What remains is a browser hijacker (or the like) that affects both firefox and explorer intermittently but consistently (yeah, that makes sense). It has caused Chrome to stop working entirely, even after an uninstall and reinstall (even with using a new user profile after the re-install). Avast! will find and remove vulnerabilities when I run it, but different ones reappear soon or after reboot (finds include JS:Prontexi as well as others). I have run avast, spybot, malwarebytes, and trendmicro avs many times to no freakin' avail. I probably picked up the malwares on the evening of the 25th (trying to find a driver for another PC), but it didn't explode until the morning of the 26th.
As you'll see from the files, I'm a fairly savvy user and can troubleshoot through a linux live disto if it'll help. You'll also see that this is a work PC (with poor/no company tech support above my IT level) so I have replaced my company name in the log files with "company". Also, the IRIS9 entry in the hosts file is my add.
Thanks in advance for any help you can offer.
DDS (Ver_10-03-17.01) - NTFSx86
Run by tom at 18:26:51.21 on Tue 04/27/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2753 [GMT -5:00]
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {CC4AED51-AB92-4A33-8C71-B6FFEEC600C9}
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {D0B4F86C-C0C5-4E61-A565-151AFE6BD5B6}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\system32\brsvc01a.exe
C:\windows\system32\brss01a.exe
C:\windows\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe
svchost.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\windows\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\windows\system32\vmnat.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\windows\system32\vmnetdhcp.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\windows\system32\cidaemon.exe
C:\windows\system32\cidaemon.exe
C:\windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\windows\system32\AESTFltr.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\WebEx\Productivity Tools\PTIM.exe
C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Memento\Memento.exe
C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\tom\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PTIM.exe] c:\program files\webex\productivity tools\PTIM.exe
uRun: [PTOneClick] c:\program files\webex\productivity tools\ptoneclk.exe /AutoRunning="2"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [ScreenPrint32] c:\program files\screenprint32 v3\ScreenPrint32.exe -startup
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\tom\startm~1\programs\startup\memento.lnk - c:\program files\memento\Memento.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{f3c1de9e-5e16-4ba9-b854-7b53a45e3579}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\vmware\vmware player\vsocklib.dll
Trusted Zone: santsuite.com\hs2
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://trend.companynet.com:4343/officescan/console/html/root/AtxEnc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} - hxxps://trend.companynet.com:4343/officescan/console/html/root/AtxPie.cab
DPF: {CAD4ADEB-C52B-4E83-A7D1-9C75E022ECCC} - hxxps://ds.conferenceservers.com/components/WDPLUGIN.CAB
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tgumerson.webex.com/client/T27L/webex/ieatgpc.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 192.168.0.2 IRIS9
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\1giknr7d.default\
FF - component: c:\documents and settings\tom\application data\mozilla\firefox\profiles\1giknr7d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\webex\productivity tools\components\ocff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {F615FEBA-64A7-498A-AD85-729140A0E5F5} - c:\documents and settings\tom\local settings\application data\{F615FEBA-64A7-498A-AD85-729140A0E5F5}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-27 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-27 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-27 40384]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-1-29 50192]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2008-11-26 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2008-11-26 36368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-10 24652]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-1-22 70704]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-4-1 108160]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-27 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-27 40384]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-4-1 244368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-1 110080]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2009-4-1 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-4-1 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-4-1 277504]
S0 cerc6;cerc6; [x]
S0 xgewhz;xgewhz;c:\windows\system32\drivers\xgewhz.sys [2010-4-26 0]
S2 gupdate1c9e95b517a2ddd;Google Update Service (gupdate1c9e95b517a2ddd);c:\program files\google\update\GoogleUpdate.exe [2009-6-9 133104]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-1-22 563760]
S3 diskchk;diskchk;\??\c:\windows\system32\diskchk.sys --> c:\windows\system32\diskchk.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2009-2-10 652552]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
=============== Created Last 30 ================
2010-04-27 16:24:24 0 ----a-w- c:\documents and settings\tom\defogger_reenable
2010-04-27 13:12:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-04-27 11:31:24 0 d-----w- c:\windows\SxsCaPendDel
2010-04-27 01:51:31 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-26 17:40:48 0 d-----w- c:\docume~1\tom\applic~1\Malwarebytes
2010-04-26 17:40:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-26 17:40:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 17:40:24 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 17:40:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-26 13:16:16 120 ----a-w- c:\windows\Ngirasax.dat
2010-04-26 13:16:16 0 ----a-w- c:\windows\Arurinaqafotoced.bin
2010-04-26 13:15:46 0 ----a-w- c:\windows\system32\drivers\xgewhz.sys
2010-04-26 13:15:38 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-04-26 13:15:38 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-04-26 13:15:37 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-04-26 13:15:37 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-04-26 13:15:35 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-04-26 13:15:35 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-04-15 11:54:33 54156 ---ha-w- c:\windows\QTFont.qfn
2010-04-15 11:54:33 1409 ----a-w- c:\windows\QTFont.for
2010-04-09 18:15:49 0 d-----w- c:\program files\WebEx
2010-04-04 13:30:05 31280 ----a-r- c:\windows\system32\drivers\vmusb.sys
==================== Find3M ====================
2010-04-27 23:11:25 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-04-27 23:11:23 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-04-26 22:22:39 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
============= FINISH: 18:28:22.67 ===============