Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

***Possible Zero Access Rootkit?


  • This topic is locked This topic is locked
14 replies to this topic

#1 mattymatt

mattymatt

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 11 December 2011 - 09:06 PM

Hello,

I've been instructed to move my issues over to this thread from http://www.bleepingcomputer.com/forums/topic431884.html

Original issue was that my Google/Yahoo searches were being hijacked. The search itself wasnt hijacked, but if I clicked on any of the links on the searchpage it redirected me to some other weird search site. Also, my laptop is running VERY slow (40-100% memory usage)and my Outlook 2007 will not connect. After doing the steps given to in in the other thread, my computer seems to be running faster but the search is still hijacked and Outlook won't let me connect.

Thanks for your help!

Here are my logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by matt.thomas at 16:50:39 on 2011-12-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.367 [GMT -5:00]
.
AV: Trend Micro Client-Server Security Agent AntiVirus *Enabled/Updated* {61CB6683-51E0-4335-991A-E86068BDD4B5}
FW: Trend Micro Client-Server Security Agent Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Starfield\offSyncService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\WebDrive\wdService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\Program Files\Nuance\OmniPageSE4\OpwareSE4.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\41058a53-5c39-4601-a9be-4e1e6a0cab89.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe
C:\WINDOWS\TEMP\BC1C5F.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntupd.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\ping.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-8398-26FADCF27386} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\documents and settings\matt.thomas\desktop\misc1\anti-adware\41058a53-5c39-4601-a9be-4e1e6a0cab89.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"
mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe"
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [FtLnSOP_setup] c:\windows\twain_32\fjscan32\sop\FtLnSOP.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\nuance\omnipagese4\OpwareSE4.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Verizon Custom Uninstall Tracking] c:\docume~1\matt~1.tho\locals~1\temp\InstallHelper.exe /uninstalltrackingvendor=Verizon
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [HFALoader] c:\program files\hamster soft\free zip archiver\HamsterArc.exe -loader
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bloggi~1.lnk - c:\program files\sony\bloggie software\BGVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\biolsp.dll
LSP: mswsock.dll
Trusted Zone: gomyhit.com
Trusted Zone: listen.com\www
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://10.2.2.12:4343/officescan/console/ClientInstall/WinNTChk.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxps://asp21.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://10.2.2.12:4343/officescan/console/ClientInstall/setup.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://10.2.2.12:4343/officescan/console/ClientInstall/RemoveCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxConsole.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://michiganheart.webex.com/client/T27L/webex/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{73FA15BD-EB5C-43E6-9329-76F2C740173D} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\documents and settings\matt.thomas\desktop\misc1\anti-adware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\documents and settings\matt.thomas\desktop\misc1\anti-adware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\matt.thomas\application data\mozilla\firefox\profiles\ka9mi6mt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home|http://email14.secureserver.net/webmail.php|https://teambeachbody.com/home?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\matt.thomas\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\matt.thomas\application data\mozilla\plugins\npoff.dll
FF - plugin: c:\documents and settings\matt.thomas\application data\mozilla\plugins\npoff.dll
FF - plugin: c:\documents and settings\matt.thomas\application data\mozilla\plugins\npwbe.dll
FF - plugin: c:\documents and settings\matt.thomas\application data\mozilla\plugins\npwbe.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\sony\bloggie software\npsome.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 NEOFLTR_630_14121;Juniper Networks TDI Filter Driver (NEOFLTR_630_14121);c:\windows\system32\drivers\NEOFLTR_630_14121.sys [2009-3-26 64480]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\matt.thomas\desktop\misc1\anti-adware\SASDIFSV.SYS [2008-11-17 12880]
R2 !SASCORE;SAS Core Service;c:\documents and settings\matt.thomas\desktop\misc1\anti-adware\SASCORE.EXE [2010-12-7 116608]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 File Backup;File Backup Service;c:\program files\starfield\offSyncService.exe [2010-7-16 1310960]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-2-7 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-6 366152]
R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2009-8-14 31232]
R2 OfcPfwSvc;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\OfcPfwSvc.exe [2007-3-29 282704]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2007-9-17 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2007-9-17 36368]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\webdrive\wdfsd.sys [2006-4-28 165888]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-6 22216]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\matt.thomas\desktop\saskutil.sys --> c:\documents and settings\matt.thomas\desktop\SASKUTIL.sys [?]
S3 SASENUM;SASENUM;\??\c:\documents and settings\matt.thomas\desktop\sasenum.sys --> c:\documents and settings\matt.thomas\desktop\SASENUM.SYS [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-6-10 176896]
.
=============== Created Last 30 ================
.
2011-12-11 16:36:11 -------- d-----w- C:\af81d5999af364f2a22add4f9da4383c
2011-12-05 15:03:50 -------- d-----w- c:\documents and settings\all users\application data\ResMed
2011-11-29 19:06:12 -------- d-----w- C:\EP2InstallLog
2011-11-29 19:00:44 -------- d-----w- c:\program files\ACR38_100_122 PCSC Driver
2011-11-29 18:42:22 -------- d-----w- c:\program files\ResMed
2011-11-29 18:40:12 -------- d-----w- c:\documents and settings\all users\application data\{740DA5E1-87B3-47BF-9A61-33426D495341}
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 07:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-27 19:19:10 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 16:53:25.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:22 PM

Posted 12 December 2011 - 06:59 PM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 mattymatt

mattymatt
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 12 December 2011 - 11:57 PM

Thanks for taking on my "stuff"!

Here are the logs:

22:50:12.0875 2160 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
22:50:13.0296 2160 ============================================================
22:50:13.0296 2160 Current date / time: 2011/12/12 22:50:13.0296
22:50:13.0296 2160 SystemInfo:
22:50:13.0296 2160
22:50:13.0296 2160 OS Version: 5.1.2600 ServicePack: 3.0
22:50:13.0296 2160 Product type: Workstation
22:50:13.0296 2160 ComputerName: MDS0083
22:50:13.0296 2160 UserName: matt.thomas
22:50:13.0296 2160 Windows directory: C:\WINDOWS
22:50:13.0296 2160 System windows directory: C:\WINDOWS
22:50:13.0296 2160 Processor architecture: Intel x86
22:50:13.0296 2160 Number of processors: 2
22:50:13.0296 2160 Page size: 0x1000
22:50:13.0296 2160 Boot type: Normal boot
22:50:13.0296 2160 ============================================================
22:50:18.0765 2160 Initialize success
22:50:23.0890 3916 ============================================================
22:50:23.0890 3916 Scan started
22:50:23.0890 3916 Mode: Manual;
22:50:23.0890 3916 ============================================================
22:50:30.0984 3916 Abiosdsk - ok
22:50:31.0406 3916 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:50:31.0531 3916 abp480n5 - ok
22:50:32.0062 3916 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:50:32.0234 3916 ACPI - ok
22:50:32.0937 3916 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:50:32.0984 3916 ACPIEC - ok
22:50:33.0156 3916 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:50:33.0203 3916 adpu160m - ok
22:50:33.0296 3916 ADSEXPB (d6283a2039c54e34eb5ba518c9aedca5) C:\WINDOWS\system32\Drivers\adsexpb.SYS
22:50:33.0328 3916 ADSEXPB - ok
22:50:33.0437 3916 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:50:33.0484 3916 aec - ok
22:50:33.0562 3916 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:50:33.0609 3916 AFD - ok
22:50:33.0671 3916 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
22:50:33.0687 3916 AFS2K - ok
22:50:33.0765 3916 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:50:33.0781 3916 agp440 - ok
22:50:33.0812 3916 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:50:33.0828 3916 agpCPQ - ok
22:50:33.0906 3916 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:50:33.0953 3916 Aha154x - ok
22:50:34.0031 3916 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:50:34.0046 3916 aic78u2 - ok
22:50:34.0250 3916 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:50:34.0312 3916 aic78xx - ok
22:50:34.0531 3916 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:50:34.0562 3916 AliIde - ok
22:50:34.0703 3916 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:50:34.0750 3916 alim1541 - ok
22:50:34.0796 3916 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:50:34.0812 3916 amdagp - ok
22:50:34.0921 3916 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:50:34.0968 3916 amsint - ok
22:50:35.0078 3916 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
22:50:35.0125 3916 ApfiltrService - ok
22:50:35.0218 3916 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
22:50:35.0234 3916 APPDRV - ok
22:50:35.0296 3916 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:50:35.0312 3916 Arp1394 - ok
22:50:35.0421 3916 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:50:35.0453 3916 asc - ok
22:50:35.0484 3916 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:50:35.0515 3916 asc3350p - ok
22:50:35.0890 3916 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:50:35.0906 3916 asc3550 - ok
22:50:36.0171 3916 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:50:36.0187 3916 AsyncMac - ok
22:50:36.0250 3916 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:50:36.0250 3916 atapi - ok
22:50:36.0265 3916 Atdisk - ok
22:50:36.0312 3916 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:50:36.0328 3916 Atmarpc - ok
22:50:36.0437 3916 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:50:36.0453 3916 audstub - ok
22:50:36.0531 3916 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:50:36.0562 3916 b57w2k - ok
22:50:36.0671 3916 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
22:50:36.0687 3916 BASFND - ok
22:50:36.0796 3916 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:50:36.0906 3916 BCM43XX - ok
22:50:37.0031 3916 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:50:37.0046 3916 Beep - ok
22:50:37.0125 3916 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
22:50:37.0140 3916 BrScnUsb - ok
22:50:37.0187 3916 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
22:50:37.0218 3916 BrSerIf - ok
22:50:37.0281 3916 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
22:50:37.0296 3916 BrUsbSer - ok
22:50:37.0328 3916 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:50:37.0343 3916 cbidf - ok
22:50:37.0437 3916 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:50:37.0437 3916 cbidf2k - ok
22:50:37.0515 3916 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:50:37.0531 3916 CCDECODE - ok
22:50:37.0578 3916 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:50:37.0593 3916 cd20xrnt - ok
22:50:37.0609 3916 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:50:37.0625 3916 Cdaudio - ok
22:50:37.0687 3916 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:50:37.0703 3916 Cdfs - ok
22:50:37.0796 3916 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
22:50:37.0812 3916 cdrbsdrv - ok
22:50:37.0859 3916 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:50:37.0875 3916 Cdrom - ok
22:50:37.0921 3916 Changer - ok
22:50:37.0984 3916 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:50:38.0000 3916 CmBatt - ok
22:50:38.0046 3916 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:50:38.0078 3916 CmdIde - ok
22:50:38.0156 3916 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:50:38.0171 3916 Compbatt - ok
22:50:38.0234 3916 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:50:38.0250 3916 Cpqarray - ok
22:50:38.0468 3916 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
22:50:38.0484 3916 CVirtA - ok
22:50:38.0609 3916 CVPNDRVA (b4ee6bf210982d31e56cd526eb7e0cb6) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
22:50:38.0656 3916 CVPNDRVA - ok
22:50:38.0781 3916 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:50:38.0843 3916 dac2w2k - ok
22:50:38.0875 3916 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:50:38.0890 3916 dac960nt - ok
22:50:38.0968 3916 DgiVecp (1ec27a51a2f9df052bc2b4c8376c8fea) C:\WINDOWS\system32\Drivers\DgiVecp.sys
22:50:38.0984 3916 DgiVecp - ok
22:50:39.0031 3916 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:50:39.0046 3916 Disk - ok
22:50:39.0125 3916 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
22:50:39.0140 3916 DLABMFSM - ok
22:50:39.0296 3916 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:50:39.0312 3916 DLABOIOM - ok
22:50:39.0343 3916 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
22:50:39.0359 3916 DLACDBHM - ok
22:50:39.0390 3916 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
22:50:39.0406 3916 DLADResM - ok
22:50:39.0468 3916 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:50:39.0500 3916 DLAIFS_M - ok
22:50:39.0531 3916 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:50:39.0546 3916 DLAOPIOM - ok
22:50:39.0640 3916 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:50:39.0656 3916 DLAPoolM - ok
22:50:39.0703 3916 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
22:50:39.0718 3916 DLARTL_M - ok
22:50:39.0765 3916 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:50:39.0796 3916 DLAUDFAM - ok
22:50:39.0828 3916 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:50:39.0859 3916 DLAUDF_M - ok
22:50:39.0937 3916 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:50:40.0000 3916 dmboot - ok
22:50:40.0093 3916 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:50:40.0125 3916 dmio - ok
22:50:40.0156 3916 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:50:40.0171 3916 dmload - ok
22:50:40.0218 3916 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:50:40.0250 3916 DMusic - ok
22:50:40.0296 3916 DNE (f3d3e0d3fefac57ed1ecadfe746e52f3) C:\WINDOWS\system32\DRIVERS\dne2000.sys
22:50:40.0328 3916 DNE - ok
22:50:40.0359 3916 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:50:40.0375 3916 dpti2o - ok
22:50:40.0468 3916 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:50:40.0484 3916 drmkaud - ok
22:50:40.0609 3916 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
22:50:40.0640 3916 DRVMCDB - ok
22:50:40.0687 3916 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:50:40.0703 3916 DRVNDDM - ok
22:50:40.0781 3916 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
22:50:40.0812 3916 DXEC01 - ok
22:50:40.0859 3916 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:50:40.0890 3916 E100B - ok
22:50:40.0984 3916 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:50:41.0015 3916 Fastfat - ok
22:50:41.0109 3916 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:50:41.0140 3916 Fdc - ok
22:50:41.0187 3916 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:50:41.0218 3916 Fips - ok
22:50:41.0265 3916 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:50:41.0281 3916 Flpydisk - ok
22:50:41.0343 3916 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:50:41.0375 3916 FltMgr - ok
22:50:41.0406 3916 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:50:41.0421 3916 Fs_Rec - ok
22:50:41.0515 3916 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:50:41.0546 3916 Ftdisk - ok
22:50:41.0640 3916 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:50:41.0656 3916 GEARAspiWDM - ok
22:50:41.0703 3916 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:50:41.0718 3916 Gpc - ok
22:50:41.0765 3916 guardian2 (7dadeb7f2215b1f883267cad67f091c1) C:\WINDOWS\system32\Drivers\oz776.sys
22:50:41.0796 3916 guardian2 - ok
22:50:41.0859 3916 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:50:41.0875 3916 HDAudBus - ok
22:50:41.0921 3916 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:50:41.0937 3916 HidUsb - ok
22:50:42.0000 3916 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:50:42.0015 3916 hpn - ok
22:50:42.0078 3916 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:50:42.0109 3916 HPZid412 - ok
22:50:42.0234 3916 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:50:42.0250 3916 HPZipr12 - ok
22:50:42.0312 3916 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:50:42.0343 3916 HPZius12 - ok
22:50:42.0437 3916 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:50:42.0484 3916 HSFHWAZL - ok
22:50:42.0546 3916 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:50:42.0703 3916 HSF_DPV - ok
22:50:42.0812 3916 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:50:42.0843 3916 HTTP - ok
22:50:42.0953 3916 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:50:42.0953 3916 i2omgmt - ok
22:50:43.0000 3916 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:50:43.0015 3916 i2omp - ok
22:50:43.0062 3916 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:50:43.0078 3916 i8042prt - ok
22:50:43.0937 3916 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:50:44.0328 3916 ialm - ok
22:50:44.0437 3916 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:50:44.0468 3916 Imapi - ok
22:50:44.0531 3916 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:50:44.0546 3916 ini910u - ok
22:50:44.0578 3916 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:50:44.0593 3916 IntelIde - ok
22:50:44.0640 3916 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:50:44.0671 3916 intelppm - ok
22:50:44.0718 3916 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:50:44.0734 3916 Ip6Fw - ok
22:50:44.0781 3916 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:50:44.0812 3916 IpFilterDriver - ok
22:50:44.0953 3916 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:50:44.0968 3916 IpInIp - ok
22:50:45.0015 3916 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:50:45.0046 3916 IpNat - ok
22:50:45.0093 3916 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:50:45.0125 3916 IPSec - ok
22:50:45.0156 3916 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:50:45.0187 3916 IRENUM - ok
22:50:45.0218 3916 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:50:45.0296 3916 isapnp - ok
22:50:45.0375 3916 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:50:45.0406 3916 Kbdclass - ok
22:50:45.0531 3916 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:50:45.0578 3916 kmixer - ok
22:50:45.0718 3916 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:50:45.0750 3916 KSecDD - ok
22:50:45.0828 3916 lbrtfdc - ok
22:50:45.0968 3916 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
22:50:46.0000 3916 LMIInfo - ok
22:50:46.0156 3916 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
22:50:46.0203 3916 lmimirr - ok
22:50:46.0328 3916 LMIRfsClientNP - ok
22:50:46.0406 3916 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
22:50:46.0453 3916 LMIRfsDriver - ok
22:50:46.0531 3916 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
22:50:46.0562 3916 MBAMProtector - ok
22:50:46.0578 3916 MBAMSwissArmy - ok
22:50:46.0593 3916 MCSTRM - ok
22:50:46.0671 3916 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:50:46.0687 3916 mdmxsdk - ok
22:50:46.0734 3916 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:50:46.0734 3916 mnmdd - ok
22:50:46.0843 3916 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:50:46.0859 3916 Modem - ok
22:50:46.0890 3916 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:50:46.0921 3916 Mouclass - ok
22:50:46.0984 3916 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:50:47.0000 3916 mouhid - ok
22:50:47.0046 3916 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:50:47.0062 3916 MountMgr - ok
22:50:47.0125 3916 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:50:47.0140 3916 mraid35x - ok
22:50:47.0187 3916 MREMPR5 - ok
22:50:47.0187 3916 MRENDIS5 - ok
22:50:47.0281 3916 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:50:47.0328 3916 MRxDAV - ok
22:50:47.0406 3916 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:50:47.0515 3916 MRxSmb - ok
22:50:47.0625 3916 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:50:47.0640 3916 Msfs - ok
22:50:47.0703 3916 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:50:47.0718 3916 MSKSSRV - ok
22:50:47.0875 3916 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:50:47.0890 3916 MSPCLOCK - ok
22:50:47.0953 3916 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:50:47.0968 3916 MSPQM - ok
22:50:48.0031 3916 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:50:48.0046 3916 mssmbios - ok
22:50:48.0109 3916 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:50:48.0125 3916 MSTEE - ok
22:50:48.0234 3916 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:50:48.0265 3916 Mup - ok
22:50:48.0343 3916 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:50:48.0406 3916 NABTSFEC - ok
22:50:48.0500 3916 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:50:48.0562 3916 NDIS - ok
22:50:48.0640 3916 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:50:48.0671 3916 NdisIP - ok
22:50:48.0734 3916 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:50:48.0765 3916 NdisTapi - ok
22:50:48.0843 3916 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:50:48.0875 3916 Ndisuio - ok
22:50:48.0921 3916 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:50:48.0937 3916 NdisWan - ok
22:50:49.0015 3916 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:50:49.0031 3916 NDProxy - ok
22:50:49.0125 3916 NEOFLTR_630_14121 (d68beba9074c2aa5ce78560a1bb0fbf4) C:\WINDOWS\system32\Drivers\NEOFLTR_630_14121.SYS
22:50:49.0140 3916 NEOFLTR_630_14121 - ok
22:50:49.0203 3916 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:50:49.0234 3916 NetBIOS - ok
22:50:49.0312 3916 NetBT (e67c98f0a21b745d50082ae9c095795b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:50:49.0343 3916 NetBT - ok
22:50:49.0406 3916 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:50:49.0453 3916 NIC1394 - ok
22:50:49.0515 3916 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:50:49.0562 3916 Npfs - ok
22:50:49.0656 3916 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:50:49.0734 3916 Ntfs - ok
22:50:49.0828 3916 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
22:50:49.0843 3916 NuidFltr - ok
22:50:49.0859 3916 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:50:49.0875 3916 Null - ok
22:50:49.0984 3916 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:50:50.0062 3916 nv - ok
22:50:50.0187 3916 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:50:50.0203 3916 NwlnkFlt - ok
22:50:50.0250 3916 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:50:50.0281 3916 NwlnkFwd - ok
22:50:50.0343 3916 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:50:50.0375 3916 ohci1394 - ok
22:50:50.0421 3916 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:50:50.0453 3916 Parport - ok
22:50:50.0500 3916 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:50:50.0515 3916 PartMgr - ok
22:50:50.0578 3916 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:50:50.0593 3916 ParVdm - ok
22:50:50.0687 3916 PBADRV (e3e6e724d6a82ab6a2afbcb21180ffce) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
22:50:50.0703 3916 PBADRV - ok
22:50:50.0750 3916 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:50:50.0781 3916 PCI - ok
22:50:50.0828 3916 PCIDump - ok
22:50:50.0890 3916 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:50:50.0890 3916 PCIIde - ok
22:50:50.0968 3916 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:50:51.0031 3916 Pcmcia - ok
22:50:51.0046 3916 PDCOMP - ok
22:50:51.0062 3916 PDFRAME - ok
22:50:51.0078 3916 PDRELI - ok
22:50:51.0093 3916 PDRFRAME - ok
22:50:51.0125 3916 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:50:51.0156 3916 perc2 - ok
22:50:51.0250 3916 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:50:51.0265 3916 perc2hib - ok
22:50:51.0328 3916 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
22:50:51.0343 3916 pfc - ok
22:50:51.0437 3916 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:50:51.0453 3916 PptpMiniport - ok
22:50:51.0515 3916 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:50:51.0531 3916 PSched - ok
22:50:51.0562 3916 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:50:51.0578 3916 Ptilink - ok
22:50:51.0640 3916 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:50:51.0687 3916 PxHelp20 - ok
22:50:51.0812 3916 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:50:51.0828 3916 ql1080 - ok
22:50:51.0906 3916 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:50:51.0937 3916 Ql10wnt - ok
22:50:51.0968 3916 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:50:51.0984 3916 ql12160 - ok
22:50:52.0031 3916 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:50:52.0062 3916 ql1240 - ok
22:50:52.0078 3916 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:50:52.0109 3916 ql1280 - ok
22:50:52.0187 3916 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:50:52.0203 3916 RasAcd - ok
22:50:52.0312 3916 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:50:52.0328 3916 Rasl2tp - ok
22:50:52.0375 3916 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:50:52.0390 3916 RasPppoe - ok
22:50:52.0421 3916 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:50:52.0453 3916 Raspti - ok
22:50:52.0515 3916 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:50:52.0546 3916 Rdbss - ok
22:50:52.0578 3916 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:50:52.0593 3916 RDPCDD - ok
22:50:52.0687 3916 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:50:52.0718 3916 rdpdr - ok
22:50:52.0812 3916 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:50:52.0843 3916 RDPWD - ok
22:50:52.0906 3916 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:50:52.0937 3916 redbook - ok
22:50:53.0140 3916 SASDIFSV (39763504067962108505bff25f024345) C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASDIFSV.SYS
22:50:53.0156 3916 SASDIFSV - ok
22:50:53.0156 3916 SASENUM - ok
22:50:53.0171 3916 SASKUTIL - ok
22:50:53.0343 3916 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:50:53.0359 3916 Secdrv - ok
22:50:53.0484 3916 Ser2pl (de0a165d9f8ea295e62ea702ef2f8125) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
22:50:53.0500 3916 Ser2pl - ok
22:50:53.0562 3916 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:50:53.0578 3916 serenum - ok
22:50:53.0625 3916 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:50:53.0656 3916 Serial - ok
22:50:53.0671 3916 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:50:53.0687 3916 Sfloppy - ok
22:50:53.0718 3916 Simbad - ok
22:50:53.0781 3916 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:50:53.0796 3916 sisagp - ok
22:50:53.0859 3916 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:50:53.0875 3916 SLIP - ok
22:50:54.0015 3916 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
22:50:54.0046 3916 sonypvs1 - ok
22:50:54.0109 3916 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:50:54.0125 3916 SONYPVU1 - ok
22:50:54.0203 3916 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:50:54.0218 3916 Sparrow - ok
22:50:54.0296 3916 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:50:54.0312 3916 splitter - ok
22:50:54.0437 3916 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:50:54.0453 3916 sr - ok
22:50:54.0515 3916 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:50:54.0578 3916 Srv - ok
22:50:54.0703 3916 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys
22:50:54.0828 3916 STHDA - ok
22:50:54.0984 3916 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:50:55.0000 3916 streamip - ok
22:50:55.0031 3916 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:50:55.0046 3916 swenum - ok
22:50:55.0093 3916 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:50:55.0125 3916 swmidi - ok
22:50:55.0171 3916 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:50:55.0187 3916 symc810 - ok
22:50:55.0218 3916 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:50:55.0234 3916 symc8xx - ok
22:50:55.0343 3916 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:50:55.0359 3916 sym_hi - ok
22:50:55.0390 3916 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:50:55.0421 3916 sym_u3 - ok
22:50:55.0500 3916 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:50:55.0515 3916 sysaudio - ok
22:50:55.0578 3916 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:50:55.0625 3916 Tcpip - ok
22:50:55.0703 3916 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:50:55.0718 3916 TDPIPE - ok
22:50:55.0781 3916 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:50:55.0796 3916 TDTCP - ok
22:50:55.0859 3916 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:50:55.0875 3916 TermDD - ok
22:50:55.0937 3916 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\WINDOWS\system32\drivers\tmcomm.sys
22:50:55.0953 3916 tmcomm - ok
22:50:56.0062 3916 TmFilter (3e615f370f0c7db414b6bcd1c18399d4) C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys
22:50:56.0187 3916 TmFilter - ok
22:50:56.0234 3916 TmPreFilter (c7c7959ec0940e0eddfc881fed8ec214) C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys
22:50:56.0250 3916 TmPreFilter - ok
22:50:56.0343 3916 TM_CFW (6ebec57eb4b4b29c8a90d3c32a588f3e) C:\Program Files\Trend Micro\Client Server Security Agent\tm_cfw.sys
22:50:56.0609 3916 TM_CFW - ok
22:50:56.0734 3916 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:50:56.0750 3916 TosIde - ok
22:50:56.0812 3916 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:50:56.0828 3916 Udfs - ok
22:50:56.0890 3916 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:50:56.0921 3916 ultra - ok
22:50:56.0984 3916 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:50:57.0015 3916 Update - ok
22:50:57.0093 3916 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:50:57.0156 3916 USBAAPL - ok
22:50:57.0281 3916 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:50:57.0312 3916 usbaudio - ok
22:50:57.0359 3916 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:50:57.0375 3916 usbccgp - ok
22:50:57.0421 3916 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:50:57.0437 3916 usbehci - ok
22:50:57.0484 3916 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:50:57.0500 3916 usbhub - ok
22:50:57.0562 3916 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:50:57.0593 3916 usbprint - ok
22:50:57.0640 3916 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:50:57.0656 3916 usbscan - ok
22:50:57.0703 3916 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:50:57.0718 3916 USBSTOR - ok
22:50:57.0781 3916 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:50:57.0796 3916 usbuhci - ok
22:50:57.0906 3916 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
22:50:57.0921 3916 usb_rndisx - ok
22:50:57.0968 3916 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:50:57.0984 3916 VgaSave - ok
22:50:58.0062 3916 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:50:58.0078 3916 viaagp - ok
22:50:58.0109 3916 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:50:58.0125 3916 ViaIde - ok
22:50:58.0156 3916 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:50:58.0171 3916 VolSnap - ok
22:50:58.0312 3916 VSApiNt (60dfbc34228ca36221b03460789f5d4e) C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys
22:50:58.0406 3916 VSApiNt - ok
22:50:58.0531 3916 vsdatant (57009a8610a4e1f5ed333f543224516a) C:\WINDOWS\system32\vsdatant.sys
22:50:58.0609 3916 vsdatant - ok
22:50:58.0687 3916 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:50:58.0718 3916 Wanarp - ok
22:50:58.0828 3916 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:50:58.0921 3916 Wdf01000 - ok
22:50:58.0968 3916 WDICA - ok
22:50:59.0046 3916 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:50:59.0093 3916 wdmaud - ok
22:50:59.0187 3916 WebDriveFSD (e5ca8571ff00fe7ee3d667fe0cc147c5) C:\Program Files\WebDrive\wdfsd.sys
22:50:59.0281 3916 WebDriveFSD - ok
22:50:59.0375 3916 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:50:59.0640 3916 winachsf - ok
22:50:59.0781 3916 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
22:50:59.0812 3916 WinUSB - ok
22:50:59.0859 3916 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:50:59.0875 3916 WmiAcpi - ok
22:50:59.0937 3916 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:50:59.0968 3916 WpdUsb - ok
22:51:00.0031 3916 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:51:00.0046 3916 WS2IFSL - ok
22:51:00.0093 3916 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:51:00.0093 3916 WSTCODEC - ok
22:51:00.0171 3916 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:51:00.0187 3916 WudfPf - ok
22:51:00.0296 3916 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:51:00.0328 3916 WudfRd - ok
22:51:00.0375 3916 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:51:00.0500 3916 \Device\Harddisk0\DR0 - ok
22:51:00.0500 3916 Boot (0x1200) (fe6734fbb0c47b2335e6cd0179c90303) \Device\Harddisk0\DR0\Partition0
22:51:00.0500 3916 \Device\Harddisk0\DR0\Partition0 - ok
22:51:00.0515 3916 ============================================================
22:51:00.0515 3916 Scan finished
22:51:00.0515 3916 ============================================================
22:51:00.0515 5620 Detected object count: 0
22:51:00.0515 5620 Actual detected object count: 0
22:53:20.0484 4816 ============================================================
22:53:20.0484 4816 Scan started
22:53:20.0484 4816 Mode: Manual;
22:53:20.0484 4816 ============================================================
22:53:34.0609 4816 Abiosdsk - ok
22:53:35.0046 4816 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:53:35.0062 4816 abp480n5 - ok
22:53:35.0343 4816 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:53:35.0375 4816 ACPI - ok
22:53:35.0656 4816 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:53:35.0671 4816 ACPIEC - ok
22:53:36.0093 4816 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:53:36.0125 4816 adpu160m - ok
22:53:36.0296 4816 ADSEXPB (d6283a2039c54e34eb5ba518c9aedca5) C:\WINDOWS\system32\Drivers\adsexpb.SYS
22:53:36.0328 4816 ADSEXPB - ok
22:53:36.0578 4816 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:53:36.0593 4816 aec - ok
22:53:36.0953 4816 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:53:36.0984 4816 AFD - ok
22:53:37.0203 4816 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
22:53:37.0218 4816 AFS2K - ok
22:53:37.0406 4816 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:53:37.0437 4816 agp440 - ok
22:53:37.0578 4816 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:53:37.0609 4816 agpCPQ - ok
22:53:37.0890 4816 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:53:37.0906 4816 Aha154x - ok
22:53:38.0125 4816 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:53:38.0140 4816 aic78u2 - ok
22:53:38.0343 4816 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:53:38.0359 4816 aic78xx - ok
22:53:38.0781 4816 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:53:38.0796 4816 AliIde - ok
22:53:38.0859 4816 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:53:38.0890 4816 alim1541 - ok
22:53:38.0953 4816 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:53:38.0984 4816 amdagp - ok
22:53:39.0062 4816 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:53:39.0093 4816 amsint - ok
22:53:39.0156 4816 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
22:53:39.0187 4816 ApfiltrService - ok
22:53:39.0515 4816 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
22:53:39.0531 4816 APPDRV - ok
22:53:40.0671 4816 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:53:40.0687 4816 Arp1394 - ok
22:53:41.0468 4816 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:53:41.0500 4816 asc - ok
22:53:41.0953 4816 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:53:41.0984 4816 asc3350p - ok
22:53:42.0750 4816 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:53:42.0765 4816 asc3550 - ok
22:53:43.0734 4816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:53:43.0750 4816 AsyncMac - ok
22:53:44.0734 4816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:53:44.0765 4816 atapi - ok
22:53:45.0171 4816 Atdisk - ok
22:53:45.0453 4816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:53:45.0468 4816 Atmarpc - ok
22:53:46.0250 4816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:53:46.0265 4816 audstub - ok
22:53:46.0625 4816 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:53:46.0656 4816 b57w2k - ok
22:53:47.0031 4816 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
22:53:47.0046 4816 BASFND - ok
22:53:47.0359 4816 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:53:47.0453 4816 BCM43XX - ok
22:53:48.0062 4816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:53:48.0078 4816 Beep - ok
22:53:48.0468 4816 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
22:53:48.0500 4816 BrScnUsb - ok
22:53:48.0718 4816 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
22:53:48.0750 4816 BrSerIf - ok
22:53:49.0078 4816 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
22:53:49.0093 4816 BrUsbSer - ok
22:53:49.0312 4816 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:53:49.0343 4816 cbidf - ok
22:53:49.0390 4816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:53:49.0390 4816 cbidf2k - ok
22:53:49.0515 4816 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:53:49.0531 4816 CCDECODE - ok
22:53:49.0562 4816 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:53:49.0578 4816 cd20xrnt - ok
22:53:49.0671 4816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:53:49.0687 4816 Cdaudio - ok
22:53:49.0765 4816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:53:49.0796 4816 Cdfs - ok
22:53:49.0890 4816 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
22:53:49.0921 4816 cdrbsdrv - ok
22:53:50.0015 4816 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:53:50.0031 4816 Cdrom - ok
22:53:50.0093 4816 Changer - ok
22:53:50.0203 4816 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:53:50.0218 4816 CmBatt - ok
22:53:50.0359 4816 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:53:50.0375 4816 CmdIde - ok
22:53:50.0484 4816 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:53:50.0500 4816 Compbatt - ok
22:53:50.0703 4816 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:53:50.0718 4816 Cpqarray - ok
22:53:51.0000 4816 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
22:53:51.0015 4816 CVirtA - ok
22:53:51.0187 4816 CVPNDRVA (b4ee6bf210982d31e56cd526eb7e0cb6) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
22:53:51.0218 4816 CVPNDRVA - ok
22:53:51.0359 4816 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:53:51.0406 4816 dac2w2k - ok
22:53:51.0468 4816 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:53:51.0500 4816 dac960nt - ok
22:53:51.0625 4816 DgiVecp (1ec27a51a2f9df052bc2b4c8376c8fea) C:\WINDOWS\system32\Drivers\DgiVecp.sys
22:53:51.0640 4816 DgiVecp - ok
22:53:51.0796 4816 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:53:51.0812 4816 Disk - ok
22:53:51.0890 4816 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
22:53:51.0921 4816 DLABMFSM - ok
22:53:51.0968 4816 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:53:52.0000 4816 DLABOIOM - ok
22:53:52.0187 4816 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
22:53:52.0203 4816 DLACDBHM - ok
22:53:52.0328 4816 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
22:53:52.0343 4816 DLADResM - ok
22:53:52.0546 4816 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:53:52.0578 4816 DLAIFS_M - ok
22:53:53.0375 4816 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:53:53.0390 4816 DLAOPIOM - ok
22:53:53.0796 4816 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:53:53.0812 4816 DLAPoolM - ok
22:53:54.0093 4816 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
22:53:54.0125 4816 DLARTL_M - ok
22:53:54.0421 4816 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:53:54.0437 4816 DLAUDFAM - ok
22:53:54.0687 4816 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:53:54.0718 4816 DLAUDF_M - ok
22:53:54.0921 4816 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:53:54.0968 4816 dmboot - ok
22:53:55.0171 4816 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:53:55.0187 4816 dmio - ok
22:53:55.0421 4816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:53:55.0437 4816 dmload - ok
22:53:55.0781 4816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:53:55.0796 4816 DMusic - ok
22:53:56.0031 4816 DNE (f3d3e0d3fefac57ed1ecadfe746e52f3) C:\WINDOWS\system32\DRIVERS\dne2000.sys
22:53:56.0062 4816 DNE - ok
22:53:56.0312 4816 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:53:56.0328 4816 dpti2o - ok
22:53:56.0593 4816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:53:56.0609 4816 drmkaud - ok
22:53:56.0875 4816 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
22:53:56.0906 4816 DRVMCDB - ok
22:53:57.0125 4816 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:53:57.0156 4816 DRVNDDM - ok
22:53:57.0390 4816 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
22:53:57.0421 4816 DXEC01 - ok
22:53:57.0578 4816 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:53:57.0609 4816 E100B - ok
22:53:57.0968 4816 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:53:58.0000 4816 Fastfat - ok
22:53:58.0171 4816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:53:58.0187 4816 Fdc - ok
22:53:58.0234 4816 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:53:58.0265 4816 Fips - ok
22:53:58.0296 4816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:53:58.0312 4816 Flpydisk - ok
22:53:58.0359 4816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:53:58.0390 4816 FltMgr - ok
22:53:58.0437 4816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:53:58.0453 4816 Fs_Rec - ok
22:53:58.0484 4816 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:53:58.0515 4816 Ftdisk - ok
22:53:58.0625 4816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:53:58.0640 4816 GEARAspiWDM - ok
22:53:58.0718 4816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:53:58.0750 4816 Gpc - ok
22:53:58.0984 4816 guardian2 (7dadeb7f2215b1f883267cad67f091c1) C:\WINDOWS\system32\Drivers\oz776.sys
22:53:59.0000 4816 guardian2 - ok
22:53:59.0109 4816 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:53:59.0125 4816 HDAudBus - ok
22:53:59.0312 4816 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:53:59.0328 4816 HidUsb - ok
22:53:59.0468 4816 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:53:59.0484 4816 hpn - ok
22:53:59.0703 4816 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:53:59.0734 4816 HPZid412 - ok
22:53:59.0890 4816 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:53:59.0906 4816 HPZipr12 - ok
22:54:00.0031 4816 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:54:00.0046 4816 HPZius12 - ok
22:54:00.0156 4816 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:54:00.0187 4816 HSFHWAZL - ok
22:54:00.0375 4816 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:54:00.0437 4816 HSF_DPV - ok
22:54:00.0531 4816 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:54:00.0562 4816 HTTP - ok
22:54:00.0625 4816 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:54:00.0640 4816 i2omgmt - ok
22:54:00.0765 4816 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:54:00.0781 4816 i2omp - ok
22:54:00.0921 4816 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:54:00.0953 4816 i8042prt - ok
22:54:01.0265 4816 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:54:01.0500 4816 ialm - ok
22:54:01.0640 4816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:54:01.0656 4816 Imapi - ok
22:54:02.0031 4816 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:54:02.0046 4816 ini910u - ok
22:54:02.0109 4816 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:54:02.0125 4816 IntelIde - ok
22:54:02.0187 4816 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:54:02.0218 4816 intelppm - ok
22:54:02.0328 4816 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:54:02.0359 4816 Ip6Fw - ok
22:54:02.0546 4816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:54:02.0578 4816 IpFilterDriver - ok
22:54:02.0703 4816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:54:02.0718 4816 IpInIp - ok
22:54:02.0875 4816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:54:02.0906 4816 IpNat - ok
22:54:03.0171 4816 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:54:03.0203 4816 IPSec - ok
22:54:03.0406 4816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:54:03.0421 4816 IRENUM - ok
22:54:03.0562 4816 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:54:03.0625 4816 isapnp - ok
22:54:03.0703 4816 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:54:03.0734 4816 Kbdclass - ok
22:54:03.0875 4816 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:54:03.0906 4816 kmixer - ok
22:54:04.0109 4816 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:54:04.0125 4816 KSecDD - ok
22:54:04.0281 4816 lbrtfdc - ok
22:54:04.0593 4816 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
22:54:04.0609 4816 LMIInfo - ok
22:54:04.0750 4816 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
22:54:04.0765 4816 lmimirr - ok
22:54:05.0015 4816 LMIRfsClientNP - ok
22:54:05.0109 4816 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
22:54:05.0125 4816 LMIRfsDriver - ok
22:54:05.0375 4816 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
22:54:05.0390 4816 MBAMProtector - ok
22:54:05.0609 4816 MBAMSwissArmy - ok
22:54:05.0703 4816 MCSTRM - ok
22:54:05.0859 4816 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:54:05.0890 4816 mdmxsdk - ok
22:54:06.0078 4816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:54:06.0093 4816 mnmdd - ok
22:54:06.0296 4816 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:54:06.0328 4816 Modem - ok
22:54:06.0390 4816 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:54:06.0406 4816 Mouclass - ok
22:54:06.0531 4816 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:54:06.0562 4816 mouhid - ok
22:54:06.0734 4816 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:54:06.0765 4816 MountMgr - ok
22:54:06.0953 4816 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:54:06.0968 4816 mraid35x - ok
22:54:07.0125 4816 MREMPR5 - ok
22:54:07.0187 4816 MRENDIS5 - ok
22:54:07.0265 4816 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:54:07.0296 4816 MRxDAV - ok
22:54:07.0406 4816 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:54:07.0468 4816 MRxSmb - ok
22:54:07.0546 4816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:54:07.0562 4816 Msfs - ok
22:54:07.0609 4816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:54:07.0625 4816 MSKSSRV - ok
22:54:07.0750 4816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:54:07.0765 4816 MSPCLOCK - ok
22:54:07.0906 4816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:54:07.0921 4816 MSPQM - ok
22:54:07.0984 4816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:54:08.0000 4816 mssmbios - ok
22:54:08.0171 4816 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:54:08.0171 4816 MSTEE - ok
22:54:08.0250 4816 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:54:08.0281 4816 Mup - ok
22:54:08.0421 4816 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:54:08.0453 4816 NABTSFEC - ok
22:54:08.0750 4816 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:54:08.0796 4816 NDIS - ok
22:54:09.0062 4816 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:54:09.0062 4816 NdisIP - ok
22:54:09.0265 4816 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:54:09.0281 4816 NdisTapi - ok
22:54:09.0484 4816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:54:09.0500 4816 Ndisuio - ok
22:54:09.0609 4816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:54:09.0625 4816 NdisWan - ok
22:54:09.0750 4816 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:54:09.0781 4816 NDProxy - ok
22:54:09.0906 4816 NEOFLTR_630_14121 (d68beba9074c2aa5ce78560a1bb0fbf4) C:\WINDOWS\system32\Drivers\NEOFLTR_630_14121.SYS
22:54:09.0921 4816 NEOFLTR_630_14121 - ok
22:54:10.0125 4816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:54:10.0140 4816 NetBIOS - ok
22:54:10.0203 4816 NetBT (e67c98f0a21b745d50082ae9c095795b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:54:10.0218 4816 NetBT - ok
22:54:10.0531 4816 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:54:10.0546 4816 NIC1394 - ok
22:54:10.0843 4816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:54:10.0859 4816 Npfs - ok
22:54:11.0000 4816 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:54:11.0031 4816 Ntfs - ok
22:54:11.0296 4816 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
22:54:11.0312 4816 NuidFltr - ok
22:54:11.0468 4816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:54:11.0484 4816 Null - ok
22:54:11.0640 4816 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:54:11.0703 4816 nv - ok
22:54:12.0421 4816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:54:12.0437 4816 NwlnkFlt - ok
22:54:12.0453 4816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:54:12.0484 4816 NwlnkFwd - ok
22:54:12.0671 4816 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:54:12.0687 4816 ohci1394 - ok
22:54:13.0218 4816 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:54:13.0250 4816 Parport - ok
22:54:14.0156 4816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:54:14.0171 4816 PartMgr - ok
22:54:14.0296 4816 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:54:14.0312 4816 ParVdm - ok
22:54:14.0437 4816 PBADRV (e3e6e724d6a82ab6a2afbcb21180ffce) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
22:54:14.0453 4816 PBADRV - ok
22:54:14.0546 4816 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:54:14.0578 4816 PCI - ok
22:54:14.0937 4816 PCIDump - ok
22:54:15.0218 4816 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:54:15.0218 4816 PCIIde - ok
22:54:15.0343 4816 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:54:15.0359 4816 Pcmcia - ok
22:54:15.0390 4816 PDCOMP - ok
22:54:15.0421 4816 PDFRAME - ok
22:54:15.0484 4816 PDRELI - ok
22:54:15.0515 4816 PDRFRAME - ok
22:54:15.0609 4816 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:54:15.0640 4816 perc2 - ok
22:54:15.0750 4816 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:54:15.0765 4816 perc2hib - ok
22:54:15.0921 4816 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
22:54:15.0937 4816 pfc - ok
22:54:16.0562 4816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:54:16.0578 4816 PptpMiniport - ok
22:54:16.0859 4816 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:54:16.0890 4816 PSched - ok
22:54:17.0203 4816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:54:17.0234 4816 Ptilink - ok
22:54:17.0500 4816 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:54:17.0531 4816 PxHelp20 - ok
22:54:17.0812 4816 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:54:17.0843 4816 ql1080 - ok
22:54:18.0000 4816 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:54:18.0031 4816 Ql10wnt - ok
22:54:18.0390 4816 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:54:18.0406 4816 ql12160 - ok
22:54:18.0984 4816 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:54:19.0015 4816 ql1240 - ok
22:54:19.0343 4816 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:54:19.0375 4816 ql1280 - ok
22:54:19.0609 4816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:54:19.0625 4816 RasAcd - ok
22:54:19.0890 4816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:54:19.0906 4816 Rasl2tp - ok
22:54:20.0078 4816 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:54:20.0093 4816 RasPppoe - ok
22:54:20.0140 4816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:54:20.0156 4816 Raspti - ok
22:54:20.0281 4816 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:54:20.0312 4816 Rdbss - ok
22:54:20.0375 4816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:54:20.0406 4816 RDPCDD - ok
22:54:20.0468 4816 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:54:20.0500 4816 rdpdr - ok
22:54:20.0625 4816 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:54:20.0640 4816 RDPWD - ok
22:54:20.0750 4816 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:54:20.0781 4816 redbook - ok
22:54:21.0437 4816 SASDIFSV (39763504067962108505bff25f024345) C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASDIFSV.SYS
22:54:21.0453 4816 SASDIFSV - ok
22:54:21.0578 4816 SASENUM - ok
22:54:21.0578 4816 SASKUTIL - ok
22:54:21.0812 4816 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:54:21.0828 4816 Secdrv - ok
22:54:22.0265 4816 Ser2pl (de0a165d9f8ea295e62ea702ef2f8125) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
22:54:22.0296 4816 Ser2pl - ok
22:54:22.0484 4816 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:54:22.0500 4816 serenum - ok
22:54:22.0687 4816 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:54:22.0718 4816 Serial - ok
22:54:23.0125 4816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:54:23.0125 4816 Sfloppy - ok
22:54:23.0265 4816 Simbad - ok
22:54:23.0484 4816 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:54:23.0515 4816 sisagp - ok
22:54:23.0703 4816 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:54:23.0718 4816 SLIP - ok
22:54:24.0015 4816 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
22:54:24.0031 4816 sonypvs1 - ok
22:54:24.0140 4816 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:54:24.0156 4816 SONYPVU1 - ok
22:54:24.0265 4816 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:54:24.0296 4816 Sparrow - ok
22:54:24.0421 4816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:54:24.0437 4816 splitter - ok
22:54:24.0750 4816 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:54:24.0781 4816 sr - ok
22:54:24.0921 4816 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:54:24.0984 4816 Srv - ok
22:54:25.0218 4816 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys
22:54:25.0328 4816 STHDA - ok
22:54:25.0515 4816 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:54:25.0531 4816 streamip - ok
22:54:25.0593 4816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:54:25.0609 4816 swenum - ok
22:54:25.0718 4816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:54:25.0734 4816 swmidi - ok
22:54:25.0859 4816 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:54:25.0875 4816 symc810 - ok
22:54:25.0921 4816 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:54:25.0953 4816 symc8xx - ok
22:54:26.0062 4816 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:54:26.0078 4816 sym_hi - ok
22:54:26.0296 4816 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:54:26.0328 4816 sym_u3 - ok
22:54:26.0500 4816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:54:26.0515 4816 sysaudio - ok
22:54:26.0781 4816 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:54:26.0812 4816 Tcpip - ok
22:54:27.0328 4816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:54:27.0343 4816 TDPIPE - ok
22:54:27.0421 4816 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:54:27.0437 4816 TDTCP - ok
22:54:27.0546 4816 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:54:27.0562 4816 TermDD - ok
22:54:27.0859 4816 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\WINDOWS\system32\drivers\tmcomm.sys
22:54:27.0875 4816 tmcomm - ok
22:54:28.0000 4816 TmFilter (3e615f370f0c7db414b6bcd1c18399d4) C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys
22:54:28.0062 4816 TmFilter - ok
22:54:28.0093 4816 TmPreFilter (c7c7959ec0940e0eddfc881fed8ec214) C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys
22:54:28.0109 4816 TmPreFilter - ok
22:54:28.0187 4816 TM_CFW (6ebec57eb4b4b29c8a90d3c32a588f3e) C:\Program Files\Trend Micro\Client Server Security Agent\tm_cfw.sys
22:54:28.0437 4816 TM_CFW - ok
22:54:28.0750 4816 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:54:28.0750 4816 TosIde - ok
22:54:28.0906 4816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:54:28.0937 4816 Udfs - ok
22:54:29.0046 4816 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:54:29.0078 4816 ultra - ok
22:54:29.0171 4816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:54:29.0187 4816 Update - ok
22:54:29.0328 4816 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:54:29.0359 4816 USBAAPL - ok
22:54:29.0406 4816 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:54:29.0421 4816 usbaudio - ok
22:54:29.0515 4816 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:54:29.0546 4816 usbccgp - ok
22:54:29.0578 4816 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:54:29.0593 4816 usbehci - ok
22:54:29.0687 4816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:54:29.0703 4816 usbhub - ok
22:54:29.0765 4816 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:54:29.0781 4816 usbprint - ok
22:54:29.0906 4816 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:54:29.0921 4816 usbscan - ok
22:54:30.0031 4816 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:54:30.0046 4816 USBSTOR - ok
22:54:30.0093 4816 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:54:30.0109 4816 usbuhci - ok
22:54:30.0296 4816 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
22:54:30.0312 4816 usb_rndisx - ok
22:54:30.0421 4816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:54:30.0453 4816 VgaSave - ok
22:54:30.0609 4816 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:54:30.0640 4816 viaagp - ok
22:54:30.0828 4816 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:54:30.0843 4816 ViaIde - ok
22:54:30.0984 4816 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:54:31.0000 4816 VolSnap - ok
22:54:31.0187 4816 VSApiNt (60dfbc34228ca36221b03460789f5d4e) C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys
22:54:31.0234 4816 VSApiNt - ok
22:54:31.0421 4816 vsdatant (57009a8610a4e1f5ed333f543224516a) C:\WINDOWS\system32\vsdatant.sys
22:54:31.0453 4816 vsdatant - ok
22:54:31.0546 4816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:54:31.0578 4816 Wanarp - ok
22:54:32.0390 4816 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:54:32.0468 4816 Wdf01000 - ok
22:54:32.0484 4816 WDICA - ok
22:54:32.0578 4816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:54:32.0609 4816 wdmaud - ok
22:54:32.0796 4816 WebDriveFSD (e5ca8571ff00fe7ee3d667fe0cc147c5) C:\Program Files\WebDrive\wdfsd.sys
22:54:32.0843 4816 WebDriveFSD - ok
22:54:33.0265 4816 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:54:33.0421 4816 winachsf - ok
22:54:33.0718 4816 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
22:54:33.0750 4816 WinUSB - ok
22:54:33.0921 4816 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:54:33.0937 4816 WmiAcpi - ok
22:54:34.0015 4816 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:54:34.0046 4816 WpdUsb - ok
22:54:34.0125 4816 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:54:34.0140 4816 WS2IFSL - ok
22:54:34.0203 4816 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:54:34.0218 4816 WSTCODEC - ok
22:54:34.0343 4816 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:54:34.0359 4816 WudfPf - ok
22:54:34.0453 4816 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:54:34.0484 4816 WudfRd - ok
22:54:34.0718 4816 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:54:34.0906 4816 \Device\Harddisk0\DR0 - ok
22:54:34.0906 4816 Boot (0x1200) (fe6734fbb0c47b2335e6cd0179c90303) \Device\Harddisk0\DR0\Partition0
22:54:34.0906 4816 \Device\Harddisk0\DR0\Partition0 - ok
22:54:34.0937 4816 ============================================================
22:54:34.0937 4816 Scan finished
22:54:34.0937 4816 ============================================================
22:54:35.0093 5764 Detected object count: 0
22:54:35.0093 5764 Actual detected object count: 0
22:55:35.0578 5820 Deinitialize success




ComboFix 11-12-12.02 - matt.thomas 12/12/2011 23:11:53.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1504 [GMT -5:00]
Running from: c:\documents and settings\matt.thomas\Desktop\ComboFix.exe
AV: Trend Micro Client-Server Security Agent AntiVirus *Enabled/Updated* {61CB6683-51E0-4335-991A-E86068BDD4B5}
FW: Trend Micro Client-Server Security Agent Firewall *Enabled* {61CB6683-51E0-4335-991A-E86068BDD4B5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\charlene.oldeck\g2mdlhlpx.exe
c:\documents and settings\matt.thomas\Application Data\Adobe\shalom.exe
c:\documents and settings\matt.thomas\g2mdlhlpx.exe
c:\documents and settings\matt.thomas\GoToAssistDownloadHelper.exe
c:\documents and settings\matt.thomas\WINDOWS
c:\windows\$NtUninstallKB15904$\121867088
c:\windows\$NtUninstallKB15904$\2796722322\@
c:\windows\$NtUninstallKB15904$\2796722322\bckfg.tmp
c:\windows\$NtUninstallKB15904$\2796722322\cfg.ini
c:\windows\$NtUninstallKB15904$\2796722322\Desktop.ini
c:\windows\$NtUninstallKB15904$\2796722322\keywords
c:\windows\$NtUninstallKB15904$\2796722322\kwrd.dll
c:\windows\$NtUninstallKB15904$\2796722322\L\iahonoel
c:\windows\$NtUninstallKB15904$\2796722322\lsflt7.ver
c:\windows\$NtUninstallKB15904$\2796722322\U\00000001.@
c:\windows\$NtUninstallKB15904$\2796722322\U\00000002.@
c:\windows\$NtUninstallKB15904$\2796722322\U\00000004.@
c:\windows\$NtUninstallKB15904$\2796722322\U\80000000.@
c:\windows\$NtUninstallKB15904$\2796722322\U\80000004.@
c:\windows\$NtUninstallKB15904$\2796722322\U\80000032.@
c:\windows\CSC\d6
c:\windows\EventSystem.log
c:\windows\jestertb.dll
c:\windows\run.log
c:\windows\system32\PowerToyReadme.htm
c:\windows\$NtUninstallKB15904$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-13 to 2011-12-13 )))))))))))))))))))))))))))))))
.
.
2011-12-11 16:36 . 2011-12-11 16:36 -------- d-----w- C:\af81d5999af364f2a22add4f9da4383c
2011-12-11 04:00 . 2011-12-11 04:00 -------- d-----w- c:\program files\Common Files\Java
2011-12-05 15:03 . 2011-12-05 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ResMed
2011-11-29 19:06 . 2011-11-29 19:06 -------- d-----w- C:\EP2InstallLog
2011-11-29 19:00 . 2011-11-29 19:00 -------- d-----w- c:\program files\ACR38_100_122 PCSC Driver
2011-11-29 18:42 . 2011-11-29 19:00 -------- d-----w- c:\program files\ResMed
2011-11-29 18:40 . 2011-11-29 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{740DA5E1-87B3-47BF-9A61-33426D495341}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 17:32 . 2011-10-17 17:32 412314 ----a-w- c:\documents and settings\matt.zip
2011-10-10 14:22 . 2004-08-11 23:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 10:06 . 2010-06-15 16:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 07:37 . 2009-08-01 22:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2004-08-11 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-27 19:19 . 2011-06-10 03:07 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 22:16 . 2008-02-07 14:45 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-09-26 22:16 . 2008-02-07 14:45 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-09-26 22:15 . 2008-02-07 14:45 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-09-26 22:15 . 2008-02-07 14:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-11 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-11 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\41058a53-5c39-4601-a9be-4e1e6a0cab89.exe" [2009-07-22 1830128]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-03-29 394952]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2011-08-30 46520]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2011-08-30 738776]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2005-01-06 212992]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\Nuance\OmniPageSE4\OpwareSE4.exe" [2007-06-27 79136]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-21 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"HFALoader"="c:\program files\Hamster Soft\Free ZIP Archiver\HamsterArc.exe" [2011-10-11 2318336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bloggie Watcher Utility.lnk - c:\program files\Sony\Bloggie Software\BGVolumeWatcher.exe [2010-11-3 746856]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-6-10 1466200]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASSEH.DLL" [2011-12-10 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 11:35 548352 ----a-w- c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-09-26 22:15 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Retriever.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Retriever.lnk
backup=c:\windows\pss\Image Retriever.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^SmartScan.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\SmartScan.lnk
backup=c:\windows\pss\SmartScan.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-08-30 17:24 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]
2011-08-30 22:56 46520 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-03-16 09:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 20:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2007-01-30 21:32 102400 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJTWAIN Setup]
2004-09-01 15:45 126976 ----a-w- c:\windows\twain_32\Fjscan32\FjtwSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 17:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 15:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-08-03 20:09 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-01-22 17:53 212992 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-19 05:26 303104 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
2010-09-11 21:18 32960 ----a-w- c:\program files\Starfield\starfieldupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\matt.thomas\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
.
R1 NEOFLTR_630_14121;Juniper Networks TDI Filter Driver (NEOFLTR_630_14121);c:\windows\system32\drivers\NEOFLTR_630_14121.sys [3/26/2009 10:02 PM 64480]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASDIFSV.SYS [11/17/2008 3:11 PM 12880]
R2 !SASCORE;SAS Core Service;c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE [12/7/2010 3:33 PM 116608]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 12:47 PM 1310960]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/12/2011 2:03 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 3:09 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2011 1:26 PM 366152]
R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [8/14/2009 10:44 AM 31232]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\tmxpflt.sys [9/17/2007 1:40 PM 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [9/17/2007 1:40 PM 36368]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\WebDrive\wdfsd.sys [4/28/2006 3:23 AM 165888]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2011 1:26 PM 22216]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\matt.thomas\Desktop\SASKUTIL.sys --> c:\documents and settings\matt.thomas\Desktop\SASKUTIL.sys [?]
S3 SASENUM;SASENUM;\??\c:\documents and settings\matt.thomas\Desktop\SASENUM.SYS --> c:\documents and settings\matt.thomas\Desktop\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-10-27 c:\windows\Tasks\HP DArC Task 2003-08-20 09:23ewlett-Packard-6002003-08-20 18:57Y3A733072K3.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 18:57]
.
2011-12-13 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2009-03-27 21:23]
.
2011-12-13 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 18:28]
.
2011-12-12 c:\windows\Tasks\User_Feed_Synchronization-{AEF3A359-68A8-427C-8F9A-70E8242AF0B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\biolsp.dll
Trusted Zone: listen.com\www
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxConsole.cab
FF - ProfilePath - c:\documents and settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home|http://email14.secureserver.net/webmail.php|https://teambeachbody.com/home?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-RMDVCOMM&10C4&8119 - c:\program files\ResMed\ResMed USB Adapter\DriverUninstaller.exe VCP CP210x Cardinal\RMDVCOMM&10C4&8119
AddRemove-Windows Mobile Device Handbook - c:\program files\Touch by HTC User Guide\Windows Mobile Device Handbook\Bin\DHUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-12 23:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1292)
c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\wdnp32.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\wdUIResDll.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(1348)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(4396)
c:\windows\system32\WININET.dll
c:\program files\Nuance\OmniPageSE4\OpHookSE4.dll
c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\wdnp32.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\wdUIResDll.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\StacSV.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\WebDrive\wdService.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\TEMP\CL777D.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-12-12 23:51:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-13 04:50
.
Pre-Run: 4,627,255,296 bytes free
Post-Run: 5,181,476,864 bytes free
.
- - End Of File - - C57AC032A3FBEFD6291C56175F13EC8A

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:22 PM

Posted 13 December 2011 - 09:25 AM

Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Folder::
c:\windows\$NtUninstallKB15904$
c:\documents and settings\All Users\Application Data\{740DA5E1-87B3-47BF-9A61-33426D495341}

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 mattymatt

mattymatt
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 13 December 2011 - 07:32 PM

I honestly tried to disable Trend Micro on my laptop but all I could do was disable the roaming mode. Hope it doesnt affect the scans!

ComboFix 11-12-12.02 - matt.thomas 12/13/2011 13:50:31.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1070 [GMT -5:00]
Running from: c:\documents and settings\matt.thomas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\matt.thomas\Desktop\CFScript.txt
AV: Trend Micro Client-Server Security Agent AntiVirus *Enabled/Updated* {61CB6683-51E0-4335-991A-E86068BDD4B5}
FW: Trend Micro Client-Server Security Agent Firewall *Enabled* {61CB6683-51E0-4335-991A-E86068BDD4B5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\{740DA5E1-87B3-47BF-9A61-33426D495341}
c:\documents and settings\All Users\Application Data\{740DA5E1-87B3-47BF-9A61-33426D495341}\1033.MST
c:\documents and settings\All Users\Application Data\{740DA5E1-87B3-47BF-9A61-33426D495341}\ResScan.msi
.
.
((((((((((((((((((((((((( Files Created from 2011-11-13 to 2011-12-13 )))))))))))))))))))))))))))))))
.
.
2011-12-11 16:36 . 2011-12-11 16:36 -------- d-----w- C:\af81d5999af364f2a22add4f9da4383c
2011-12-11 04:00 . 2011-12-11 04:00 -------- d-----w- c:\program files\Common Files\Java
2011-12-05 15:03 . 2011-12-05 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ResMed
2011-11-29 19:06 . 2011-11-29 19:06 -------- d-----w- C:\EP2InstallLog
2011-11-29 19:00 . 2011-11-29 19:00 -------- d-----w- c:\program files\ACR38_100_122 PCSC Driver
2011-11-29 18:42 . 2011-11-29 19:00 -------- d-----w- c:\program files\ResMed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 17:32 . 2011-10-17 17:32 412314 ----a-w- c:\documents and settings\matt.zip
2011-10-10 14:22 . 2004-08-11 23:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 10:06 . 2010-06-15 16:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 07:37 . 2009-08-01 22:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2004-08-11 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-27 19:19 . 2011-06-10 03:07 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 22:16 . 2008-02-07 14:45 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-09-26 22:16 . 2008-02-07 14:45 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-09-26 22:15 . 2008-02-07 14:45 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-09-26 22:15 . 2008-02-07 14:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-11 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-11 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-13_04.37.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-13 14:29 . 2011-12-13 14:29 814080 c:\windows\Installer\21fd872.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\41058a53-5c39-4601-a9be-4e1e6a0cab89.exe" [2009-07-22 1830128]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-03-29 394952]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2011-08-30 46520]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2011-08-30 738776]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2005-01-06 212992]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\Nuance\OmniPageSE4\OpwareSE4.exe" [2007-06-27 79136]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-21 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"HFALoader"="c:\program files\Hamster Soft\Free ZIP Archiver\HamsterArc.exe" [2011-10-11 2318336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bloggie Watcher Utility.lnk - c:\program files\Sony\Bloggie Software\BGVolumeWatcher.exe [2010-11-3 746856]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-6-10 1466200]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASSEH.DLL" [2011-12-10 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 11:35 548352 ----a-w- c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-09-26 22:15 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Retriever.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Retriever.lnk
backup=c:\windows\pss\Image Retriever.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^SmartScan.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\SmartScan.lnk
backup=c:\windows\pss\SmartScan.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-08-30 17:24 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]
2011-08-30 22:56 46520 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-03-16 09:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 20:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2007-01-30 21:32 102400 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJTWAIN Setup]
2004-09-01 15:45 126976 ----a-w- c:\windows\twain_32\Fjscan32\FjtwSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 17:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 15:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-08-03 20:09 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-01-22 17:53 212992 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-19 05:26 303104 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
2010-09-11 21:18 32960 ----a-w- c:\program files\Starfield\starfieldupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\matt.thomas\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
.
R1 NEOFLTR_630_14121;Juniper Networks TDI Filter Driver (NEOFLTR_630_14121);c:\windows\system32\drivers\NEOFLTR_630_14121.sys [3/26/2009 10:02 PM 64480]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASDIFSV.SYS [11/17/2008 3:11 PM 12880]
R2 !SASCORE;SAS Core Service;c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE [12/7/2010 3:33 PM 116608]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 12:47 PM 1310960]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/12/2011 2:03 PM 374152]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2011 1:26 PM 366152]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\tmxpflt.sys [9/17/2007 1:40 PM 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [9/17/2007 1:40 PM 36368]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\WebDrive\wdfsd.sys [4/28/2006 3:23 AM 165888]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2011 1:26 PM 22216]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\matt.thomas\Desktop\SASKUTIL.sys --> c:\documents and settings\matt.thomas\Desktop\SASKUTIL.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 3:09 PM 12856]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [8/14/2009 10:44 AM 31232]
S3 SASENUM;SASENUM;\??\c:\documents and settings\matt.thomas\Desktop\SASENUM.SYS --> c:\documents and settings\matt.thomas\Desktop\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-10-27 c:\windows\Tasks\HP DArC Task 2003-08-20 09:23ewlett-Packard-6002003-08-20 18:57Y3A733072K3.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 18:57]
.
2011-12-13 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2009-03-27 21:23]
.
2011-12-13 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 18:28]
.
2011-12-13 c:\windows\Tasks\User_Feed_Synchronization-{AEF3A359-68A8-427C-8F9A-70E8242AF0B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\biolsp.dll
Trusted Zone: listen.com\www
TCP: DhcpNameServer = 208.98.64.26
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxConsole.cab
FF - ProfilePath - c:\documents and settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home|http://email14.secureserver.net/webmail.php|https://teambeachbody.com/home?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-13 14:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1292)
c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\wdnp32.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\wdUIResDll.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(1348)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2011-12-13 14:06:47
ComboFix-quarantined-files.txt 2011-12-13 19:06
ComboFix2.txt 2011-12-13 04:51
.
Pre-Run: 4,767,526,912 bytes free
Post-Run: 4,973,625,344 bytes free
.
- - End Of File - - AB3524A43822A56C933679D65EF06E4B




Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8366

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/13/2011 4:07:30 PM
mbam-log-2011-12-13 (16-07-30).txt

Scan type: Quick scan
Objects scanned: 207459
Time elapsed: 19 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)




C:\Documents and Settings\matt.thomas\Desktop\Stuff\Misc1\SDFix.exe Win32/PrcView application
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP819\A0102510.exe Win32/OpenCandy application
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP885\A0114147.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP885\A0114171.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP885\A0114181.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP885\A0115181.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP887\A0115237.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP887\A0115279.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP888\A0115428.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP888\A0116428.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP889\A0117428.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP890\A0118428.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP890\A0119428.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP893\A0120428.sys a variant of Win32/Rootkit.Kryptik.GG trojan
C:\WINDOWS\system32\drivers\netbt.sys a variant of Win32/Rootkit.Kryptik.GG trojan

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:22 PM

Posted 13 December 2011 - 07:38 PM

Hi

Please do the following:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    *netbt*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 mattymatt

mattymatt
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 13 December 2011 - 08:29 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 20:24 on 13/12/2011 by matt.thomas
Administrator - Elevation successful

========== filefind ==========

Searching for "*netbt*"
C:\i386\netbt.sys --a---- 162816 bytes [19:53 07/02/2008] [11:00 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys -----c- 162816 bytes [23:13 03/09/2009] [11:00 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\ServicePackFiles\i386\netbt.sys ------- 162816 bytes [12:46 04/09/2008] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\drivers\netbt.sys --a---- 162816 bytes [23:00 11/08/2004] [19:21 13/04/2008] E67C98F0A21B745D50082AE9C095795B

-= EOF =-

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:22 PM

Posted 13 December 2011 - 08:37 PM

Hi


Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

FCopy::
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys | C:\WINDOWS\system32\drivers\netbt.sys



Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 mattymatt

mattymatt
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 13 December 2011 - 09:03 PM

ComboFix 11-12-13.03 - matt.thomas 12/13/2011 20:53:00.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1200 [GMT -5:00]
Running from: c:\documents and settings\matt.thomas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\matt.thomas\Desktop\CFScript.txt
AV: Trend Micro Client-Server Security Agent AntiVirus *Enabled/Updated* {61CB6683-51E0-4335-991A-E86068BDD4B5}
FW: Trend Micro Client-Server Security Agent Firewall *Enabled* {61CB6683-51E0-4335-991A-E86068BDD4B5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\$NtServicePackUninstall$\netbt.sys --> c:\windows\system32\drivers\netbt.sys
.
((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-13 21:11 . 2011-12-13 21:11 -------- d-----w- c:\program files\ESET
2011-12-11 16:36 . 2011-12-11 16:36 -------- d-----w- C:\af81d5999af364f2a22add4f9da4383c
2011-12-11 04:00 . 2011-12-11 04:00 -------- d-----w- c:\program files\Common Files\Java
2011-12-05 15:03 . 2011-12-05 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ResMed
2011-11-29 19:06 . 2011-11-29 19:06 -------- d-----w- C:\EP2InstallLog
2011-11-29 19:00 . 2011-11-29 19:00 -------- d-----w- c:\program files\ACR38_100_122 PCSC Driver
2011-11-29 18:42 . 2011-11-29 19:00 -------- d-----w- c:\program files\ResMed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 17:32 . 2011-10-17 17:32 412314 ----a-w- c:\documents and settings\matt.zip
2011-10-10 14:22 . 2004-08-11 23:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 10:06 . 2010-06-15 16:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 07:37 . 2009-08-01 22:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2004-08-11 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-27 19:19 . 2011-06-10 03:07 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 22:16 . 2008-02-07 14:45 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-09-26 22:16 . 2008-02-07 14:45 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-09-26 22:15 . 2008-02-07 14:45 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-09-26 22:15 . 2008-02-07 14:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-11 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-11 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-13_04.37.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 23:00 . 2004-08-04 11:00 162816 c:\windows\system32\dllcache\netbt.sys
+ 2011-12-13 14:29 . 2011-12-13 14:29 814080 c:\windows\Installer\21fd872.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\41058a53-5c39-4601-a9be-4e1e6a0cab89.exe" [2009-07-22 1830128]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-03-29 394952]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2011-08-30 46520]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2011-08-30 738776]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2005-01-06 212992]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\Nuance\OmniPageSE4\OpwareSE4.exe" [2007-06-27 79136]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-21 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"HFALoader"="c:\program files\Hamster Soft\Free ZIP Archiver\HamsterArc.exe" [2011-10-11 2318336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bloggie Watcher Utility.lnk - c:\program files\Sony\Bloggie Software\BGVolumeWatcher.exe [2010-11-3 746856]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-6-10 1466200]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASSEH.DLL" [2011-12-10 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 11:35 548352 ----a-w- c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-09-26 22:15 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Retriever.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Retriever.lnk
backup=c:\windows\pss\Image Retriever.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^SmartScan.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\SmartScan.lnk
backup=c:\windows\pss\SmartScan.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-08-30 17:24 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]
2011-08-30 22:56 46520 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-03-16 09:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 20:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2007-01-30 21:32 102400 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJTWAIN Setup]
2004-09-01 15:45 126976 ----a-w- c:\windows\twain_32\Fjscan32\FjtwSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 17:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 15:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-08-03 20:09 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-01-22 17:53 212992 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-19 05:26 303104 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
2010-09-11 21:18 32960 ----a-w- c:\program files\Starfield\starfieldupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\matt.thomas\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
.
R1 NEOFLTR_630_14121;Juniper Networks TDI Filter Driver (NEOFLTR_630_14121);c:\windows\system32\drivers\NEOFLTR_630_14121.sys [3/26/2009 10:02 PM 64480]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASDIFSV.SYS [11/17/2008 3:11 PM 12880]
R2 !SASCORE;SAS Core Service;c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE [12/7/2010 3:33 PM 116608]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 12:47 PM 1310960]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/12/2011 2:03 PM 374152]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2011 1:26 PM 366152]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [9/17/2007 1:40 PM 36368]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\WebDrive\wdfsd.sys [4/28/2006 3:23 AM 165888]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2011 1:26 PM 22216]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\matt.thomas\Desktop\SASKUTIL.sys --> c:\documents and settings\matt.thomas\Desktop\SASKUTIL.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 3:09 PM 12856]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [8/14/2009 10:44 AM 31232]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\tmxpflt.sys [9/17/2007 1:40 PM 230928]
S3 SASENUM;SASENUM;\??\c:\documents and settings\matt.thomas\Desktop\SASENUM.SYS --> c:\documents and settings\matt.thomas\Desktop\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-10-27 c:\windows\Tasks\HP DArC Task 2003-08-20 09:23ewlett-Packard-6002003-08-20 18:57Y3A733072K3.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 18:57]
.
2011-12-13 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2009-03-27 21:23]
.
2011-12-13 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 18:28]
.
2011-12-13 c:\windows\Tasks\User_Feed_Synchronization-{AEF3A359-68A8-427C-8F9A-70E8242AF0B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\biolsp.dll
Trusted Zone: listen.com\www
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxConsole.cab
FF - ProfilePath - c:\documents and settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home|http://email14.secureserver.net/webmail.php|https://teambeachbody.com/home?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-13 20:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1292)
c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\wdnp32.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\wdUIResDll.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(1348)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(3700)
c:\windows\system32\WININET.dll
c:\program files\Nuance\OmniPageSE4\OpHookSE4.dll
c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-13 21:01:54
ComboFix-quarantined-files.txt 2011-12-14 02:01
ComboFix2.txt 2011-12-13 19:06
ComboFix3.txt 2011-12-13 04:51
.
Pre-Run: 4,829,679,616 bytes free
Post-Run: 4,821,286,912 bytes free
.
- - End Of File - - B60211738F5E9B34C7B04B28E7CC475C

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:22 PM

Posted 13 December 2011 - 09:08 PM

Hi,

Looks better,

How is the computer running now? Are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 mattymatt

mattymatt
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 13 December 2011 - 09:12 PM

Well, everything seems to be normal. Searches are not hijacked and Outlook is connecting. I think we are good to go! Thanks a lot for your help!

Matt

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:22 PM

Posted 13 December 2011 - 09:14 PM

Hi

Just some housekeeping to do now,

Please do the following:


You can delete the TDSSKiller, DDS and GMER logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 mattymatt

mattymatt
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 13 December 2011 - 10:12 PM

I have completed the above and things seem to be back on track. Thanks again!

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:22 PM

Posted 13 December 2011 - 11:07 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:22 PM

Posted 13 December 2011 - 11:07 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users