-06020000}_0) -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS ()
DRV:64bit: - (e1kexpress) Intel® -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys ()
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (NETw5s64) Intel® -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (bpmp) -- C:\Windows\SysNative\drivers\bpmp.sys (Intel Corporation)
DRV:64bit: - (bpusb) -- C:\Windows\SysNative\drivers\bpusb.sys (Intel Corporation)
DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (smihlp) SMI Helper Driver (smihlp) -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (SASDIFSV) -- C:\Program Files (x86)\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.0.0.17:80


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ubcd4win.com/forum/"

FF:64bit: - HKLM\Software\MozillaPlugins\@curl.com/Curl.RTE: c:\Program Files (x86)\Curl Corporation\Surge\plugins\np-curl-surge64.dll (Curl, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@curl.com/Curl.RTE.7.0: c:\Program Files (x86)\Curl Corporation\Surge\plugins\np-curl-surge64-7-0.dll (Curl, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@curl.com/Curl.RTE: c:\Program Files (x86)\Curl Corporation\Surge\plugins\np-curl-surge.dll (Curl, Inc.)
FF - HKLM\Software\MozillaPlugins\@curl.com/Curl.RTE.7.0: c:\Program Files (x86)\Curl Corporation\Surge\plugins\np-curl-surge-7-0.dll (Curl, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/21 23:21:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/08 14:26:27 | 000,000,000 | ---D | M]

[2011/04/18 16:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/28 11:24:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/30 09:35:58 | 000,171,832 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/09/10 23:09:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Limited)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..\Toolbar\WebBrowser - No CLSID value found.
O3: - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880..\Run: [Air Display Support] C:\Program Files\Avatron\Air Display\AirDisplay.exe (Avatron Software, Inc)
O4 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880..\Run: [ShoreTel Personal Call Manager] C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe (ShoreTel Inc.)
O4 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\All Users\!SASCORE [2011/07/23 00:20:19 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2011/09/08 05:15:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple [2011/09/08 05:15:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2011/09/08 05:16:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009/07/13 23:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Blizzard Entertainment [2011/04/04 20:20:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009/07/13 23:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2009/07/13 23:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2009/07/13 23:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\FLEXnet [2011/09/08 05:16:01 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\GroupPolicy [2011/08/19 09:44:54 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Insight Software [2010/12/14 21:51:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Insight Software Solutions [2010/12/16 20:13:54 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\InstallShield [2010/06/24 17:27:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\install_clap [2011/05/31 19:38:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Intel [2010/06/17 18:21:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\InterVideo [2011/07/02 20:49:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Intuit [2011/07/12 07:08:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Kaspersky Lab Setup Files [2010/12/28 10:50:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Lenovo [2011/04/04 20:21:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\LogMeIn [2011/09/09 18:04:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Macrovision [2010/06/24 15:29:27 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2011/07/24 11:33:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2011/09/09 18:12:51 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2011/09/02 09:24:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NOS [2011/01/02 01:45:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ntuser.pol ()
O4 - Startup: C:\Users\All Users\NVIDIA [2010/11/19 15:39:27 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NVIDIA Corporation [2010/11/19 15:28:56 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PC-Doctor for Windows [2010/11/19 15:32:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PCDr [2010/11/19 15:40:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PMB Files [2011/03/15 18:18:31 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\RICOH [2011/06/28 09:16:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Rosetta Stone [2011/03/14 13:09:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SecuROM [2010/12/10 13:11:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Skype [2010/12/07 10:05:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Sophos [2011/03/01 21:44:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Sophos Web Intelligence [2011/08/30 01:28:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2011/09/08 05:16:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009/07/13 23:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010/12/28 11:24:34 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SUPERAntiSpyware.com [2011/07/23 00:20:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Temp [2011/05/31 19:35:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009/07/13 23:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\TVersity [2010/12/10 23:52:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ulead Systems [2010/06/17 18:35:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\VMware [2011/09/13 23:51:34 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WebEx [2011/08/30 01:09:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WindSolutions [2011/07/16 19:16:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2010/06/24 16:18:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6} [2011/02/02 11:06:44 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\cspackman\AppData [2011/09/08 05:16:06 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\cspackman\Contacts [2011/09/08 05:16:07 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\cspackman\Desktop [2011/09/08 05:16:07 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\cspackman\Documents [2011/09/08 05:16:07 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\cspackman\Downloads [2011/09/08 05:16:07 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\cspackman\Favorites [2011/09/08 05:16:07 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\cspackman\Links [2011/09/08 05:16:07 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\cspackman\Music [2011/09/08 05:16:07 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\cspackman\ntuser.dat ()
O4 - Startup: C:\Users\cspackman\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\cspackman\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\cspackman\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\cspackman\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\cspackman\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\cspackman\ntuser.ini ()
O4 - Startup: C:\Users\cspackman\Pictures [2011/09/08 05:16:07 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\cspackman\Saved Games [2011/09/08 05:16:07 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\cspackman\Searches [2011/09/08 05:16:07 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\cspackman\Videos [2011/09/08 05:16:07 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Default\AppData [2011/01/10 11:07:27 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{0509cabc-8276-11e0-bf3f-bde5ae9f88c2}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{0509cabc-8276-11e0-bf3f-bde5ae9f88c2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{0509cabc-8276-11e0-bf3f-bde5ae9f88c2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\dward\-Course_Evaluation-2010[1].docx ()
O4 - Startup: C:\Users\dward\.inittool [2011/04/20 15:40:57 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\dward\.maptool [2011/04/20 15:50:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\dward\AppData [2010/06/24 17:09:01 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\dward\Application Data [2010/12/07 12:19:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\dward\Contacts [2010/12/07 12:19:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\dward\Cookies [2010/12/07 12:19:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\dward\defogger_reenable ()
O4 - Startup: C:\Users\dward\Desktop [2011/09/14 20:34:33 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\dward\Documents [2011/09/13 23:11:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\dward\Downloads [2011/09/13 21:43:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\dward\Dropbox [2011/09/13 23:54:11 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\dward\Favorites [2011/08/30 16:39:40 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\dward\Links [2011/09/08 06:00:23 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\dward\Local Settings [2010/12/07 12:19:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\dward\Music [2011/09/08 12:41:45 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\dward\My Documents [2010/12/07 12:19:00 | 000,000,000 | RHSD | M]
O4 - Startup: C:\Users\dward\NetHood [2010/12/07 12:19:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\dward\New folder [2011/09/09 04:37:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\dward\ntuser.dat ()
O4 - Startup: C:\Users\dward\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\dward\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\dward\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\dward\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\dward\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{044784f8-b41a-11e0-a4a5-e705dd4d2cbf}.TM.blf ()
O4 - Startup: C:\Users\dward\ntuser.dat{044784f8-b41a-11e0-a4a5-e705dd4d2cbf}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{044784f8-b41a-11e0-a4a5-e705dd4d2cbf}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{3ab40dbe-b689-11e0-93a2-f0def1240dfd}.TM.blf ()
O4 - Startup: C:\Users\dward\ntuser.dat{3ab40dbe-b689-11e0-93a2-f0def1240dfd}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{3ab40dbe-b689-11e0-93a2-f0def1240dfd}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{4ca35fd9-120e-11e0-9c28-005056c00008}.TM.blf ()
O4 - Startup: C:\Users\dward\ntuser.dat{4ca35fd9-120e-11e0-9c28-005056c00008}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{4ca35fd9-120e-11e0-9c28-005056c00008}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{5634f079-58e8-11e0-861f-8631e6be1b4c}.TM.blf ()
O4 - Startup: C:\Users\dward\ntuser.dat{5634f079-58e8-11e0-861f-8631e6be1b4c}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{5634f079-58e8-11e0-861f-8631e6be1b4c}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{59fecae7-c305-11e0-ba97-f0def1240dfd}.TM.blf ()
O4 - Startup: C:\Users\dward\ntuser.dat{59fecae7-c305-11e0-ba97-f0def1240dfd}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{59fecae7-c305-11e0-ba97-f0def1240dfd}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{79a56f6c-1277-11e0-a3cc-a45a77ecadb3}.TM.blf ()
O4 - Startup: C:\Users\dward\ntuser.dat{79a56f6c-1277-11e0-a3cc-a45a77ecadb3}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{79a56f6c-1277-11e0-a3cc-a45a77ecadb3}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{84382731-13e2-11e0-adf5-005056c00008}.TM.blf ()
O4 - Startup: C:\Users\dward\ntuser.dat{84382731-13e2-11e0-adf5-005056c00008}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{84382731-13e2-11e0-adf5-005056c00008}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{c5a47917-d933-11e0-b693-f0def1240dfd}.TM.blf ()
O4 - Startup: C:\Users\dward\ntuser.dat{c5a47917-d933-11e0-b693-f0def1240dfd}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{c5a47917-d933-11e0-b693-f0def1240dfd}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{d2099440-2290-11e0-9925-e952632e0b07}.TM.blf ()
O4 - Startup: C:\Users\dward\ntuser.dat{d2099440-2290-11e0-9925-e952632e0b07}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.dat{d2099440-2290-11e0-9925-e952632e0b07}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\dward\ntuser.ini ()
O4 - Startup: C:\Users\dward\ntuser.pol ()
O4 - Startup: C:\Users\dward\Pictures [2011/09/08 12:05:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\dward\PrintHood [2010/12/07 12:19:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\dward\Recent [2010/12/07 12:19:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\dward\SAM.LOG1 - Shortcut.lnk = File not found
O4 - Startup: C:\Users\dward\Saved Games [2010/12/30 01:54:47 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\dward\Searches [2011/01/01 23:53:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\dward\SendTo [2010/12/07 12:19:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\dward\Start Menu [2010/12/07 12:19:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\dward\Templates [2010/12/07 12:19:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\dward\Tracing [2011/09/13 23:52:34 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\dward\Videos [2011/07/22 06:56:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\hward\AppData [2011/09/10 22:48:26 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\hward\Application Data [2011/09/10 22:48:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\hward\Contacts [2011/09/10 22:49:01 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\hward\Cookies [2011/09/10 22:48:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\hward\Desktop [2011/09/10 22:49:01 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\hward\Documents [2011/09/10 22:49:34 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\hward\Downloads [2011/09/10 22:49:01 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\hward\Favorites [2011/09/10 22:49:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\hward\Links [2011/09/10 22:49:01 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\hward\Local Settings [2011/09/10 22:48:26 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\hward\Music [2011/09/10 22:49:01 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\hward\NTUSER.DAT ()
O4 - Startup: C:\Users\hward\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\hward\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\hward\NTUSER.DAT{0509cabc-8276-11e0-bf3f-bde5ae9f88c2}.TM.blf ()
O4 - Startup: C:\Users\hward\NTUSER.DAT{0509cabc-8276-11e0-bf3f-bde5ae9f88c2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\hward\NTUSER.DAT{0509cabc-8276-11e0-bf3f-bde5ae9f88c2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\hward\ntuser.ini ()
O4 - Startup: C:\Users\hward\Pictures [2011/09/10 22:49:01 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\hward\Podcasts [2011/09/10 22:49:01 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\hward\Saved Games [2011/09/10 22:49:01 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\hward\Searches [2011/09/10 22:49:01 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\hward\Videos [2011/09/10 22:49:01 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\jdoe\AppData [2011/07/21 17:30:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\jdoe\Application Data [2011/07/21 17:30:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\jdoe\Contacts [2011/07/21 23:21:14 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\jdoe\Cookies [2011/07/21 17:30:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\jdoe\Documents [2011/07/21 22:19:36 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\jdoe\Favorites [2011/07/21 23:21:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\jdoe\Links [2011/07/21 23:21:14 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\jdoe\Local Settings [2011/07/21 17:30:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\jdoe\NTUSER.DAT ()
O4 - Startup: C:\Users\jdoe\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\jdoe\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\jdoe\NTUSER.DAT{0509cabc-8276-11e0-bf3f-bde5ae9f88c2}.TM.blf ()
O4 - Startup: C:\Users\jdoe\NTUSER.DAT{0509cabc-8276-11e0-bf3f-bde5ae9f88c2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\jdoe\NTUSER.DAT{0509cabc-8276-11e0-bf3f-bde5ae9f88c2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\jdoe\Saved Games [2011/09/08 19:39:53 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\jdoe\Searches [2011/07/21 23:21:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\jdoe\Videos [2011/07/21 23:21:14 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\jdoe.DWARD\AppData [2011/09/08 09:33:49 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\jdoe.DWARD\Application Data [2011/09/08 09:33:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\jdoe.DWARD\Contacts [2011/09/08 09:34:04 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\jdoe.DWARD\Cookies [2011/09/08 09:33:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\jdoe.DWARD\Desktop [2011/09/08 09:33:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\jdoe.DWARD\Favorites [2011/09/08 09:34:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\jdoe.DWARD\Local Settings [2011/09/08 09:33:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\jdoe.DWARD\NTUSER.DAT ()
O4 - Startup: C:\Users\jdoe.DWARD\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\jdoe.DWARD\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\jdoe.DWARD\NTUSER.DAT{0509cabc-8276-11e0-bf3f-bde5ae9f88c2}.TM.blf ()
O4 - Startup: C:\Users\jdoe.DWARD\NTUSER.DAT{0509cabc-8276-11e0-bf3f-bde5ae9f88c2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\jdoe.DWARD\NTUSER.DAT{0509cabc-8276-11e0-bf3f-bde5ae9f88c2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\jdoe.DWARD\ntuser.ini ()
O4 - Startup: C:\Users\Mcx1-DWARD\AppData [2011/09/08 05:16:08 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Mcx1-DWARD\Contacts [2011/09/08 05:16:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1-DWARD\Desktop [2011/09/08 05:16:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1-DWARD\Documents [2011/09/08 05:16:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1-DWARD\Downloads [2011/09/08 05:16:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1-DWARD\Favorites [2011/09/08 05:16:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1-DWARD\Links [2011/09/08 05:16:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1-DWARD\Music [2011/09/08 05:16:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1-DWARD\ntuser.dat ()
O4 - Startup: C:\Users\Mcx1-DWARD\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Mcx1-DWARD\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Mcx1-DWARD\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Mcx1-DWARD\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Mcx1-DWARD\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Mcx1-DWARD\ntuser.ini ()
O4 - Startup: C:\Users\Mcx1-DWARD\Pictures [2011/09/08 05:16:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1-DWARD\Saved Games [2011/09/08 05:16:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1-DWARD\Searches [2011/09/08 05:16:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1-DWARD\Videos [2011/09/08 05:16:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\AppData [2011/01/13 02:59:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Desktop [2011/08/30 01:14:16 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2011/09/10 22:48:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Lenovo [2010/12/28 08:53:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Libraries [2011/07/21 23:21:45 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2011/07/21 23:21:45 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2011/07/21 23:21:45 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2010/12/30 01:12:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Sony Online Entertainment [2011/07/21 23:20:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Videos [2011/09/08 05:16:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Support\Desktop [2011/09/08 05:16:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Support\ntuser.dat ()
O4 - Startup: C:\Users\Support\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Support\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Support\ntuser.dat{d20992fc-2290-11e0-9925-e952632e0b07}.TM.blf ()
O4 - Startup: C:\Users\Support\ntuser.dat{d20992fc-2290-11e0-9925-e952632e0b07}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Support\ntuser.dat{d20992fc-2290-11e0-9925-e952632e0b07}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Sysadmin\My Documents [2011/01/26 16:59:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\TEMP\AppData [2011/09/13 23:51:24 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\TEMP\Application Data [2011/09/13 23:51:24 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\TEMP\Cookies [2011/09/13 23:51:24 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\TEMP\Local Settings [2011/09/13 23:51:24 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\TEMP\NTUSER.DAT ()
O4 - Startup: C:\Users\TEMP\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\TEMP\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\TEMP\NTUSER.DAT{0509cabc-8276-11e0-bf3f-bde5ae9f88c2}.TM.blf ()
O4 - Startup: C:\Users\TEMP\NTUSER.DAT{0509cabc-8276-11e0-bf3f-bde5ae9f88c2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\TEMP\NTUSER.DAT{0509cabc-8276-11e0-bf3f-bde5ae9f88c2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\TEMP\ntuser.ini ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-3285435944-2673782006-698548661-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: careerbuilder.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: download.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: mainman.dcs ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: mastercontrol.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: miniaturemarket.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: openair.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: salesforce.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: stewartcoopercoon.com ([]* in Trusted sites)
O16 - DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} http://10.0.0.82/ShoreWareResources/ClientInstall/ShoretelClientInstall.ocx (Shoretel SClientInstall)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mainman.dcs
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BDD7AAE-2865-4F30-9819-017BF9564AA4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Limited)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll) -C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll) -C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/13 23:46:07 | 000,000,000 | ---D | C] -- C:\Anything15183A
[2011/09/13 23:46:07 | 000,000,000 | ---D | C] -- \Anything15183A
[2011/09/13 23:44:00 | 000,000,000 | ---D | C] -- C:\Anything30629A
[2011/09/13 23:44:00 | 000,000,000 | ---D | C] -- \Anything30629A
[2011/09/13 23:36:37 | 000,000,000 | ---D | C] -- C:\Anything28886A
[2011/09/13 23:36:37 | 000,000,000 | ---D | C] -- \Anything28886A
[2011/09/13 23:22:29 | 000,000,000 | ---D | C] -- C:\Anything
[2011/09/13 23:22:29 | 000,000,000 | ---D | C] -- \Anything
[2011/09/13 23:22:01 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/09/13 23:22:01 | 000,000,000 | --SD | C] -- \32788R22FWJFW
[2011/09/10 23:10:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/10 23:10:45 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2011/09/09 18:31:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/09 18:31:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/09 18:31:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/09 18:31:16 | 000,000,000 | ---D | C] -- \ComboFix
[2011/09/02 09:19:38 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/09/02 09:19:38 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/09/02 09:19:37 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/09/02 09:19:37 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/09/02 09:19:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/09/02 09:19:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/09/02 09:19:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/09/02 09:19:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/09/02 09:19:36 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/09/01 17:36:27 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/09/01 17:36:22 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/09/01 17:36:22 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/09/01 17:36:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/09/01 17:36:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/09/01 17:36:22 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/09/01 17:36:22 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/09/01 17:36:22 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/09/01 17:36:22 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/09/01 17:36:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/09/01 17:36:15 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/09/01 17:36:15 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/09/01 17:36:14 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/09/01 17:36:14 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/09/01 17:36:14 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/09/01 17:36:14 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/09/01 17:36:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/09/01 17:36:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/09/01 17:36:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/09/01 17:36:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/09/01 17:36:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/09/01 17:36:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/09/01 17:36:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/09/01 17:36:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/09/01 17:36:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/09/01 17:36:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/09/01 17:36:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/09/01 17:36:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/09/01 17:36:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/09/01 17:36:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/09/01 17:36:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/09/01 17:36:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/09/01 17:36:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/09/01 17:36:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/09/01 17:36:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/09/01 17:36:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/09/01 17:36:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/09/01 17:36:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/09/01 17:36:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/09/01 17:36:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/09/01 17:36:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/09/01 17:36:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/09/01 17:36:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/09/01 17:36:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/09/01 17:36:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/09/01 17:36:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/09/01 17:36:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/09/01 17:36:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/09/01 17:36:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/09/01 17:36:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/09/01 17:36:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/09/01 17:36:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/09/01 17:36:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/09/01 17:36:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll[2011/09/01 17:36:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/09/01 17:36:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/09/01 17:36:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/09/01 17:36:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/09/01 17:36:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/09/01 17:36:09 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/09/01 17:36:08 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/09/01 17:36:08 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/30 16:35:39 | 000,000,000 | ---D | C] -- C:\Users\dward\New folder
[2011/08/19 11:02:28 | 000,144,160 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2011/08/19 11:02:28 | 000,026,104 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\sdcfilter.sys
[2011/08/19 11:02:24 | 000,183,024 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll
[2011/08/19 10:56:41 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/08/19 10:56:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/08/19 09:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\GroupPolicy
[2011/07/12 15:55:18 | 000,014,928 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\sasdifsv64.sys
[2011/07/12 15:55:18 | 000,012,368 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\saskutil64.sys
[2011/06/30 07:50:13 | 002,988,928 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware.exe
[2011/05/04 11:55:20 | 000,411,008 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SSUpdate64.exe
[2011/05/04 11:55:09 | 000,128,384 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SASCore64.exe
[2010/06/29 11:48:34 | 001,401,856 | ---- | C] (SuperAntiSpyware.com) -- C:\Program Files (x86)\deupx2964.dll
[2010/01/07 14:12:12 | 000,190,976 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SASCTXMN64.DLL
[2004/05/07 16:31:40 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr71.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/14 20:45:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/09/14 20:20:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/14 19:59:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/14 16:46:51 | 000,734,468 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/14 16:46:51 | 000,629,766 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/14 16:46:51 | 000,108,576 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/13 23:59:52 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/13 23:59:52 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/13 23:52:18 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/13 23:50:51 | 3060,531,200 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/10 23:09:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/07 03:25:00 | 000,000,188 | ---- | M] () -- C:\Users\dward\defogger_reenable
[2011/08/28 07:22:11 | 000,001,234 | ---- | M] () -- C:\Users\dward\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/08/19 11:02:28 | 000,144,160 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2011/08/19 11:02:28 | 000,026,104 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\drivers\sdcfilter.sys
[2011/08/19 11:02:25 | 000,037,400 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe
[2011/08/19 11:02:24 | 000,183,024 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll
[2011/08/19 09:44:48 | 000,001,798 | RHS- | M] () -- C:\Users\dward\ntuser.pol
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/09 18:32:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/09 18:32:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/09 18:31:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/09 18:31:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/09 18:31:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/07 03:25:00 | 000,000,188 | ---- | C] () -- C:\Users\dward\defogger_reenable
[2011/08/28 07:22:11 | 000,001,234 | ---- | C] () -- C:\Users\dward\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/07/23 00:20:22 | 000,027,648 | ---- | C] () -- C:\Program Files (x86)\Uninstall.dat
[2011/07/22 11:19:07 | 001,403,723 | ---- | C] () -- C:\Program Files (x86)\PROCESSLISTRELATED.DB
[2011/07/22 11:18:34 | 054,671,816 | ---- | C] () -- C:\Program Files (x86)\PROCESSLIST.DB
[2011/07/12 07:08:34 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/05/04 11:56:10 | 000,027,520 | ---- | C] () -- C:\Program Files (x86)\SASINST.EXE
[2011/03/30 17:41:32 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011/02/13 22:17:21 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2011/02/13 22:17:21 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2011/02/13 22:17:21 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\diit7x7.dll
[2011/02/13 22:17:21 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\awrmncx.dll
[2011/02/13 22:17:21 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
[2011/02/13 22:17:21 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\qmtn7ft.dll
[2011/02/13 22:17:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth2.dll
[2011/02/13 22:17:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth1.dll
[2011/02/13 22:17:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nsprs.dll
[2011/02/13 22:17:20 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2011/02/13 22:17:20 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2011/02/13 22:17:20 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2011/02/13 22:17:17 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\jm1ixs2.dll
[2011/02/10 21:40:36 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/01/17 15:56:13 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/12/10 10:30:48 | 000,156,072 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/12/07 10:12:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/07 09:36:21 | 000,030,884 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/11/20 06:56:46 | 3060,531,200 | -HS- | C] () -- \hiberfil.sys
[2010/09/13 13:04:24 | 000,300,544 | ---- | C] () -- C:\Program Files (x86)\RUNSAS.EXE
[2010/08/25 20:34:30 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/08/25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/06/24 15:45:17 | 000,001,024 | ---- | C] () -- \.rnd
[2010/06/24 15:45:12 | 000,751,686 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/17 18:15:51 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/06/17 18:15:51 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009/08/26 16:31:50 | 000,644,096 | ---- | C] () -- \tvtpwm_message_hook.dll
[2009/07/24 11:28:58 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2009/07/24 11:28:56 | 000,383,562 | RHS- | C] () -- \bootmgr
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 15:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 15:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 15:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/07/28 12:10:52 | 000,411,136 | ---- | C] () -- C:\Program Files (x86)\SASREPAIRS.STG
[2007/11/27 14:12:26 | 001,088,725 | ---- | C] () -- C:\Program Files (x86)\SUPERAntiSpyware.chm
[2006/12/02 00:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll
[2004/05/20 14:28:44 | 000,002,048 | ---- | C] () -- C:\Program Files (x86)\detect.wav

< End of report >

#12 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,504
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 15 September 2011 - 12:44 PM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
     
:otl
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Users\dward\SAM.LOG1 - Shortcut.lnk = File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: careerbuilder.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: download.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: mainman.dcs ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: mastercontrol.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: miniaturemarket.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: openair.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: salesforce.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2826600035-753975784-1930528410-5880\..Trusted Domains: stewartcoopercoon.com ([]* in Trusted sites)
:Files
ipconfig /flushdns /c
:Commands
[PURITY] 
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]

  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

This post has been edited by gringo_pr: 16 September 2011 - 07:31 AM

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#13 User is offline   Gryphon410 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 31
  • Joined: 29-December 10

Posted 16 September 2011 - 03:38 AM

I tried running it but it got stuck at -

Processing 03:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowswer - No CLSID value found....

It would just hang forever and not do anything. I attached a screenshot Attached File  OTL Screenshot.jpg (122.43K)
Number of downloads: 3 (hope that's ok).

-Gryphon

#14 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,504
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 16 September 2011 - 07:31 AM

I edited the script above so please try again


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#15 User is offline   Gryphon410 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 31
  • Joined: 29-December 10

Posted 19 September 2011 - 02:15 AM

Here it is. Just so you know, I forgot to close out of Outlook and IE before I ran this. So let me know if you need me to run it again (if having those open may have been an issue).

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\S-1-5-21-2826600035-753975784-1930528410-5880\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
C:\Users\dward\SAM.LOG1 - Shortcut.lnk moved successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\careerbuilder.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mainman.dcs\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mastercontrol.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\miniaturemarket.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\openair.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\salesforce.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2826600035-753975784-1930528410-5880\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\stewartcoopercoon.com\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\dward\Desktop\cmd.bat deleted successfully.
C:\Users\dward\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Temp folder emptied: 42280 bytes
-> No Temporary Internet Files cache folder defined!

User: cspackman
-> No Temporary Internet Files cache folder defined!

User: Default
-> No Temporary Internet Files cache folder defined!

User: dward
-> No Temporary Internet Files cache folder defined!

User: hward
-> No Temporary Internet Files cache folder defined!

User: jdoe
-> No Temporary Internet Files cache folder defined!

User: jdoe.DWARD
-> No Temporary Internet Files cache folder defined!

User: Mcx1-DWARD
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

User: Support
-> No Temporary Internet Files cache folder defined!

User: Sysadmin
-> No Temporary Internet Files cache folder defined!

User: TEMP
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4795165 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 4072434 bytes

Total Files Cleaned = 9.00 mb


[EMPTYFLASH]

User: All Users

User: cspackman

User: Default

User: dward

User: hward

User: jdoe

User: jdoe.DWARD

User: Mcx1-DWARD

User: Public

User: Support

User: Sysadmin

User: TEMP

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.28.0 log created on 09182011_222454

Files\Folders moved on Reboot...
C:\Windows\temp\vmware-SYSTEM-1937495793\vmware-usbarb-SYSTEM-3528.log moved successfully.

Registry entries deleted on Reboot...

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users