Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troj_zac, IE search hijacked, possible rootkit


  • This topic is locked This topic is locked
67 replies to this topic

#1 mattymatt

mattymatt

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 06 April 2012 - 11:18 PM

I was unable to run the DDS log. It would get halfway thru the scan and my computer would lockup and I would have to pull the battery.

Also, When running GMER, it picked up a bad process and asked if I wanted to scan. I clicked "no" per instructions. The only boxes that would allow me to check/uncheck was the Services, Registry, and Files. All the others were unchecked and grayed out so I could not check them.

(This is a recommended continuation from this topic: My link

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-07 00:15:16
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\MATT~1.THO\LOCALS~1\Temp\fxldypog.sys


---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\matt.thomas\Cookies\YFC1XLDO.txt 178 bytes
File C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.IE5\IDY6S4Z9\gossipcenter[1].htm 2075 bytes
File C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.IE5\IDY6S4Z9\idEBs_9PGUM[1].htm 0 bytes
File C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.IE5\IDY6S4Z9\am[1].htm 166 bytes
File C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.IE5\IDY6S4Z9\x1195r4195392[1].htm 312 bytes
File C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.IE5\IDY6S4Z9\pq[1].htm 1478 bytes
File C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.IE5\LLA3DW72\01[1].htm 780 bytes
File C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.IE5\LLA3DW72\x1195r7894352[1].htm 327 bytes
File C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.IE5\LLA3DW72\pq[1].htm 1475 bytes
File C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.IE5\PCLMFY1Z\if[1].htm 1885 bytes
File C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.IE5\PCLMFY1Z\adoapn_AppNexusDemoActionTag_1[1].htm 348 bytes
File C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.IE5\PCLMFY1Z\gossipcenter[1].htm 1933 bytes
File C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.IE5\PCLMFY1Z\gossipcenter[2].htm 2062 bytes
File C:\Documents and Settings\matt.thomas\Local Settings\Temporary Internet Files\Content.IE5\PCLMFY1Z\glamadapt_jsapi[1].act 5482 bytes
File C:\Documents and Settings\NetworkService\Cookies\JLVJIAXK.txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2TZ9Y6OU\bclick[3].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2TZ9Y6OU\ajsCA3IKZYF 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\H865ED0Y\cb=gapi[1].loaded0 145377 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N6ZZHAIF\crossdomain[10].xml 154 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N6ZZHAIF\crossdomain[9].xml 154 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\0d84a376b04f097c439da413d202673e[1].swf 11685 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\1331779329[1].mp4 223934 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\1642147685[1].txt 892 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\1642147685[2].txt 789 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\1642147685[3].txt 443 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\2312[1].gif 62 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\6810417615_e4aa8d3f3c_b-445x330[1].jpg 21399 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\ab[1].txt 1673 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\ab[2].txt 1673 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\acces-menu-bg[1].png 62833 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\admarker[1].png 1359 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\ads[1].js 10467 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\advertisement-vertical-grey[1].gif 961 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\ajs[1] 2680 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\ajs[1].php 10023 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\ajs[2] 822 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\ajs[3] 837 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\ajs[4] 822 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\HONConduct655916_s[1].gif 900 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\intro-box-top[1].gif 1911 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\jd.gallery[1].css 6373 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\jd.gallery[1].js 25468 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\jd.gallery[2].js 25468 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\jd.gallery[3].js 25468 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\jd.gallery[4].js 25468 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\jd.gallery[5].js 25468 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\PortalServe[1].htm 4583 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\PortalServe[2].htm 9369 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\ptj[1] 190 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\ptj[2] 190 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\RightArrowhead[1].gif 834 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\round-nav-4[1].gif 3262 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\seg[1] 288 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\sex-healthy-relationships-thumb[1].jpg 9921 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\sharing[1].css 6384 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\shes-gone-wild-madonna-in-agent-provocateur-on-the-cover-of-her-new-single[1].txt 23397 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\SMB+Generic+728x90[1].jpg 25582 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\spice-sex-life-thumb[1].jpg 16404 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\sportsnewsstories_lijit_300x250[1].js 199 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\SportsNewsStories_VideoPlayer[1].swf 63784 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\checkOAuth[1].esi 22 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\checkOAuth[2].esi 22 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\checkOAuth[3].esi 22 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\checkOAuth[4].esi 22 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\click-audit[1].js 3410 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\click[1] 8454 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\click[1].htm 748 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\click[2].htm 748 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\crossdomain[1].xml 151 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\crossdomain[2].xml 139 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\mootools.v1.11[3].js 34840 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\mootools.v1.11[4].js 34840 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\mootools.v1.11[5].js 34840 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\mootools.v1.11[6].js 34840 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\nav_bar[1].jpg 11082 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\nf[1].htm 1766 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\over_videoskin[1].swf 14665 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\p-d05JkuPGiy-jY[1].gif 35 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\photos[1].png 1343 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\pixel!t=1457![1].gif 43 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\PlayerSeed[1].js 267627 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\ffiad[3].htm 255 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\ffiad[4].htm 417 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\fleche2[1].png 434 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\footer-top[1].gif 2891 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\fpi[1].js 4583 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\fp[1] 22432 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\getSegment[1].htm 884 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\gI_80416_Toda-in-America-Logo-2[1].jpg 5066 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\gI_87564_Freihofers-SSU-Kids-Run[1].jpg 8278 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\gI_87681_Southland%20Conference[1].png 39500 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\glamadapt_jsrv[1].act 2605 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\glamadapt_jsrv[2].act 5743 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\glamadapt_psrv[1].act 25518 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\glamadapt_psrv[2].act 26067 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\glamadapt_psrv[3].act 26204 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\check-big[1].png 1829 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\crossdomain[3].xml 154 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\ffiad[2].htm 417 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\jessica-simpson-accused-of-knocking-off-a-louboutin-design[1].txt 22287 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\mootools.v1.11[2].js 34840 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\style[1].css 13939 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\allergies-anaphylaxsis-fcg[1].jpg 117090 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\all[1].json 4181 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\article-pages[1].css 16166 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\banner-beauty[1].gif 6699 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\banner-womens-health[1].gif 7245 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\bclick[1].htm 6374 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\bclick[2].htm 6383 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\bclick[3].htm 6184 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\beacon[1].htm 773 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\bracelets_alt-70x90[1].jpg 992 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\br_fob[1].js 3839 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\bullet-orange[1].gif 825 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\cb=gapi[1].loaded0 145377 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\st[1] 4239 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\suboptions[1].css 536 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\television[1].png 560 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\today[1].txt 32776 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\ttj[1] 657 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\twitter[1].png 3083 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\userstyle[1].css 36 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\videos[1].png 1320 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\visit[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\visit[2].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\womenshealthbase_com[1].txt 101564 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\wp-paginate[1].css 1203 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\jsadimp[1].gif 43 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\jsmipson-ripoff-228x175[1].jpg 9988 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\jsmipson-ripoff-e1333716196765[1].jpg 25302 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\js[1] 1003 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\jump1[1].do 1942 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\left-sidebar-blank-top[1].gif 2066 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\lgl[1].htm 132 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\lgrt[1] 7 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\logo-footer-sm[1].gif 2939 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\mootools.v1.11[1].js 34840 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\crossdomain[4].xml 208 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\ddc[1].htm 11861 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\desktop.ini 67 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\dm_v2[1].js 1125 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\eco[1].js 2719 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\empty[1].gif 43 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\fashion[1].png 1392 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\fcg-bottom[1].gif 899 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QCCLC51M\ffiad[1].htm 398 bytes
File C:\WINDOWS\temp\fla2B.tmp 17181936 bytes
File C:\WINDOWS\$NtUninstallKB15904$\2796722322 0 bytes
File C:\WINDOWS\$NtUninstallKB15904$\2796722322\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB15904$\2796722322\cfg.ini 296 bytes
File C:\WINDOWS\$NtUninstallKB15904$\2796722322\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB15904$\2796722322\L 0 bytes
File C:\WINDOWS\$NtUninstallKB15904$\2796722322\L\iahonoel 138496 bytes
File C:\WINDOWS\$NtUninstallKB15904$\2796722322\oemid 95 bytes
File C:\WINDOWS\$NtUninstallKB15904$\2796722322\U 0 bytes
File C:\WINDOWS\$NtUninstallKB15904$\2796722322\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB15904$\2796722322\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB15904$\2796722322\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB15904$\2796722322\U\80000000.@ 66560 bytes
File C:\WINDOWS\$NtUninstallKB15904$\2796722322\U\80000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB15904$\2796722322\U\80000032.@ 115712 bytes
File C:\WINDOWS\$NtUninstallKB15904$\2796722322\version 866 bytes
File C:\WINDOWS\$NtUninstallKB15904$\3543141092 0 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:43 PM

Posted 07 April 2012 - 01:32 AM

Hello mattymatt and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 mattymatt

mattymatt
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 07 April 2012 - 02:46 PM

Hi ST, thanks for your reply. I downloaded and attempted to run TDSSKiller but it will not start. I double click the icon and it does nothing. I tried running it right from the link but nothing as well. Should I try something different, or should I complete the rest of your steps?

Thanks,

Matt

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:43 PM

Posted 08 April 2012 - 03:11 AM

Hi Matt!

Sorry to hear that you were experiencing issues with running TDSSKiller, it can sometimes not run properly due to certain variants of infections.

Please try this tool in place of running TDSSKiller, and if it still gives you trouble, proceed with the rest of the instructions in my previous post.


Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 mattymatt

mattymatt
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 08 April 2012 - 12:29 PM

Ok, here are the requested logs...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-08 11:58:26
-----------------------------
11:58:26.625 OS Version: Windows 5.1.2600 Service Pack 3
11:58:26.625 Number of processors: 2 586 0xF0D
11:58:26.625 ComputerName: MDS0083 UserName:
11:58:27.671 Initialize success
12:02:07.062 AVAST engine defs: 12040800
12:02:13.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
12:02:13.250 Disk 0 Vendor: TOSHIBA_MK8037GSX DL240D Size: 76319MB BusType: 3
12:02:13.265 Disk 0 MBR read successfully
12:02:13.265 Disk 0 MBR scan
12:02:13.328 Disk 0 Windows XP default MBR code
12:02:13.328 Disk 0 MBR hidden
12:02:13.328 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
12:02:13.359 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76230 MB offset 176715
12:02:13.390 Disk 0 Partition 3 80 (A) 17 Hidd HPFS/NTFS NTFS 2 MB offset 156296385
12:02:13.406 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
12:02:13.406 Disk 0 scanning sectors +156301472
12:02:13.484 Disk 0 scanning C:\WINDOWS\system32\drivers
12:02:14.906 File: C:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Rootkit-gen [Rtk]
12:02:47.250 Disk 0 trace - called modules:
12:02:47.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x897aefd0]<<
12:02:47.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abaa1f0]
12:02:47.265 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x89e77d70]
12:02:47.281 \Driver\00001453[0x8a102b10] -> IRP_MJ_CREATE -> 0x897aefd0
12:02:48.265 AVAST engine scan C:\WINDOWS
12:03:29.515 AVAST engine scan C:\WINDOWS\system32
12:09:44.062 AVAST engine scan C:\WINDOWS\system32\drivers
12:09:45.234 File: C:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Rootkit-gen [Rtk]
12:10:23.875 AVAST engine scan C:\Documents and Settings\matt.thomas
12:50:58.359 AVAST engine scan C:\Documents and Settings\All Users
12:55:54.609 Scan finished successfully
12:59:19.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\matt.thomas\Desktop\MBR.dat"
12:59:19.265 The log file has been saved successfully to "C:\Documents and Settings\matt.thomas\Desktop\aswMBR.txt"



Farbar Service Scanner Version: 01-03-2012
Ran by matt.thomas (administrator) on 08-04-2012 at 13:01:08
Running from "C:\Documents and Settings\matt.thomas\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-11 19:00] - [2011-08-17 09:49] - 0138496 ____A () D6644D111B815BB034FF78FEB2E3E1C5

C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-11 19:00] - [2004-08-04 07:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
DNE(9) Gpc(6) IPSec(4) NEOFLTR_630_14121(10) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000500000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****



OTL logfile created on: 4/8/2012 1:03:42 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\matt.thomas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 29.81% Memory free
3.84 Gb Paging File | 2.11 Gb Available in Paging File | 54.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 7.08 Gb Free Space | 9.52% Space Free | Partition Type: NTFS

Computer Name: MDS0083 | User Name: matt.thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/08 13:02:00 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\matt.thomas\Desktop\OTL.exe
PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/10 14:50:15 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE
PRC - [2011/09/26 18:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/08/30 13:24:59 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2010/07/16 13:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files\Starfield\offSyncService.exe
PRC - [2009/08/14 11:44:40 | 000,031,232 | ---- | M] () -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
PRC - [2009/07/22 12:21:25 | 001,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\41058a53-5c39-4601-a9be-4e1e6a0cab89.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/08 19:04:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/08/06 13:41:06 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/08/03 16:09:34 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/06/27 11:58:44 | 000,079,136 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\OmniPageSE4\OpWareSE4.exe
PRC - [2007/05/14 16:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/03/29 08:10:06 | 000,394,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2007/03/29 08:10:06 | 000,124,616 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTUpd.exe
PRC - [2007/03/29 08:10:02 | 000,214,712 | ---- | M] () -- C:\WINDOWS\temp\IJ5C2B.EXE
PRC - [2007/03/29 08:09:38 | 000,603,856 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2007/03/29 08:09:36 | 000,685,776 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2007/03/29 08:03:16 | 000,282,704 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
PRC - [2007/02/19 01:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2007/02/01 11:21:22 | 001,466,368 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/29 06:07:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/01/25 04:34:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/02 16:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/09/08 02:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2006/09/08 02:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2006/05/23 10:55:50 | 002,281,472 | ---- | M] (South River Technologies, LLC) -- C:\Program Files\WebDrive\wdService.exe
PRC - [2005/01/06 04:16:24 | 000,212,992 | ---- | M] (PFU LIMITED) -- C:\WINDOWS\twain_32\Fjscan32\SOP\FtLnSOP.exe
PRC - [2003/11/12 05:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/08/25 16:41:30 | 001,421,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2003/08/20 17:15:48 | 000,483,328 | R--- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/05/14 08:45:04 | 000,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/03 11:39:28 | 001,310,752 | ---- | M] () -- C:\Program Files\WOT\WOT.dll
MOD - [2011/10/03 06:06:05 | 000,108,320 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2iexp.dll
MOD - [2011/10/03 06:05:36 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2010/03/12 17:21:59 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/14 11:44:40 | 000,031,232 | ---- | M] () -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/03/29 08:10:02 | 000,214,712 | ---- | M] () -- C:\WINDOWS\temp\IJ5C2B.EXE
MOD - [2007/03/29 08:09:20 | 000,108,232 | ---- | M] () -- C:\Program Files\Trend Micro\Client Server Security Agent\WerAgent.dll
MOD - [2007/03/16 05:10:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/01/30 17:31:50 | 000,286,720 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2007/01/30 17:30:30 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\detoured.dll
MOD - [2006/08/18 15:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2002/07/04 10:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\agp440.dll -- (FontCache3.0.0.0.)
SRV - [2012/04/03 23:12:18 | 000,000,113 | -H-- | M] () [Auto | Stopped] -- C:\Documents and Settings\matt.thomas\Application Data\Plug.bat -- (Mshost Manager)
SRV - [2012/03/31 13:47:30 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/10 14:50:15 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/26 18:15:42 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011/09/26 18:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/07/16 13:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] -- C:\Program Files\Starfield\offSyncService.exe -- (File Backup)
SRV - [2009/08/14 11:44:40 | 000,031,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/08 19:04:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/05/14 16:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/03/29 08:09:38 | 000,603,856 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan)
SRV - [2007/03/29 08:09:36 | 000,685,776 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
SRV - [2007/03/29 08:03:16 | 000,282,704 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe -- (OfcPfwSvc)
SRV - [2007/02/19 01:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/02/01 11:21:22 | 001,466,368 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/29 23:59:58 | 000,487,424 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2006/05/23 10:55:50 | 002,281,472 | ---- | M] (South River Technologies, LLC) [Auto | Running] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV - [2003/11/12 05:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/08/25 16:41:30 | 001,421,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2003/05/14 08:45:04 | 000,065,795 | R--- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\matt.thomas\Desktop\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\matt.thomas\Desktop\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\MATT~1.THO\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/10 14:50:08 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/09/26 18:16:14 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/08/17 09:49:54 | 000,138,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\afd.sys -- (AFD)
DRV - [2009/12/04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmxpflt.sys -- (TmFilter)
DRV - [2009/12/04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2009/12/04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\VsapiNT.sys -- (VSApiNt)
DRV - [2009/03/26 23:02:00 | 000,064,480 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_630_14121.sys -- (NEOFLTR_630_14121) Juniper Networks TDI Filter Driver (NEOFLTR_630_14121)
DRV - [2008/10/20 11:52:54 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/02/28 15:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/11/20 18:35:48 | 000,049,792 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/03/22 10:54:58 | 001,844,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TM_CFW.sys -- (TM_CFW)
DRV - [2007/03/16 05:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/03/13 01:26:06 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/19 01:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/17 08:00:42 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/01/31 20:19:04 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/01/31 20:19:02 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/01/31 20:19:02 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/01/30 19:37:18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/12/19 16:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 14:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/08/28 17:00:44 | 000,019,968 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/04/28 04:23:32 | 000,165,888 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/04/06 19:46:50 | 000,034,240 | R--- | M] (ADS) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adsexpb.sys -- (ADSEXPB)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/09/20 09:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/08/25 16:40:44 | 000,268,360 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003/05/01 13:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2003/03/03 14:08:56 | 000,176,896 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2002/12/26 10:22:38 | 000,040,448 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/08/26 17:09:42 | 000,138,916 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/?ref=home|http://email14.secureserver.net/webmail.php|https://teambeachbody.com/home?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.10.0.9560
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2008/10/22 15:29:15 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\matt.thomas\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\matt.thomas\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@sony.com/Some: C:\Program Files\Sony\Bloggie Software\npsome.dll (Sony)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/13 16:09:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/27 15:36:33 | 000,000,000 | ---D | M]

[2010/09/10 17:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Extensions
[2010/09/10 17:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/04/06 00:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\extensions
[2009/09/04 20:27:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/29 01:17:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/26 20:34:24 | 000,000,000 | ---D | M] (OldFactory Black) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\extensions\{69D30031-F4A8-452a-A5B3-5D6787C3C5CF}
[2012/03/19 00:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/19 00:10:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/15 12:34:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/24 12:18:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/29 21:15:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/11 00:00:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010/09/11 17:19:08 | 000,000,000 | ---D | M] (WBE Paste) -- C:\DOCUMENTS AND SETTINGS\MATT.THOMAS\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\WBEPASTE@STARFIELD
[2010/09/11 17:19:09 | 000,000,000 | ---D | M] (Starfield Zoom) -- C:\DOCUMENTS AND SETTINGS\MATT.THOMAS\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\ZOOMEXT@STARFIELD
[2009/08/01 18:46:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/04/05 22:57:35 | 000,000,882 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acrobat Speed Launch] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [FtLnSOP_setup] C:\WINDOWS\twain_32\Fjscan32\SOP\FtLnSOP.exe (PFU LIMITED)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\Nuance\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010..\Run: [SUPERAntiSpyware] C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\41058a53-5c39-4601-a9be-4e1e6a0cab89.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [DCERegBootClean] C:\WINDOWS\RegBootClean.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk = C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..Trusted Domains: listen.com ([www] http in Trusted sites)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://10.2.2.12:4343/officescan/console/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} https://asp21.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (CentraUpdaterAxCtl Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://10.2.2.12:4343/officescan/console/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://10.2.2.12:4343/officescan/console/ClientInstall/RemoveCtrl.cab (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} https://10.2.2.12:4343/SMB/console/html/root/AtxEnc.cab (Encrypt Class)
O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} https://10.2.2.12:4343/SMB/console/html/root/AtxConsole.cab (Security Server Management Console)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://michiganheart.webex.com/client/T27L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73FA15BD-EB5C-43E6-9329-76F2C740173D}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL) - C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/MATT~1.THO/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\matt.thomas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\matt.thomas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/08 21:03:58 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk - C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Retriever.lnk - C:\Program Files\Nuance\PaperPort\xdcla.exe - (Nuance Communications, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk - C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Dropbox.lnk - C:\Documents and Settings\matt.thomas\Application Data\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^SmartScan.lnk - - File not found
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Acrobat Speed Launch - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= - File not found
MsConfig - StartUpReg: Dell QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
MsConfig - StartUpReg: Document Manager - hkey= - key= - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
MsConfig - StartUpReg: FJTWAIN Setup - hkey= - key= - C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe (FUJITSU LIMITED)
MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogMeIn GUI - hkey= - key= - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
MsConfig - StartUpReg: SecureUpgrade - hkey= - key= - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
MsConfig - StartUpReg: Starfield Updater - hkey= - key= - C:\Program Files\Starfield\StarfieldUpdate.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: FontCache3.0.0.0. - %systemroot%\system32\agp440.dll File not found
NetSvcs: NAL - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 13:02:11 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\matt.thomas\Desktop\OTL.exe
[2012/04/08 11:55:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/04/07 10:23:14 | 002,073,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\matt.thomas\Desktop\tdsskiller.exe
[2012/04/07 10:11:32 | 000,000,000 | ---D | C] -- C:\e111f9e36e2307c8ebc0
[2012/04/06 21:24:41 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\matt.thomas\Desktop\dds.scr
[2012/04/06 13:39:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\matt.thomas\Desktop\aswMBR.exe
[2012/04/06 00:14:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\matt.thomas\Recent
[2012/04/04 20:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/04/04 20:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/31 08:11:40 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/31 07:55:57 | 000,000,000 | ---D | C] -- C:\b90779d6e7bb1c16de8c
[2012/03/31 07:55:23 | 000,000,000 | ---D | C] -- C:\06f8874658948246fc0a81a1039476

========== Files - Modified Within 30 Days ==========

[2012/04/08 13:11:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/08 13:02:39 | 000,002,244 | ---- | M] () -- C:\WINDOWS\RegBootClean.CFG
[2012/04/08 13:02:37 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2012/04/08 13:02:00 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\matt.thomas\Desktop\OTL.exe
[2012/04/08 12:59:19 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\MBR.dat
[2012/04/08 12:47:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/08 12:10:09 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AEF3A359-68A8-427C-8F9A-70E8242AF0B4}.job
[2012/04/08 12:00:56 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2012/04/08 11:56:03 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2012/04/08 11:55:00 | 000,515,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/08 11:55:00 | 000,098,830 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/08 11:50:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/08 11:50:03 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/08 11:49:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/08 11:49:37 | 2136,965,120 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/07 23:45:54 | 000,011,264 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2012/04/07 23:22:54 | 000,001,892 | -H-- | M] () -- C:\Documents and Settings\matt.thomas\My Documents\Default.rdp
[2012/04/07 15:40:21 | 002,073,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\matt.thomas\Desktop\tdsskiller.exe
[2012/04/06 23:29:01 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\gmer.zip
[2012/04/06 21:24:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\matt.thomas\Desktop\dds.scr
[2012/04/06 21:18:54 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\Defogger.exe
[2012/04/06 15:08:51 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\matt.thomas\Desktop\aswMBR.exe
[2012/04/06 13:38:23 | 000,396,041 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\MiniToolBox.exe
[2012/04/06 13:38:14 | 000,337,137 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\FSS.exe
[2012/04/06 13:37:39 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\SecurityCheck.exe
[2012/04/05 23:48:38 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Qr
[2012/04/05 23:48:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Q
[2012/04/05 23:48:35 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bG8INNnYQ1cH9Q
[2012/04/05 22:57:35 | 000,000,882 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/05 19:32:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5
[2012/04/05 19:31:22 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dkGhBZ42o3gQm5
[2012/04/05 19:21:36 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5r
[2012/04/05 19:21:35 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/04 20:56:26 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\Microsoft Office Outlook 2007.lnk
[2012/04/03 23:13:30 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\datafile
[2012/04/03 23:12:18 | 000,000,113 | -H-- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\Plug.bat
[2012/04/01 20:40:21 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\mcs.rma
[2012/04/01 20:40:21 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\668F75
[2012/03/31 13:47:30 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/31 13:47:29 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/30 13:15:05 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\Adobe Acrobat 8 Standard.lnk
[2012/03/27 19:57:06 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7600#MY3A733072K3.job
[2012/03/27 19:44:10 | 000,052,218 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\1332889100329.jpg
[2012/03/22 10:09:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/21 18:13:38 | 000,046,249 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\John nationals.jpg
[2012/03/21 17:26:47 | 000,044,458 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\Dad nationals1.jpg
[2012/03/21 17:26:07 | 000,046,512 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\Dad nationals.jpg
[2012/03/19 10:52:08 | 000,060,304 | ---- | M] () -- C:\Documents and Settings\matt.thomas\g2mdlhlpx.exe
[2012/03/18 23:43:19 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/15 08:07:43 | 000,319,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 07:59:46 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/04/08 12:00:59 | 000,002,244 | ---- | C] () -- C:\WINDOWS\RegBootClean.CFG
[2012/04/08 12:00:56 | 000,000,328 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2012/04/06 23:29:01 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\gmer.zip
[2012/04/06 21:19:01 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\Defogger.exe
[2012/04/06 19:01:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\MBR.dat
[2012/04/06 13:38:23 | 000,396,041 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\MiniToolBox.exe
[2012/04/06 13:38:14 | 000,337,137 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\FSS.exe
[2012/04/06 13:37:38 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\SecurityCheck.exe
[2012/04/06 00:43:09 | 2136,965,120 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/05 23:48:38 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Qr
[2012/04/05 23:48:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Q
[2012/04/05 23:48:34 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bG8INNnYQ1cH9Q
[2012/04/05 23:48:24 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/04/05 23:47:57 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/05 19:21:36 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5r
[2012/04/05 19:21:35 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/05 19:21:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5
[2012/04/05 19:21:13 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dkGhBZ42o3gQm5
[2012/04/03 23:12:32 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\matt.thomas\Application Data\datafile
[2012/04/03 23:12:18 | 000,000,113 | -H-- | C] () -- C:\Documents and Settings\matt.thomas\Application Data\Plug.bat
[2012/03/31 08:11:41 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/27 19:44:51 | 000,052,218 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\1332889100329.jpg
[2012/03/21 18:14:14 | 000,046,249 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\John nationals.jpg
[2012/03/21 17:27:02 | 000,044,458 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\Dad nationals1.jpg
[2012/03/21 17:26:31 | 000,046,512 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\Dad nationals.jpg
[2012/03/19 10:52:08 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\matt.thomas\g2mdlhlpx.exe
[2012/02/15 10:43:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/05 19:51:38 | 001,101,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >
[2008/06/10 09:54:41 | 011,132,416 | ---- | M] () -- C:\vpnclient-win-msi-5.0.03.0530-k9.exe

< MD5 for: AFD.SYS >
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\SP3GDR\afd.sys
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011/02/16 09:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 11:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 06:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2004/08/04 07:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\i386\afd.sys
[2004/08/04 07:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008/08/14 05:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/10/16 10:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/10/16 10:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 09:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 06:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] () MD5=D6644D111B815BB034FF78FEB2E3E1C5 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/06/20 07:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 06:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 09:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011/08/17 09:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/09/03 19:12:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/09/03 19:12:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\cache\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\i386\volsnap.sys
[2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)

< >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB15904$] -> Error: Cannot create file handle -> Unknown point type
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\matt.thomas\Desktop\aswMBR.exe:SummaryInformation
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >



OTL Extras logfile created on: 4/8/2012 1:03:42 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\matt.thomas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 29.81% Memory free
3.84 Gb Paging File | 2.11 Gb Available in Paging File | 54.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 7.08 Gb Free Space | 9.52% Space Free | Partition Type: NTFS

Computer Name: MDS0083 | User Name: matt.thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader -- (AOL LLC)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost
"C:\Documents and Settings\matt.thomas\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\matt.thomas\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- (Rhapsody International Inc.)
"C:\Documents and Settings\matt.thomas\Application Data\svchost.exe" = C:\Documents and Settings\matt.thomas\Application Data\svchost.exe:*:Enabled:svchost.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead DVD MovieFactory 3 SE
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{155796AE-16D0-45D2-8939-6AE3AD67147B}" = ACR38/100/122 PC/SC Driver 1.1.2.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 29
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2DBFBD32-00BB-4678-B77B-8F5F729842BC}" = PS7600
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{4640C77B-D562-44AE-800E-555C868E8F08}" = Image Retriever 7
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6A1586-E02C-4EF6-AF9F-299904E0B0B5}" = Mirar
"{4E906533-F57F-45BD-A837-FCF24A2C243E}" = TubeSucker
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{517B8FB2-26EE-43B0-AE1B-07408860AA69}" = DigitImg
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{5228DF55-9F40-4318-A807-5DE3D917EAA9}" = ScanSoft OmniPage SE 4
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{580E9BBC-A51E-4AE9-A977-7B0939BEDAD3}" = Scanner Utility for Microsoft Windows
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcuts
"{60A2658A-D1D6-468E-B795-8F06D7206E1A}" =
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}" = LogMeIn
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2C1E44-7685-4D05-8342-B0DC6422FA47}" = Ulead Straight-to-Disc SDK
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9556CFD4-3F7E-4D1C-958B-759703E9CC21}" = O2Micro USB Smart Card Reader
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}" = NTRU TCG Software Stack
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{BB224314-1E95-4F44-A041-444D0435EFE0}" = Bloggie Software
"{BB224314-1E95-4F44-A041-444D0435EFE0}C" = Bloggie Software
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT for Internet Explorer
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C797EAF2-707A-4239-BDF3-F2672314A734}" = First Step Guide
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D31F958E-7353-4DEB-83E8-35B02F2EE20A}" = Wave Infrastructure Installer
"{D43BB532-3537-4CE9-9CBB-92533BD29F0C}" = HP Software Update
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DC67641A-05C4-4FED-A462-1EB1DC6CF2F5}" = ArcSoft Software Suite
"{DE4997B5-55AD-4878-97A7-C9FA84FE23C7}" = PSUsage
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F08E87FD-F62B-4BAC-A2D6-A94755653F30}" = WebDrive
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F19702FA-6D54-41E1-98E2-156460C87FF2}" = ResScan
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"0942775975678D6CC510D2C2F022CD956CCF177E" = Windows Driver Package - ACS (ACSSCR) SmartCardReader (12/15/2009 1.1.6.2)
"5FD5E95A18EBF60A056BA7A51A2E794E4216D3DD" = Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)
"840EF3FB8C7BFBB007E46E18F107E8CC6DD522EA" = Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0)
"84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D" = Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)
"A9B944A9EADA685F103858C6923BF5DD8E127C2C" = Windows Driver Package - ACS (ACR122U) SmartCardReader (12/16/2009 1.1.6.3)
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.3.1 Standard
"Adobe Acrobat 8 Standard_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ADS Tech Master Installer V3.6" = ADS Tech Master Installer V3.6
"ADS Tech V3.7 DVD Xpress CapWiz" = ADS Tech V3.7 DVD Xpress CapWiz
"ADS Tech V3.8 DVD Xpress CapWiz" = ADS Tech V3.8 DVD Xpress CapWiz
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 3.7.9
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CentraClient" = Centra Client
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"F02CC611741E33C64CDEAEEE2C7A46E41719B2CC" = Windows Driver Package - ACS (A38CCID) SmartCardReader (12/16/2009 1.1.6.5)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP LaserJet P1500 series" = HP LaserJet P1500 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NDH2008Plus!" = NDH2008Plus!
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfficeScanNT" = Trend Micro Client/Server Security Agent
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PROHYBRIDR" = 2007 Microsoft Office system
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"ResMed Ventilator Installer v1.96.0" = ResMed Ventilator Installer v1.96.0
"Rhapsody" = Rhapsody
"Software Operation Panel" = Software Operation Panel
"SpywareBlaster_is1" = SpywareBlaster 4.6
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Xerox WC M20 Series PS" = Xerox WC M20 Series PS
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"GoToMeeting" = GoToMeeting 5.1.0.880
"workspacedesktop" = Workspace Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/7/2012 9:15:24 PM | Computer Name = MDS0083 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 4/7/2012 11:16:05 PM | Computer Name = MDS0083 | Source = Application Error | ID = 1000
Description = Faulting application mstsc.exe, version 6.0.6001.18589, faulting module
hpzpm309.dll, version 2.239.0.0, fault address 0x0004855e.

Error - 4/7/2012 11:39:11 PM | Computer Name = MDS0083 | Source = Application Hang | ID = 1002
Description = Hanging application TFC.exe, version 3.1.7.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/7/2012 11:43:03 PM | Computer Name = MDS0083 | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 2768 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 4/7/2012 11:43:03 PM | Computer Name = MDS0083 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 4/8/2012 11:45:08 AM | Computer Name = MDS0083 | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 2960 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 4/8/2012 11:45:08 AM | Computer Name = MDS0083 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 4/8/2012 11:51:26 AM | Computer Name = MDS0083 | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 2164 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 4/8/2012 11:51:26 AM | Computer Name = MDS0083 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 4/8/2012 1:06:24 PM | Computer Name = MDS0083 | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00e40e10.

[ OSession Events ]
Error - 2/22/2011 4:50:36 PM | Computer Name = MDS0083 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 104024
seconds with 2220 seconds of active time. This session ended with a crash.

Error - 3/4/2011 1:09:06 PM | Computer Name = MDS0083 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 175037
seconds with 4380 seconds of active time. This session ended with a crash.

Error - 3/15/2011 9:57:21 PM | Computer Name = MDS0083 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 30371
seconds with 3360 seconds of active time. This session ended with a crash.

Error - 4/1/2011 9:08:05 PM | Computer Name = MDS0083 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 45870
seconds with 300 seconds of active time. This session ended with a crash.

Error - 4/15/2011 3:27:31 PM | Computer Name = MDS0083 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 20424
seconds with 660 seconds of active time. This session ended with a crash.

Error - 5/11/2011 2:37:13 PM | Computer Name = MDS0083 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 17629
seconds with 1740 seconds of active time. This session ended with a crash.

Error - 12/19/2011 10:07:19 PM | Computer Name = MDS0083 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 41702
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 12/28/2011 5:07:27 PM | Computer Name = MDS0083 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 20465
seconds with 5280 seconds of active time. This session ended with a crash.

Error - 1/18/2012 10:34:29 AM | Computer Name = MDS0083 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 525
seconds with 180 seconds of active time. This session ended with a crash.

Error - 2/24/2012 10:53:56 PM | Computer Name = MDS0083 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 43887
seconds with 1980 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/7/2012 10:14:23 AM | Computer Name = MDS0083 | Source = Service Control Manager | ID = 7000
Description = The SASENUM service failed to start due to the following error: %%2

Error - 4/7/2012 10:14:35 AM | Computer Name = MDS0083 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/7/2012 10:15:11 AM | Computer Name = MDS0083 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/7/2012 3:30:38 PM | Computer Name = MDS0083 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 4/7/2012 3:30:38 PM | Computer Name = MDS0083 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 4/7/2012 3:30:38 PM | Computer Name = MDS0083 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Mshost Manager service
to connect.

Error - 4/7/2012 3:32:24 PM | Computer Name = MDS0083 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 4/7/2012 3:32:25 PM | Computer Name = MDS0083 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/7/2012 9:48:19 PM | Computer Name = MDS0083 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 4/8/2012 12:42:50 AM | Computer Name = MDS0083 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >

#6 mattymatt

mattymatt
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 09 April 2012 - 10:55 PM

Just to update you: I got the "blue screen of death" tonight as I tried to open my computer. I restarted in safe mode and cleared the caches but it did not help. It will go so far as to open up Windows and load everything but the it goes blue.

Am I screwed?

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:43 PM

Posted 10 April 2012 - 01:55 AM

Hi Matt!

Apologizes for not responding back to you yesterday, I was a bit under the weather and spent the entire day in bed.

You are severely infected! Your logs do indicate that we will have some work cut out for us.

Were you able to boot up into Safe Mode successfully??

If you were, I'd like to have you try booting up into Safe Mode w/ Networking and download a new copy of TDSSKiller and see if you can get it to run. It was recently updated, so I'm hoping that you maybe able to run it. If not, please try and rename the file to svchost.exe and see if it'll let you run it then.

Also, do you happen to have access to a USB flash drive that we could utilize??

Let me know.

~ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 mattymatt

mattymatt
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 10 April 2012 - 07:58 AM

I ran the new version of TDSSKiller in safe mode, from my jump drive. The program did not give me any options to skip anything or the check boxes. It found the rootkit and then had me restart. So far, it looks like it stopped the blue screen from popping up and a windows box popped up and said that my computer has successfully recovered from a serious error.

I await your instruction and I hope your feeling better!

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:43 PM

Posted 10 April 2012 - 09:29 AM

Hi!

Glad to hear that you were able to get back up with Windows.

Do you happen to have access to a USB flash drive that we could utilize??


Lets try this utility next:


Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 mattymatt

mattymatt
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 10 April 2012 - 01:03 PM

Hey ST,

Yes, I do have a USB flash drive we can use. Sorry I forgot to answer ya about that the last time.

The computer seems to be running a bit faster. Also, it looks like my searches are not being hijacked like they were before. Hopefully the log give you some idea of the progress we are making.


ComboFix 12-04-10.01 - matt.thomas 04/10/2012 13:23:16.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1501 [GMT -4:00]
Running from: c:\documents and settings\matt.thomas\Desktop\ComboFix.exe
AV: Trend Micro Client-Server Security Agent AntiVirus *Enabled/Updated* {61CB6683-51E0-4335-991A-E86068BDD4B5}
FW: Trend Micro Client-Server Security Agent Firewall *Enabled* {61CB6683-51E0-4335-991A-E86068BDD4B5}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\bG8INNnYQ1cH9Q
c:\documents and settings\All Users\Application Data\dkGhBZ42o3gQm5
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\matt.thomas\Application Data\Plug.bat
c:\documents and settings\matt.thomas\g2mdlhlpx.exe
c:\documents and settings\matt.thomas\Local Settings\Application Data\assembly\tmp
c:\documents and settings\NetworkService\Application Data\Adobe\sp.DLL
c:\windows\$NtUninstallKB15904$
c:\windows\$NtUninstallKB15904$\2796722322\@
c:\windows\$NtUninstallKB15904$\2796722322\cfg.ini
c:\windows\$NtUninstallKB15904$\2796722322\Desktop.ini
c:\windows\$NtUninstallKB15904$\2796722322\L\iahonoel
c:\windows\$NtUninstallKB15904$\2796722322\oemid
c:\windows\$NtUninstallKB15904$\2796722322\U\00000001.@
c:\windows\$NtUninstallKB15904$\2796722322\U\00000002.@
c:\windows\$NtUninstallKB15904$\2796722322\U\00000004.@
c:\windows\$NtUninstallKB15904$\2796722322\U\80000000.@
c:\windows\$NtUninstallKB15904$\2796722322\U\80000004.@
c:\windows\$NtUninstallKB15904$\2796722322\U\80000032.@
c:\windows\$NtUninstallKB15904$\2796722322\version
c:\windows\$NtUninstallKB15904$\3543141092
c:\windows\EventSystem.log
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
-------\Legacy_Mshost_Manager
-------\Service_Mshost Manager
.
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 12:47 . 2012-04-10 12:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-10 03:13 . 2012-04-10 03:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-09 17:35 . 2012-04-09 17:35 38400 ----a-w- c:\windows\system32\usbniw32.dll
2012-04-09 17:35 . 2012-04-09 17:35 157184 ----a-w- c:\windows\system32\usbnaw32.dll
2012-04-07 14:11 . 2012-04-07 14:11 -------- d-----w- C:\e111f9e36e2307c8ebc0
2012-04-06 03:48 . 2012-04-09 17:43 102400 ----a-w- c:\windows\RegBootClean.exe
2012-04-05 00:38 . 2012-04-05 00:38 -------- d-----w- c:\program files\Common Files\Skype
2012-03-31 12:11 . 2012-03-31 17:47 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 11:55 . 2012-03-31 11:55 -------- d-----w- C:\b90779d6e7bb1c16de8c
2012-03-31 11:55 . 2012-03-31 11:55 -------- d-----w- C:\06f8874658948246fc0a81a1039476
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 03:45 . 2008-11-26 23:32 11264 ----a-w- c:\windows\DCEBoot.exe
2012-03-31 17:47 . 2011-06-10 03:07 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-11 23:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 14:43 3072 ------w- c:\windows\system32\iacenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\41058a53-5c39-4601-a9be-4e1e6a0cab89.exe" [2009-07-22 1830128]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-03-29 394952]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2011-08-30 46520]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2011-08-30 738776]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2005-01-06 212992]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\Nuance\OmniPageSE4\OpwareSE4.exe" [2007-06-27 79136]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-21 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bloggie Watcher Utility.lnk - c:\program files\Sony\Bloggie Software\BGVolumeWatcher.exe [2010-11-3 746856]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-6-10 1466200]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASSEH.DLL" [2011-12-10 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 11:35 548352 ----a-w- c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\intelUsb3Sevices]
2012-04-09 17:35 38400 ----a-w- c:\windows\system32\usbniw32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-09-26 22:15 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\usbniw32]
2012-04-09 17:35 38400 ----a-w- c:\windows\system32\usbniw32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Retriever.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Retriever.lnk
backup=c:\windows\pss\Image Retriever.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^SmartScan.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\SmartScan.lnk
backup=c:\windows\pss\SmartScan.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-08-30 17:24 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]
2011-08-30 22:56 46520 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-03-16 09:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 20:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2007-01-30 21:32 102400 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJTWAIN Setup]
2004-09-01 15:45 126976 ----a-w- c:\windows\twain_32\Fjscan32\FjtwSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 15:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-08-03 20:09 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-01-22 17:53 212992 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-19 05:26 303104 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
2010-09-11 21:18 32960 ----a-w- c:\program files\Starfield\starfieldupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\matt.thomas\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 NEOFLTR_630_14121;Juniper Networks TDI Filter Driver (NEOFLTR_630_14121);c:\windows\system32\drivers\NEOFLTR_630_14121.sys [3/26/2009 11:02 PM 64480]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASDIFSV.SYS [11/17/2008 4:11 PM 12880]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 4:09 PM 12856]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\tmxpflt.sys [9/17/2007 2:40 PM 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [9/17/2007 2:40 PM 36368]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\WebDrive\wdfsd.sys [4/28/2006 4:23 AM 165888]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2011 2:26 PM 20464]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\matt.thomas\Desktop\SASKUTIL.sys --> c:\documents and settings\matt.thomas\Desktop\SASKUTIL.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/9/2012 11:13 PM 40776]
S3 SASENUM;SASENUM;\??\c:\documents and settings\matt.thomas\Desktop\SASENUM.SYS --> c:\documents and settings\matt.thomas\Desktop\SASENUM.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NECUsb3s REG_MULTI_SZ NEC Usb3
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
COMMONFX.DLL
epstnt01
pdlnatdl
cicsclient
ldlcserv
pilogsrv
avgarcln
NWSIPX32
HabuFltr
lvsrvlauncher
AVWLP_USB
iaimfp4
RTLE8023xp
spcsutilityservice
issimon
websensedcagent
avupdsvc
zpnodecollector
Defrag32b
hpconfig
DVDVRRdr_xp
UxTuneUp
belgium_id_card_service
dcevt32
trackcam4
hdaudaddservice
lxrsii1s
Fd16_700
wm
vusbbus
DELL_A02
USBVCD
rassstp
w550mdm
websenseusagemonitor
smbusp
websensecamserver
btwaudio
rpaservice
ZSMC303
hotspotshieldservice
FontCache3.0.0.0.
lyncusbserv
F700isw
ramaint
elnkservice
lxrjd31d
taphss
sqlagent$sony_mediamgr
oracle_load_balancer_60_server-forms6ip14
fsma
IWCA
SE27obex
bdpredir
BUFADPT
CE3
APLMp50
pelusblf
bltrust
TestHandler
retinaengine
smartscaps
roammgr
thinkpadmodemservice
freesshdservice
jaguar
NetMsmqActivator
se44obex
automate5
hsvcmod
yukonwxp
USBCamera
qbcfmonitorservice
cpqdfw
ICM10USB
https-admserv61
ICAM3NT5
nvcap
CTAudSvcService
mgabgexe
mcshield
wps
IFP700
WinVd32
vclone
NxSysMon
tmxpflt
LXARScan
avpnnic
w550mgmt
z525obex
roxmediadb
dnsexit
ni_nic
SndTDriverV32
tbaspi
ctxcpubal
ovsecurityserver
Mtlmnt5
utilman
wdelmgr20
AsIO
ati2mpaa
NAL
w300mdm
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:47]
.
2012-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-03-27 c:\windows\Tasks\HP DArC Task 2003-08-20 09:23ewlett-Packard-6002003-08-20 18:57Y3A733072K3.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 18:57]
.
2012-04-08 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2009-03-27 21:23]
.
2012-04-10 c:\windows\Tasks\User_Feed_Synchronization-{AEF3A359-68A8-427C-8F9A-70E8242AF0B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\biolsp.dll
Trusted Zone: listen.com\www
TCP: DhcpNameServer = 208.98.64.26
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxConsole.cab
FF - ProfilePath - c:\documents and settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home|http://email14.secureserver.net/webmail.php|https://teambeachbody.com/home?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-10 13:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
c:\windows\explorer.exe [3396] 0x8A2129E0
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\APLMp50]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AsIO]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ati2mpaa]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\automate5]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\avgarcln]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\avpnnic]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\avupdsvc]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AVWLP_USB]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bdpredir]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\belgium_id_card_service]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bltrust]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\btwaudio]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BUFADPT]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CE3]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cicsclient]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\COMMONFX.DLL]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cpqdfw]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CTAudSvcService]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ctxcpubal]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dcevt32]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Defrag32b]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DELL_A02]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dnsexit]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DVDVRRdr_xp]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\elnkservice]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\epstnt01]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\F700isw]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fd16_700]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\freesshdservice]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\fsma]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HabuFltr]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hdaudaddservice]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hotspotshieldservice]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hpconfig]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hsvcmod]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\https-admserv61]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\iaimfp4]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ICAM3NT5]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ICM10USB]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IFP700]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\issimon]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IWCA]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\jaguar]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ldlcserv]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lvsrvlauncher]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LXARScan]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lxrjd31d]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lxrsii1s]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lyncusbserv]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mcshield]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mgabgexe]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MTC0001_ESB]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Mtlmnt5]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetMsmqActivator]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ni_nic]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\nvcap]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NWSIPX32]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NxSysMon]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\oracle_load_balancer_60_server-forms6ip14]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ovsecurityserver]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdlnatdl]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pelusblf]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pilogsrv]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\qbcfmonitorservice]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ramaint]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rassstp]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\retinaengine]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\roammgr]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\roxmediadb]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rpaservice]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RTLE8023xp]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SE27obex]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\se44obex]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\smartscaps]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\smbusp]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SndTDriverV32]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\spcsutilityservice]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sqlagent$sony_mediamgr]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\taphss]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tbaspi]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TestHandler]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\thinkpadmodemservice]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tmxpflt]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\trackcam4]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\USBCamera]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\USBVCD]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\utilman]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UxTuneUp]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vclone]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vusbbus]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\w300mdm]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\w550mdm]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\w550mgmt]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wdelmgr20]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\websensecamserver]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\websensedcagent]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\websenseusagemonitor]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinVd32]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wm]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wps]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\yukonwxp]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\z525obex]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\zpnodecollector]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ZSMC303]
"ServiceDll"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1288)
c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\usbniw32.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\wdnp32.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\wdUIResDll.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(1344)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(700)
c:\windows\system32\WININET.dll
c:\program files\Nuance\OmniPageSE4\OpHookSE4.dll
c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\wdnp32.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\wdUIResDll.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Starfield\offSyncService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Palm, Inc\novacom\x86\novacomd.exe
c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\StacSV.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\dllhost.exe
c:\program files\WebDrive\wdService.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\fxssvc.exe
c:\program files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
c:\windows\TEMP\WF4942.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\dllhost.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Trend Micro\Client Server Security Agent\pccntupd.exe
c:\windows\system32\imapi.exe
c:\docume~1\MATT~1.THO\LOCALS~1\Temp\SSUPDATE.EXE
.
**************************************************************************
.
Completion time: 2012-04-10 13:51:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-10 17:51
ComboFix2.txt 2011-12-14 02:01
.
Pre-Run: 7,887,253,504 bytes free
Post-Run: 7,754,596,352 bytes free
.
- - End Of File - - 2D66C162EF27F280704F5ACDE1F4E58F

#11 mattymatt

mattymatt
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 10 April 2012 - 01:04 PM

Oh, and I cannot disable my Trend Micro for some reason. I open up the "dashboard" and all ability to tamper with it is shut off. Hopefully it doesnt negetively affect what you are trying to do.

Have a great day!

Matt

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:43 PM

Posted 11 April 2012 - 01:56 AM

Hi Matt!

Yes, I do have a USB flash drive we can use. Sorry I forgot to answer ya about that the last time.

No worries, It happens. :)

We'll be needing to utilize your USB flash drive a little later.

Oh, and I cannot disable my Trend Micro for some reason. I open up the "dashboard" and all ability to tamper with it is shut off. Hopefully it doesnt negetively affect what you are trying to do.

Nope, that shouldn't be an issue for right now.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Driver::
COMMONFX.DLL
epstnt01
pdlnatdl
cicsclient
ldlcserv
pilogsrv
avgarcln
NWSIPX32
HabuFltr
lvsrvlauncher
AVWLP_USB
iaimfp4
RTLE8023xp
spcsutilityservice
issimon
websensedcagent
avupdsvc
zpnodecollector
Defrag32b
hpconfig
DVDVRRdr_xp
UxTuneUp
belgium_id_card_service
dcevt32
trackcam4
hdaudaddservice
lxrsii1s
Fd16_700
wm
vusbbus
DELL_A02
USBVCD
rassstp
w550mdm
websenseusagemonitor
smbusp
websensecamserver
btwaudio
rpaservice
ZSMC303
hotspotshieldservice
FontCache3.0.0.0.
lyncusbserv
F700isw
ramaint
elnkservice
lxrjd31d
taphss
sqlagent$sony_mediamgr
oracle_load_balancer_60_server-forms6ip14
fsma
IWCA
SE27obex
bdpredir
BUFADPT
CE3
APLMp50
pelusblf
bltrust
TestHandler
retinaengine
smartscaps
roammgr
thinkpadmodemservice
freesshdservice
jaguar
NetMsmqActivator
se44obex
automate5
hsvcmod
yukonwxp
USBCamera
qbcfmonitorservice
cpqdfw
ICM10USB
https-admserv61
ICAM3NT5
nvcap
CTAudSvcService
mgabgexe
mcshield
wps
IFP700
WinVd32
vclone
NxSysMon
tmxpflt
LXARScan
avpnnic
w550mgmt
z525obex
roxmediadb
dnsexit
ni_nic
SndTDriverV32
tbaspi
ctxcpubal
ovsecurityserver
Mtlmnt5
utilman
wdelmgr20
AsIO
ati2mpaa
NAL
w300mdm
NetSvc::
COMMONFX.DLL
epstnt01
pdlnatdl
cicsclient
ldlcserv
pilogsrv
avgarcln
NWSIPX32
HabuFltr
lvsrvlauncher
AVWLP_USB
iaimfp4
RTLE8023xp
spcsutilityservice
issimon
websensedcagent
avupdsvc
zpnodecollector
Defrag32b
hpconfig
DVDVRRdr_xp
UxTuneUp
belgium_id_card_service
dcevt32
trackcam4
hdaudaddservice
lxrsii1s
Fd16_700
wm
vusbbus
DELL_A02
USBVCD
rassstp
w550mdm
websenseusagemonitor
smbusp
websensecamserver
btwaudio
rpaservice
ZSMC303
hotspotshieldservice
FontCache3.0.0.0.
lyncusbserv
F700isw
ramaint
elnkservice
lxrjd31d
taphss
sqlagent$sony_mediamgr
oracle_load_balancer_60_server-forms6ip14
fsma
IWCA
SE27obex
bdpredir
BUFADPT
CE3
APLMp50
pelusblf
bltrust
TestHandler
retinaengine
smartscaps
roammgr
thinkpadmodemservice
freesshdservice
jaguar
NetMsmqActivator
se44obex
automate5
hsvcmod
yukonwxp
USBCamera
qbcfmonitorservice
cpqdfw
ICM10USB
https-admserv61
ICAM3NT5
nvcap
CTAudSvcService
mgabgexe
mcshield
wps
IFP700
WinVd32
vclone
NxSysMon
tmxpflt
LXARScan
avpnnic
w550mgmt
z525obex
roxmediadb
dnsexit
ni_nic
SndTDriverV32
tbaspi
ctxcpubal
ovsecurityserver
Mtlmnt5
utilman
wdelmgr20
AsIO
ati2mpaa
NAL
w300mdm
ClearJavaCache::
FireFox::
FF - ProfilePath - c:\documents and settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} 
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} 
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} 
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} 
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} 
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} 
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\APLMp50]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AsIO]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ati2mpaa]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\automate5]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\avgarcln]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\avpnnic]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\avupdsvc]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AVWLP_USB]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bdpredir]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\belgium_id_card_service]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bltrust]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\btwaudio]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BUFADPT]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CE3]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cicsclient]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\COMMONFX.DLL]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cpqdfw]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CTAudSvcService]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ctxcpubal]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dcevt32]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Defrag32b]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DELL_A02]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dnsexit]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DVDVRRdr_xp]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\elnkservice]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\epstnt01]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\F700isw]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fd16_700]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\freesshdservice]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\fsma]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HabuFltr]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hdaudaddservice]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hotspotshieldservice]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hpconfig]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hsvcmod]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\https-admserv61]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\iaimfp4]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ICAM3NT5]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ICM10USB]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IFP700]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\issimon]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IWCA]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\jaguar]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ldlcserv]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lvsrvlauncher]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LXARScan]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lxrjd31d]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lxrsii1s]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lyncusbserv]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mcshield]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mgabgexe]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MTC0001_ESB]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Mtlmnt5]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetMsmqActivator]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ni_nic]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\nvcap]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NWSIPX32]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NxSysMon]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\oracle_load_balancer_60_server-forms6ip14]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ovsecurityserver]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdlnatdl]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pelusblf]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pilogsrv]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\qbcfmonitorservice]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ramaint]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rassstp]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\retinaengine]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\roammgr]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\roxmediadb]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rpaservice]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RTLE8023xp]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SE27obex]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\se44obex]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\smartscaps]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\smbusp]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SndTDriverV32]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\spcsutilityservice]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sqlagent$sony_mediamgr]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\taphss]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tbaspi]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TestHandler]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\thinkpadmodemservice]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tmxpflt]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\trackcam4]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\USBCamera]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\USBVCD]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\utilman]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UxTuneUp]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vclone]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vusbbus]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\w300mdm]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\w550mdm]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\w550mgmt]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wdelmgr20]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\websensecamserver]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\websensedcagent]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\websenseusagemonitor]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinVd32]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wm]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wps]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\yukonwxp]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\z525obex]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\zpnodecollector]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ZSMC303]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have a great day!! :)

~ST

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 mattymatt

mattymatt
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 11 April 2012 - 09:27 AM

All right, below is the log for your review.

I have noticed that when I "lock" my screen, or when I restart my computer, there is a dialog box that opens up that says "mini web browser" at the top. It is split into 2 boxes and the lower box has a check box that says "show links" and then there is buttons to clear the links, and 3 test buttons. There is never anything else listed inside those boxes. During start up, the box disappears on its own, but when I have my screen locked, I have to click the X to close it. It started to appear, I think, after I did the TDSSKiller in safe mode. Is it something we should worry about?



ComboFix 12-04-10.01 - matt.thomas 04/11/2012 7:17.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1173 [GMT -4:00]
Running from: c:\documents and settings\matt.thomas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\matt.thomas\Desktop\CFScript.txt
AV: Trend Micro Client-Server Security Agent AntiVirus *Enabled/Updated* {61CB6683-51E0-4335-991A-E86068BDD4B5}
FW: Trend Micro Client-Server Security Agent Firewall *Enabled* {61CB6683-51E0-4335-991A-E86068BDD4B5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\install.rdf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_APLMP50
-------\Legacy_ASIO
-------\Legacy_ATI2MPAA
-------\Legacy_AUTOMATE5
-------\Legacy_AVGARCLN
-------\Legacy_AVPNNIC
-------\Legacy_AVUPDSVC
-------\Legacy_AVWLP_USB
-------\Legacy_BDPREDIR
-------\Legacy_BELGIUM_ID_CARD_SERVICE
-------\Legacy_BLTRUST
-------\Legacy_BTWAUDIO
-------\Legacy_BUFADPT
-------\Legacy_CE3
-------\Legacy_CICSCLIENT
-------\Legacy_COMMONFX.DLL
-------\Legacy_CPQDFW
-------\Legacy_CTAUDSVCSERVICE
-------\Legacy_CTXCPUBAL
-------\Legacy_DCEVT32
-------\Legacy_DEFRAG32B
-------\Legacy_DELL_A02
-------\Legacy_DNSEXIT
-------\Legacy_DVDVRRDR_XP
-------\Legacy_ELNKSERVICE
-------\Legacy_EPSTNT01
-------\Legacy_F700ISW
-------\Legacy_FD16_700
-------\Legacy_FONTCACHE3.0.0.0.
-------\Legacy_FREESSHDSERVICE
-------\Legacy_FSMA
-------\Legacy_HABUFLTR
-------\Legacy_HDAUDADDSERVICE
-------\Legacy_HOTSPOTSHIELDSERVICE
-------\Legacy_HPCONFIG
-------\Legacy_HSVCMOD
-------\Legacy_HTTPS-ADMSERV61
-------\Legacy_IAIMFP4
-------\Legacy_ICAM3NT5
-------\Legacy_ICM10USB
-------\Legacy_IFP700
-------\Legacy_ISSIMON
-------\Legacy_IWCA
-------\Legacy_JAGUAR
-------\Legacy_LDLCSERV
-------\Legacy_LVSRVLAUNCHER
-------\Legacy_LXARSCAN
-------\Legacy_LXRJD31D
-------\Legacy_LXRSII1S
-------\Legacy_LYNCUSBSERV
-------\Legacy_MCSHIELD
-------\Legacy_MGABGEXE
-------\Legacy_MTLMNT5
-------\Legacy_NETMSMQACTIVATOR
-------\Legacy_NI_NIC
-------\Legacy_NVCAP
-------\Legacy_NWSIPX32
-------\Legacy_NXSYSMON
-------\Legacy_ORACLE_LOAD_BALANCER_60_SERVER-FORMS6IP14
-------\Legacy_OVSECURITYSERVER
-------\Legacy_PDLNATDL
-------\Legacy_PELUSBLF
-------\Legacy_PILOGSRV
-------\Legacy_QBCFMONITORSERVICE
-------\Legacy_RAMAINT
-------\Legacy_RASSSTP
-------\Legacy_RETINAENGINE
-------\Legacy_ROAMMGR
-------\Legacy_ROXMEDIADB
-------\Legacy_RPASERVICE
-------\Legacy_RTLE8023XP
-------\Legacy_SE27OBEX
-------\Legacy_SE44OBEX
-------\Legacy_SMARTSCAPS
-------\Legacy_SMBUSP
-------\Legacy_SNDTDRIVERV32
-------\Legacy_SPCSUTILITYSERVICE
-------\Legacy_SQLAGENT$SONY_MEDIAMGR
-------\Legacy_TAPHSS
-------\Legacy_TBASPI
-------\Legacy_TESTHANDLER
-------\Legacy_THINKPADMODEMSERVICE
-------\Legacy_TMXPFLT
-------\Legacy_TRACKCAM4
-------\Legacy_USBCAMERA
-------\Legacy_USBVCD
-------\Legacy_UTILMAN
-------\Legacy_UXTUNEUP
-------\Legacy_VCLONE
-------\Legacy_VUSBBUS
-------\Legacy_W300MDM
-------\Legacy_W550MDM
-------\Legacy_W550MGMT
-------\Legacy_WDELMGR20
-------\Legacy_WEBSENSECAMSERVER
-------\Legacy_WEBSENSEDCAGENT
-------\Legacy_WEBSENSEUSAGEMONITOR
-------\Legacy_WINVD32
-------\Legacy_WM
-------\Legacy_WPS
-------\Legacy_YUKONWXP
-------\Legacy_Z525OBEX
-------\Legacy_ZPNODECOLLECTOR
-------\Legacy_ZSMC303
-------\Service_APLMp50
-------\Service_AsIO
-------\Service_ati2mpaa
-------\Service_automate5
-------\Service_avgarcln
-------\Service_avpnnic
-------\Service_avupdsvc
-------\Service_AVWLP_USB
-------\Service_bdpredir
-------\Service_belgium_id_card_service
-------\Service_bltrust
-------\Service_btwaudio
-------\Service_BUFADPT
-------\Service_CE3
-------\Service_cicsclient
-------\Service_COMMONFX.DLL
-------\Service_cpqdfw
-------\Service_CTAudSvcService
-------\Service_ctxcpubal
-------\Service_dcevt32
-------\Service_Defrag32b
-------\Service_DELL_A02
-------\Service_dnsexit
-------\Service_DVDVRRdr_xp
-------\Service_elnkservice
-------\Service_epstnt01
-------\Service_F700isw
-------\Service_Fd16_700
-------\Service_FontCache3.0.0.0.
-------\Service_freesshdservice
-------\Service_fsma
-------\Service_HabuFltr
-------\Service_hdaudaddservice
-------\Service_hotspotshieldservice
-------\Service_hpconfig
-------\Service_hsvcmod
-------\Service_https-admserv61
-------\Service_iaimfp4
-------\Service_ICAM3NT5
-------\Service_ICM10USB
-------\Service_IFP700
-------\Service_issimon
-------\Service_IWCA
-------\Service_jaguar
-------\Service_ldlcserv
-------\Service_lvsrvlauncher
-------\Service_LXARScan
-------\Service_lxrjd31d
-------\Service_lxrsii1s
-------\Service_lyncusbserv
-------\Service_mcshield
-------\Service_mgabgexe
-------\Service_Mtlmnt5
-------\Service_NetMsmqActivator
-------\Service_ni_nic
-------\Service_nvcap
-------\Service_NWSIPX32
-------\Service_NxSysMon
-------\Service_oracle_load_balancer_60_server-forms6ip14
-------\Service_ovsecurityserver
-------\Service_pdlnatdl
-------\Service_pelusblf
-------\Service_pilogsrv
-------\Service_qbcfmonitorservice
-------\Service_ramaint
-------\Service_rassstp
-------\Service_retinaengine
-------\Service_roammgr
-------\Service_roxmediadb
-------\Service_rpaservice
-------\Service_RTLE8023xp
-------\Service_SE27obex
-------\Service_se44obex
-------\Service_smartscaps
-------\Service_smbusp
-------\Service_SndTDriverV32
-------\Service_spcsutilityservice
-------\Service_sqlagent$sony_mediamgr
-------\Service_taphss
-------\Service_tbaspi
-------\Service_TestHandler
-------\Service_thinkpadmodemservice
-------\Service_tmxpflt
-------\Service_trackcam4
-------\Service_USBCamera
-------\Service_USBVCD
-------\Service_utilman
-------\Service_UxTuneUp
-------\Service_vclone
-------\Service_vusbbus
-------\Service_w300mdm
-------\Service_w550mdm
-------\Service_w550mgmt
-------\Service_wdelmgr20
-------\Service_websensecamserver
-------\Service_websensedcagent
-------\Service_websenseusagemonitor
-------\Service_WinVd32
-------\Service_wm
-------\Service_wps
-------\Service_yukonwxp
-------\Service_z525obex
-------\Service_zpnodecollector
-------\Service_ZSMC303
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-10 12:47 . 2012-04-10 12:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-10 03:13 . 2012-04-10 03:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-07 14:11 . 2012-04-07 14:11 -------- d-----w- C:\e111f9e36e2307c8ebc0
2012-04-06 03:48 . 2012-04-09 17:43 102400 ----a-w- c:\windows\RegBootClean.exe
2012-04-05 00:38 . 2012-04-05 00:38 -------- d-----w- c:\program files\Common Files\Skype
2012-03-31 12:11 . 2012-03-31 17:47 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 11:55 . 2012-03-31 11:55 -------- d-----w- C:\b90779d6e7bb1c16de8c
2012-03-31 11:55 . 2012-03-31 11:55 -------- d-----w- C:\06f8874658948246fc0a81a1039476
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-09 17:35 . 2012-04-09 17:35 38400 ----a-w- c:\windows\system32\usbniw32.dll
2012-04-09 17:35 . 2012-04-09 17:35 157184 ----a-w- c:\windows\system32\usbnaw32.dll
2012-04-08 03:45 . 2008-11-26 23:32 11264 ----a-w- c:\windows\DCEBoot.exe
2012-03-31 17:47 . 2011-06-10 03:07 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-11 23:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-10_17.39.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-11 11:36 . 2012-04-11 11:36 16384 c:\windows\temp\Perflib_Perfdata_298.dat
+ 2012-04-11 11:37 . 2012-04-11 11:37 16384 c:\windows\temp\Perflib_Perfdata_268.dat
+ 2012-04-11 11:37 . 2007-03-29 12:10 214712 c:\windows\temp\UO3AAB.EXE
+ 2012-04-11 10:55 . 2012-04-11 10:55 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2011-06-18 00:38 . 2011-06-18 00:38 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2012-03-28 22:10 . 2012-03-28 22:10 12098048 c:\windows\Installer\3b5d4c3.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\41058a53-5c39-4601-a9be-4e1e6a0cab89.exe" [2009-07-22 1830128]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-03-29 394952]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2011-08-30 46520]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2011-08-30 738776]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2005-01-06 212992]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\Nuance\OmniPageSE4\OpwareSE4.exe" [2007-06-27 79136]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-21 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bloggie Watcher Utility.lnk - c:\program files\Sony\Bloggie Software\BGVolumeWatcher.exe [2010-11-3 746856]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-6-10 1466200]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASSEH.DLL" [2011-12-10 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 11:35 548352 ----a-w- c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\intelUsb3Sevices]
2012-04-09 17:35 38400 ----a-w- c:\windows\system32\usbniw32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-09-26 22:15 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\usbniw32]
2012-04-09 17:35 38400 ----a-w- c:\windows\system32\usbniw32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Retriever.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Retriever.lnk
backup=c:\windows\pss\Image Retriever.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^SmartScan.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\SmartScan.lnk
backup=c:\windows\pss\SmartScan.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-08-30 17:24 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]
2011-08-30 22:56 46520 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-03-16 09:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 20:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2007-01-30 21:32 102400 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJTWAIN Setup]
2004-09-01 15:45 126976 ----a-w- c:\windows\twain_32\Fjscan32\FjtwSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 15:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-08-03 20:09 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-01-22 17:53 212992 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-19 05:26 303104 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
2010-09-11 21:18 32960 ----a-w- c:\program files\Starfield\starfieldupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\matt.thomas\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 NEOFLTR_630_14121;Juniper Networks TDI Filter Driver (NEOFLTR_630_14121);c:\windows\system32\drivers\NEOFLTR_630_14121.sys [3/26/2009 11:02 PM 64480]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASDIFSV.SYS [11/17/2008 4:11 PM 12880]
R2 !SASCORE;SAS Core Service;c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE [12/7/2010 4:33 PM 116608]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
R2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 1:47 PM 1310960]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/12/2011 3:03 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 4:09 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2011 2:26 PM 652360]
R2 NEC Usb3;NEC USB3 Service;c:\windows\System32\svchost.exe -k NECUsb3s [8/11/2004 7:00 PM 14336]
R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [8/14/2009 11:44 AM 31232]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\tmxpflt.sys [9/17/2007 2:40 PM 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [9/17/2007 2:40 PM 36368]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 7:00 PM 5120]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\WebDrive\wdfsd.sys [4/28/2006 4:23 AM 165888]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2011 2:26 PM 20464]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\matt.thomas\Desktop\SASKUTIL.sys --> c:\documents and settings\matt.thomas\Desktop\SASKUTIL.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 8:11 AM 253600]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/9/2012 11:13 PM 40776]
S3 SASENUM;SASENUM;\??\c:\documents and settings\matt.thomas\Desktop\SASENUM.SYS --> c:\documents and settings\matt.thomas\Desktop\SASENUM.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NECUsb3s REG_MULTI_SZ NEC Usb3
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:47]
.
2012-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-03-27 c:\windows\Tasks\HP DArC Task 2003-08-20 09:23ewlett-Packard-6002003-08-20 18:57Y3A733072K3.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 18:57]
.
2012-04-08 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2009-03-27 21:23]
.
2012-04-11 c:\windows\Tasks\User_Feed_Synchronization-{AEF3A359-68A8-427C-8F9A-70E8242AF0B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\biolsp.dll
Trusted Zone: listen.com\www
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxConsole.cab
FF - ProfilePath - c:\documents and settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home|http://email14.secureserver.net/webmail.php|https://teambeachbody.com/home?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-11 07:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1288)
c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\usbniw32.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\wdnp32.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\wdUIResDll.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(1348)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(2752)
c:\windows\system32\WININET.dll
c:\program files\Nuance\OmniPageSE4\OpHookSE4.dll
c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\wdnp32.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\wdUIResDll.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\StacSV.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\WebDrive\wdService.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\TEMP\UO3AAB.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-04-11 07:51:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-11 11:51
ComboFix2.txt 2012-04-10 17:51
ComboFix3.txt 2011-12-14 02:01
.
Pre-Run: 7,736,385,536 bytes free
Post-Run: 7,734,206,464 bytes free
.
- - End Of File - - 318DED2ED70E1B7023D82032A427D13B

#14 mattymatt

mattymatt
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 11 April 2012 - 08:54 PM

I just took a screenshot of that Mini Web Browser that keeps popping up when I lock my screen. Attached is the pic of it. Seems very strange....

Attached Files



#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:43 PM

Posted 12 April 2012 - 01:36 AM

Hi Matt!

I have noticed that when I "lock" my screen, or when I restart my computer, there is a dialog box that opens up that says "mini web browser" at the top. It is split into 2 boxes and the lower box has a check box that says "show links" and then there is buttons to clear the links, and 3 test buttons. There is never anything else listed inside those boxes. During start up, the box disappears on its own, but when I have my screen locked, I have to click the X to close it. It started to appear, I think, after I did the TDSSKiller in safe mode. Is it something we should worry about?

That's really strange! It almost seems like it's used for some sort of malicious intent.

We're going to work on fixing that malicious partition right now. Lets see if that issue goes away after we fix the malicious partition.

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • You'll need to ensure that you select the xpud-0.9.2.iso as the source.
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users