Solved Possible TDL3 Infection and other Infections for sure

[Resolved] Possible TDL3 Infection and other Infections for sure

Man, this machine is a mess. Running under my own account I can't even get anything done anymore. I was working with Malwarebytes and we had discovered a number of infections and a TDL rootkit but didn't get it completely resolved due to an illness on the part of the person assisting me. The lag between running combofix and TDSSKiller resulted in the machine becoming reinfected and it's in about the same shape now as when I initially started with them.

The link to the thread at mawarebytes is:
http://forums.malwarebytes.org/index.php?showtopic=71584&st=0

I've told them to close that thread.

The MBAM log and GMER log are in this post. The next post will contain the MBRCheck and dds logs.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5491

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/9/2011 8:12:59 PM
mbam-log-2011-01-09 (20-12-59).txt

Scan type: Quick scan
Objects scanned: 202031
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\nbwhgyyindfv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\programdata\ogfxkqndtf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\programdata\tqlg2uwypla.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\programdata\vxuogjsmee.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\dcarlson\AppData\Local\temp\A295.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\dcarlson\AppData\Local\temp\5ADB.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-09 20:43:20
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 HTS541010G9SA00 rev.MBZIC60R
Running: t6hg8dhd7fh2.exe; Driver: C:\Users\IT_Admin\AppData\Local\Temp\ugryrpow.sys


---- System - GMER 1.0.15 ----

SSDT 85FC5668 ZwAlertResumeThread
SSDT 85FC5748 ZwAlertThread
SSDT 85FC7088 ZwAllocateVirtualMemory
SSDT 85FCF9F0 ZwCreateMutant
SSDT 85FC72B0 ZwCreateThread
SSDT 85FC8E68 ZwFreeVirtualMemory
SSDT 85FC54A8 ZwImpersonateAnonymousToken
SSDT 85FC5588 ZwImpersonateThread
SSDT 85FC51F0 ZwMapViewOfSection
SSDT 85FCF910 ZwOpenEvent
SSDT 85FC4F40 ZwOpenProcessToken
SSDT 85FC6F60 ZwOpenThreadToken
SSDT 85FDAF28 ZwResumeThread
SSDT 85FC6E80 ZwSetContextThread
SSDT 85FC5098 ZwSetInformationProcess
SSDT 85FC79A8 ZwSetInformationThread
SSDT 85FCF830 ZwSuspendProcess
SSDT 85FC7828 ZwSuspendThread
SSDT 85FCE138 ZwTerminateProcess
SSDT 85FC78E8 ZwTerminateThread
SSDT 85FC7050 ZwUnmapViewOfSection
SSDT 85FC8F38 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C7A599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C9EF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 224 82CA6734 8 Bytes [68, 56, FC, 85, 48, 57, FC, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82CA674C 4 Bytes [88, 70, FC, 85]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82CA6828 4 Bytes [F0, F9, FC, 85]
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82CA685C 4 Bytes [B0, 72, FC, 85]
.text ntkrnlpa.exe!RtlSidHashLookup + 3FC 82CA690C 4 Bytes [68, 8E, FC, 85]
.text ...
? System32\drivers\tdaukh.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x96214000, 0x23097E, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000061 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\prepdrvr \Device\PrepDrv AE097486

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0016cfddcb32
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0016cfddcb32@30694b8a6216 0xDC 0xA4 0xCD 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00218664ff56
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0016cfddcb32 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0016cfddcb32@30694b8a6216 0xDC 0xA4 0xCD 0x92 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00218664ff56 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId 379
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\380
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\380@CrawlType 3
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\380@InProgress 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\380@DoneAddingCrawlSeeds 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\380@IsCatalogLevel 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\380@LogStartAddId 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\381
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\381@CrawlType 2
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\381@InProgress 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\381@DoneAddingCrawlSeeds 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\381@IsCatalogLevel 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\381@LogStartAddId 13
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\1@CrawlNumberInProgress 380
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\13@CrawlNumberInProgress 381

---- EOF - GMER 1.0.15 ----

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Enterprise Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 2623D3U
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 222):
0x82C37000 \SystemRoot\system32\ntkrnlpa.exe
0x82C00000 \SystemRoot\system32\halmacpi.dll
0x80BA2000 \SystemRoot\system32\kdcom.dll
0x8323D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x832B5000 \SystemRoot\system32\PSHED.dll
0x832C6000 \SystemRoot\system32\BOOTVID.dll
0x832CE000 \SystemRoot\system32\CLFS.SYS
0x83310000 \SystemRoot\system32\CI.dll
0x833BB000 \SystemRoot\System32\drivers\tdaukh.sys
0x88C12000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88C83000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88C91000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x88CD9000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x88CE2000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x88CEA000 \SystemRoot\system32\DRIVERS\pci.sys
0x88D14000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x88D1F000 \SystemRoot\System32\drivers\partmgr.sys
0x88D30000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x88D38000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88D43000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x88D53000 \SystemRoot\System32\drivers\volmgrx.sys
0x88D9E000 \SystemRoot\system32\DRIVERS\intelide.sys
0x88DA5000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x88DB3000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x88DE1000 \SystemRoot\System32\drivers\mountmgr.sys
0x88DF7000 \SystemRoot\system32\DRIVERS\atapi.sys
0x833C9000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x88C00000 \SystemRoot\system32\DRIVERS\msahci.sys
0x833EC000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x83200000 \SystemRoot\system32\drivers\fltmgr.sys
0x88E10000 \SystemRoot\system32\drivers\fileinfo.sys
0x88E21000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x88E2A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88F59000 \SystemRoot\System32\Drivers\msrpc.sys
0x88F84000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88F97000 \SystemRoot\System32\Drivers\cng.sys
0x88E00000 \SystemRoot\System32\drivers\pcw.sys
0x88FF4000 \SystemRoot\System32\DRIVERS\DozeHDD.sys
0x83234000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8903C000 \SystemRoot\system32\drivers\ndis.sys
0x890F3000 \SystemRoot\system32\drivers\NETIO.SYS
0x89131000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x89237000 \SystemRoot\System32\drivers\tcpip.sys
0x89380000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x893B1000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x893BA000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x89200000 \SystemRoot\System32\Drivers\spldr.sys
0x89208000 \SystemRoot\System32\drivers\rdyboost.sys
0x89156000 \SystemRoot\System32\Drivers\mup.sys
0x89166000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8916E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x891A0000 \SystemRoot\system32\DRIVERS\disk.sys
0x891B1000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x89011000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E418000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x8E463000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110109.003\NAVEX15.SYS
0x8E5AE000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8E5D3000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110109.003\NAVENG.SYS
0x8E5E7000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x8E5F1000 \SystemRoot\System32\Drivers\Null.SYS
0x8E5F8000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E400000 \SystemRoot\System32\drivers\vga.sys
0x92A0A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x92A2B000 \SystemRoot\System32\drivers\watchdog.sys
0x92A38000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x92A40000 \SystemRoot\system32\drivers\rdpencdd.sys
0x92A48000 \SystemRoot\system32\drivers\rdprefmp.sys
0x92A50000 \SystemRoot\System32\Drivers\Msfs.SYS
0x92A5B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x92A69000 \SystemRoot\system32\DRIVERS\tdx.sys
0x92A80000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x92A8B000 \SystemRoot\system32\drivers\afd.sys
0x92AE5000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92B17000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x92B1E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x92B3D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x92B65000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92B78000 \SystemRoot\System32\drivers\truecrypt.sys
0x92BAD000 \SystemRoot\System32\drivers\Tppwr32v.sys
0x92BB4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x92005000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x9206F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x92094000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9209A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x920DB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x920E5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x920EF000 \SystemRoot\system32\DRIVERS\smiif32.sys
0x920F1000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9214F000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9216C000 \SystemRoot\System32\drivers\discache.sys
0x92178000 \SystemRoot\system32\drivers\csc.sys
0x921DC000 \SystemRoot\System32\Drivers\dfsc.sys
0x92BC4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x92BD2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x921F4000 \SystemRoot\system32\DRIVERS\rdpdispm.sys
0x95C3B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x96213000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x95C4D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x95D04000 \SystemRoot\System32\drivers\dxgmms1.sys
0x95D3D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x95D5C000 \SystemRoot\system32\DRIVERS\e1e6232.sys
0x97035000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x97691000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9769C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x976E7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x976F6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9770E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9771B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x97752000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x97754000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9776B000 \SystemRoot\system32\DRIVERS\parport.sys
0x97783000 \SystemRoot\system32\DRIVERS\nscirda.sys
0x9778B000 \SystemRoot\system32\drivers\irenum.sys
0x97794000 \SystemRoot\system32\drivers\tpm.sys
0x977A0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x977A4000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x977A8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x977AE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x977BB000 \SystemRoot\system32\DRIVERS\serscan.sys
0x977C3000 \SystemRoot\System32\Drivers\RootMdm.sys
0x977CB000 \SystemRoot\system32\drivers\modem.sys
0x977D8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x97000000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x97018000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x95D95000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x95DB7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x95DCF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x95DE6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x97023000 \SystemRoot\system32\DRIVERS\covpnwlh.sys
0x9702B000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x977EA000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x977F4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x95C00000 \SystemRoot\system32\DRIVERS\ks.sys
0x96200000 \SystemRoot\system32\DRIVERS\umbus.sys
0x97837000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9787B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9788C000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x978EF000 \SystemRoot\system32\drivers\portcls.sys
0x9791E000 \SystemRoot\system32\drivers\drmk.sys
0x97937000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x97A1D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x97B20000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x97BD4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x99900000 \SystemRoot\System32\win32k.sys
0x97BEB000 \SystemRoot\System32\drivers\Dxapi.sys
0x97A00000 \SystemRoot\System32\Drivers\crashdmp.sys
0x97A0D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x97BF5000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x97974000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x979AF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99B60000 \SystemRoot\System32\TSDDD.dll
0x99B90000 \SystemRoot\System32\cdd.dll
0x99BB0000 \SystemRoot\System32\ATMFD.DLL
0x979BA000 \SystemRoot\system32\drivers\luafv.sys
0x979D5000 \SystemRoot\system32\drivers\WudfPf.sys
0x97985000 \SystemRoot\system32\DRIVERS\irda.sys
0x97821000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A016000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A05C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A06C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A07F000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9A0A9000 \SystemRoot\system32\drivers\HTTP.sys
0x9A12E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A14F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A168000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A17A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9A19D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9A1D8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA163D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA168C000 \SystemRoot\System32\DRIVERS\srv.sys
0xA16DD000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA16E4000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA16E8000 \SystemRoot\system32\drivers\peauth.sys
0xA177F000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA1789000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA1796000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA179E000 \SystemRoot\System32\drivers\rdpdr.sys
0xA17C3000 \SystemRoot\system32\drivers\tdtcp.sys
0xA17CD000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA1600000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA17DA000 \??\C:\Users\IT_Admin\AppData\Local\Temp\ugryrpow.sys
0xAE08E000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xAE097000 \??\C:\Windows\system32\CCM\prepdrv.sys
0x77D30000 \Windows\System32\ntdll.dll
0x47BE0000 \Windows\System32\smss.exe
0x77F70000 \Windows\System32\apisetschema.dll
0x00360000 \Windows\System32\autochk.exe
0x77F50000 \Windows\System32\normaliz.dll
0x77F40000 \Windows\System32\nsi.dll
0x77EF0000 \Windows\System32\Wldap32.dll
0x77ED0000 \Windows\System32\imm32.dll
0x770E0000 \Windows\System32\shell32.dll
0x77030000 \Windows\System32\msvcrt.dll
0x77EA0000 \Windows\System32\imagehlp.dll
0x76FF0000 \Windows\System32\ws2_32.dll
0x76F90000 \Windows\System32\difxapi.dll
0x76F30000 \Windows\System32\shlwapi.dll
0x76EE0000 \Windows\System32\gdi32.dll
0x77E90000 \Windows\System32\lpk.dll
0x76D40000 \Windows\System32\setupapi.dll
0x76C00000 \Windows\System32\urlmon.dll
0x76B30000 \Windows\System32\user32.dll
0x76A30000 \Windows\System32\wininet.dll
0x769A0000 \Windows\System32\oleaut32.dll
0x76840000 \Windows\System32\ole32.dll
0x76640000 \Windows\System32\iertutil.dll
0x765A0000 \Windows\System32\usp10.dll
0x76500000 \Windows\System32\advapi32.dll
0x77E70000 \Windows\System32\sechost.dll
0x76480000 \Windows\System32\comdlg32.dll
0x76470000 \Windows\System32\psapi.dll
0x763E0000 \Windows\System32\clbcatq.dll
0x76330000 \Windows\System32\rpcrt4.dll
0x76260000 \Windows\System32\msctf.dll
0x76180000 \Windows\System32\kernel32.dll
0x760F0000 \Windows\System32\comctl32.dll
0x760A0000 \Windows\System32\KernelBase.dll
0x76070000 \Windows\System32\wintrust.dll
0x75F50000 \Windows\System32\crypt32.dll
0x75F30000 \Windows\System32\devobj.dll
0x75F00000 \Windows\System32\cfgmgr32.dll
0x75EF0000 \Windows\System32\msasn1.dll

Processes (total 75):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
392 csrss.exe
464 C:\Windows\System32\wininit.exe
472 csrss.exe
512 C:\Windows\System32\services.exe
552 C:\Windows\System32\winlogon.exe
580 C:\Windows\System32\lsass.exe
588 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\svchost.exe
776 C:\Windows\System32\ibmpmsvc.exe
828 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\atiesrxx.exe
984 C:\Windows\System32\Ati2evxx.exe
1008 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1456 C:\Program Files\Symantec AntiVirus\Smc.exe
1504 C:\Windows\System32\svchost.exe
1584 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1592 C:\Windows\System32\wlanext.exe
1600 C:\Windows\System32\conhost.exe
1760 C:\Windows\System32\spoolsv.exe
1828 C:\Windows\System32\svchost.exe
1876 C:\Windows\System32\svchost.exe
348 C:\Windows\System32\AEADISRV.EXE
812 C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
1164 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1380 C:\Program Files\Bonjour\mDNSResponder.exe
1304 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
1084 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2164 C:\Windows\System32\Ati2evxx.exe
2212 C:\Windows\System32\Ati2evxx.exe
2224 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2308 C:\Windows\System32\svchost.exe
2840 C:\Windows\System32\dwm.exe
2856 C:\Windows\System32\taskhost.exe
2900 C:\Windows\explorer.exe
3332 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3340 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
3364 C:\Program Files\Analog Devices\Core\smax4pnp.exe
3388 C:\Windows\System32\rundll32.exe
3396 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3432 C:\Program Files\Microsoft IntelliType Pro\itype.exe
3448 C:\Program Files\iTunes\iTunesHelper.exe
3600 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
3936 C:\Windows\System32\svchost.exe
3976 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
4080 C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
2184 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2156 C:\Windows\System32\drivers\XAudio.exe
2596 C:\Windows\System32\CCM\CcmExec.exe
2632 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2908 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3000 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3268 WmiPrvSE.exe
4248 unsecapp.exe
4364 C:\Program Files\iPod\bin\iPodService.exe
4688 C:\Windows\System32\SearchIndexer.exe
4828 C:\Program Files\Symantec AntiVirus\SmcGui.exe
4836 C:\Windows\System32\svchost.exe
4868 C:\Windows\System32\svchost.exe
5172 WmiPrvSE.exe
5580 C:\Program Files\Windows Media Player\wmpnetwk.exe
4952 C:\Windows\System32\svchost.exe
5672 WmiPrvSE.exe
4108 C:\Windows\System32\svchost.exe
2656 C:\Windows\System32\SearchProtocolHost.exe
2444 C:\Windows\System32\SearchFilterHost.exe
2576 C:\Windows\System32\audiodg.exe
4352 C:\Users\IT_Admin\Desktop\hds7hsaskd7.exe
1028 C:\Windows\System32\conhost.exe
4196 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: HTS541010G9SA00, Rev: MBZIC60R

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!


DDS (Ver_10-12-12.02) - NTFSx86
Run by IT_Admin at 20:45:43.40 on Sun 01/09/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2046.986 [GMT -6:00]

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\IT_Admin\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = https://theWire.CompuCom.com
uDefault_Page_URL = https://theWire.CompuCom.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe "
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
uPolicies-explorer: ClearRecentProgForNewUserInStartMenu = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: att.com\*.teleconference
Trusted Zone: brainshark.com
Trusted Zone: concursolutions.com
Trusted Zone: desktop-shipping.com
Trusted Zone: fidelity.com
Trusted Zone: ge.com\*.gecits
Trusted Zone: hrdpt.com\compucom
Trusted Zone: hrdpt.com\compucomdev
Trusted Zone: ingrammicro.ca
Trusted Zone: ingrammicro.com
Trusted Zone: livemeeting.com
Trusted Zone: medco.com
Trusted Zone: placemeeting.com
Trusted Zone: synnex.ca
Trusted Zone: synnex.com
Trusted Zone: techdata.ca
Trusted Zone: techdata.com
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - c:\users\dcarlson\appdata\local\temp\f5tmp\urxvpn.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\users\dcarlson\appdata\local\temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\users\dcarlson\appdata\local\temp\f5tmp\InstallerControl.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - c:\users\dcarlson\appdata\local\temp\f5tmp\urxshost.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\dcarlson\appdata\local\temp\f5tmp\urxhost.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-6-17 24304]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-12 13480]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-17 1153368]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2010-7-23 1831024]
R2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-31 102448]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-1-13 6628352]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-9-22 15488]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpnwlh.sys [2009-8-20 34944]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 135664]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-8-25 29472]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-6-17 132456]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [2009-12-27 13952]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-6-17 75112]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rismc32.sys [2006-10-3 47488]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-13 1343400]

=============== Created Last 30 ================

2011-01-07 20:39:51 -------- d-----w- c:\users\it_admin\appdata\roaming\Intel
2011-01-05 18:21:02 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{66f485b6-5725-434e-aaa5-3540e2dcda91}\mpengine.dll
2011-01-04 17:41:23 -------- d-----w- c:\users\it_admin\appdata\local\temp
2011-01-04 16:15:45 89088 ----a-w- c:\windows\MBR.exe
2011-01-04 16:15:44 256512 ----a-w- c:\windows\PEV.exe
2011-01-04 16:15:44 161792 ----a-w- c:\windows\SWREG.exe
2011-01-04 16:15:43 98816 ----a-w- c:\windows\sed.exe
2011-01-02 21:09:57 -------- d-----w- c:\users\it_admin\appdata\local\Eraser 6
2010-12-31 23:44:45 -------- d-----w- c:\users\it_admin\appdata\roaming\Malwarebytes
2010-12-31 22:01:00 -------- d-----w- c:\users\it_admin\appdata\local\Adobe
2010-12-31 21:53:32 -------- d-----w- c:\users\it_admin\appdata\local\Symantec
2010-12-31 17:45:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-31 17:45:24 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-31 17:20:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-31 17:20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-27 22:27:11 -------- d-----w- c:\program files\Rusys
2010-12-22 18:11:18 -------- d-----w- c:\program files\Airport Mania 2 - Wild Trips Premium Edition
2010-12-20 17:07:52 516096 ----a-w- c:\program files\windows mail\wab.exe
2010-12-20 17:07:51 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-20 17:07:46 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-20 17:07:46 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-12-20 17:07:45 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-20 17:07:45 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-12-20 17:07:44 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-20 17:07:42 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-12-20 17:07:19 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-20 17:07:02 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-20 17:06:59 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-20 17:04:35 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-17 20:26:21 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-17 20:24:03 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-17 20:23:14 978944 ----a-w- c:\windows\system32\wininet.dll
2010-12-17 20:22:11 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
2010-12-17 20:21:53 386048 ----a-w- c:\windows\system32\html.iec
2010-12-17 20:21:09 860160 ----a-w- c:\program files\internet explorer\iedvtool.dll
2010-12-17 20:19:17 673040 ----a-w- c:\program files\internet explorer\iexplore.exe
2010-12-17 20:15:09 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-17 20:14:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-17 18:23:49 -------- d-----w- c:\program files\iPod
2010-12-17 18:06:02 -------- d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-10-30 06:42:54 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 20:44:21 528384 ----a-w- c:\program files\FTPWanderer.exe

============= FINISH: 20:47:00.93 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume2
Install Date: 2/15/2010 6:44:07 AM
System Uptime: 1/9/2011 8:14:14 PM (0 hours ago)

Motherboard: LENOVO | | 2623D3U
Processor: Genuine Intel(R) CPU T2500 @ 2.00GHz | None | 1995/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 93 GiB total, 53.777 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Flash Disk
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&3&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USB_2.0&PROD_FLASH_DISK&REV_1100#AB00090000009925&0#
Manufacturer: USB 2.0
Name: E:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&3&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USB_2.0&PROD_FLASH_DISK&REV_1100#AB00090000009925&0#
Service: WUDFRd

Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
Description: Communications Port
Device ID: ACPI\PNP0501\1
Manufacturer: (Standard port types)
Name: Communications Port (COM1)
PNP Device ID: ACPI\PNP0501\1
Service: Serial

Class GUID: {53d29ef7-377c-4d14-864b-eb3a85769359}
Description: TouchChip Fingerprint Coprocessor (WBF advanced mode)
Device ID: USB\VID_0483&PID_2016\5&2FAE831F&0&2
Manufacturer: UPEK
Name: TouchChip Fingerprint Coprocessor (WBF advanced mode)
PNP Device ID: USB\VID_0483&PID_2016\5&2FAE831F&0&2
Service: WUDFRd

==== System Restore Points ===================

RP211: 1/5/2011 12:19:15 PM - Windows Update
RP213: 1/7/2011 8:23:29 PM - Windows Defender Checkpoint
RP214: 1/8/2011 1:00:40 AM - Windows Backup

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Airport Mania 2 - Wild Trips Premium Edition version R 593
APC PowerChute Personal Edition v2.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.11 (Unicode)
AuthenTec TrueSuite
AutoSketch Release 9
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
bodybugg Software
Bonjour
Brother MFL-Pro Suite MFC-7820N
CadStd
Citrix XenApp Web Plugin
ClarifyCRM 6.0.1.19 Client for Oracle
Collectorz.com Book Collector
Configuration Manager Client
ConvertHelper 2.2
Cool Timer 3.6
D3DX10
DartPro 2.9.0.0
Eraser 6.0.6.1376
Evernote v. 4.0.2
ffdshow v1.1.3631 [2010-11-15]
Flip
Formatter Plus V1.4
Free DWG Viewer 6.3
Google Calendar Sync
Google Earth
Google Update Helper
Google Video Viewer 1.0 (based on VLC 0.8.2 Player)
inSSIDer
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
IrfanView (remove only)
iTunes
IZArc 4.1
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
LAME v3.98.2 for Audacity
Lenovo System Interface Driver
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
Mesh Runtime
Microsoft Application Error Reporting
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft IntelliPoint 8.0
Microsoft IntelliType Pro 8.0
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewsBin Pro
PaperPort
PL/SQL Developer
PrimoPDF -- brought to you by Nitro PDF Software
Qlock Lite
QuickPar 0.9
QuickTime
Roxio Media Manager
ScreenPrint32 v3.5
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB982127)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Service Tracker
Spybot - Search & Destroy
SpywareBlaster 4.4
SUPERAntiSpyware Free Edition
Symantec Endpoint Protection
SyncBack
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
TrueCrypt
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2466076)
Van Dyke Technologies CRT 3.3
VLC media player 1.1.0
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Wisdom-soft Set up ScreenHunter 5.1 Free
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

1/9/2011 8:19:03 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2011 8:18:43 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
1/9/2011 8:15:57 PM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
1/9/2011 8:14:55 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
1/9/2011 8:14:53 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain COMPUCOM due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
1/9/2011 8:14:35 PM, Error: Serial [36] - While validating that \Device\Serial0 was really a serial port, the contents of the divisor latch register was identical to the interrupt enable and the receive registers. The device is assumed not to be a serial port and will be deleted.
1/9/2011 7:56:55 PM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
1/9/2011 7:56:55 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/9/2011 7:19:45 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
1/9/2011 6:56:48 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {EE1BD859-AACD-48FE-A9B6-9358DC21ADAE} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/7/2011 2:32:20 PM, Error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2011 2:37:52 PM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

==== End Of File ===========================

 

Here is the Combofix log:

ComboFix 11-01-09.03 - IT_Admin 01/10/2011 9:37.2.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2046.1005 [GMT -6:00]
Running from: c:\users\IT_Admin\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\dcarlson\AppData\Local\{4BD80428-2C3A-4261-A14E-B6C57AD4E511}
c:\users\dcarlson\AppData\Local\{4BD80428-2C3A-4261-A14E-B6C57AD4E511}\chrome.manifest
c:\users\dcarlson\AppData\Local\{4BD80428-2C3A-4261-A14E-B6C57AD4E511}\chrome\content\_cfg.js
c:\users\dcarlson\AppData\Local\{4BD80428-2C3A-4261-A14E-B6C57AD4E511}\chrome\content\overlay.xul
c:\users\dcarlson\AppData\Local\{4BD80428-2C3A-4261-A14E-B6C57AD4E511}\install.rdf
c:\users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Disk
c:\users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Disk\My Disk.lnk
c:\users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Disk\Uninstall My Disk.lnk

.
((((((((((((((((((((((((( Files Created from 2010-12-10 to 2011-01-10 )))))))))))))))))))))))))))))))
.

2011-01-10 15:49 . 2011-01-10 15:49 -------- d-----w- c:\users\wbrownin\AppData\Local\temp
2011-01-10 15:49 . 2011-01-10 15:49 -------- d-----w- c:\users\IT_Admin\AppData\Local\temp
2011-01-10 15:49 . 2011-01-10 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-10 15:49 . 2011-01-10 15:49 -------- d-----w- c:\users\dcarlson\AppData\Local\temp
2011-01-10 15:49 . 2011-01-10 15:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-01-10 15:49 . 2011-01-10 15:49 -------- d-----w- c:\users\admdswlb\AppData\Local\temp
2011-01-07 20:39 . 2011-01-07 20:39 -------- d-----w- c:\users\IT_Admin\AppData\Roaming\Intel
2011-01-07 19:58 . 2011-01-09 23:37 0 ----a-w- c:\users\dcarlson\AppData\Local\Jkuxoqo.bin
2011-01-05 18:21 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66F485B6-5725-434E-AAA5-3540E2DCDA91}\mpengine.dll
2011-01-02 21:09 . 2011-01-02 21:09 -------- d-----w- c:\users\IT_Admin\AppData\Local\Eraser 6
2010-12-31 23:44 . 2010-12-31 23:44 -------- d-----w- c:\users\IT_Admin\AppData\Roaming\Malwarebytes
2010-12-31 22:01 . 2010-12-31 22:01 -------- d-----w- c:\users\IT_Admin\AppData\Local\Adobe
2010-12-31 21:54 . 2010-12-31 21:54 -------- d-----w- c:\users\IT_Admin\AppData\Roaming\Apple Computer
2010-12-31 21:53 . 2010-12-31 21:53 -------- d-----w- c:\users\IT_Admin\AppData\Local\Symantec
2010-12-31 17:45 . 2010-12-31 17:45 -------- d-----w- c:\users\dcarlson\AppData\Roaming\Malwarebytes
2010-12-31 17:45 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-31 17:45 . 2010-12-31 17:45 -------- d-----w- c:\programdata\Malwarebytes
2010-12-31 17:20 . 2010-12-31 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-31 17:20 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-27 22:27 . 2010-12-27 22:27 -------- d-----w- c:\program files\Rusys
2010-12-22 18:12 . 2010-12-23 16:11 -------- d-----w- c:\users\dcarlson\AppData\Local\AirportMania2
2010-12-22 18:11 . 2010-12-22 18:11 -------- d-----w- c:\program files\Airport Mania 2 - Wild Trips Premium Edition
2010-12-20 17:07 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-20 17:07 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-20 17:07 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-12-20 17:07 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-20 17:07 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-20 17:07 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-12-20 17:07 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-20 17:07 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-12-20 17:07 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-20 17:07 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-20 17:06 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-20 17:04 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-17 20:26 . 2010-11-04 04:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-17 20:24 . 2010-11-04 05:48 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-17 20:23 . 2010-11-04 05:52 978944 ----a-w- c:\windows\system32\wininet.dll
2010-12-17 20:22 . 2010-11-04 05:48 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2010-12-17 20:21 . 2010-11-04 04:41 386048 ----a-w- c:\windows\system32\html.iec
2010-12-17 20:21 . 2010-11-04 05:48 860160 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2010-12-17 20:19 . 2010-11-04 05:54 673040 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2010-12-17 20:15 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-17 20:14 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-17 18:23 . 2010-12-17 18:23 -------- d-----w- c:\program files\iPod
2010-12-17 18:06 . 2010-12-17 18:06 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-04 22:17 . 2009-07-13 23:11 245328 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-10-30 06:42 . 2010-11-22 17:19 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-19 16:41 . 2009-12-28 01:42 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 20:44 . 2006-06-30 01:40 528384 ----a-w- c:\program files\FTPWanderer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-07-23 115560]
"Eraser "= "c:\progra~1\Eraser\Eraser.exe" [2009-12-15 976784]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"PWMTRV "= "c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-05-12 894312]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"itype "= "c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
"HideFastUserSwitching "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentProgForNewUserInStartMenu "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1 "=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 135664]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-12-02 29472]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-05-12 132456]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [2009-08-20 13952]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-05-12 75112]
R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismc32.sys [2006-10-03 47488]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-12 1343400]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-05-12 24304]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-28 102448]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-01-13 6628352]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-09-22 15488]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnwlh.sys [2009-08-20 34944]


--- Other Services/Drivers In Memory ---

*Deregistered* - ugryrpow
.
Contents of the 'Scheduled Tasks' folder

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 20:20]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 20:20]

2011-01-10 c:\windows\Tasks\SyncBack C_Drive_Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-03-01 16:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: att.com\*.teleconference
Trusted Zone: brainshark.com
Trusted Zone: concursolutions.com
Trusted Zone: desktop-shipping.com
Trusted Zone: fidelity.com
Trusted Zone: ge.com\*.gecits
Trusted Zone: hrdpt.com\compucom
Trusted Zone: hrdpt.com\compucomdev
Trusted Zone: ingrammicro.ca
Trusted Zone: ingrammicro.com
Trusted Zone: livemeeting.com
Trusted Zone: medco.com
Trusted Zone: placemeeting.com
Trusted Zone: synnex.ca
Trusted Zone: synnex.com
Trusted Zone: techdata.ca
Trusted Zone: techdata.com
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-10 09:56:24
ComboFix-quarantined-files.txt 2011-01-10 15:56

Pre-Run: 57,733,656,576 bytes free
Post-Run: 57,550,446,592 bytes free

- - End Of File - - 0ECB7AFF6979243DA0D2FE9BB33C5E11

 

I completely forgot about Windows Defender and noticed that it was running after the scan log generated.
I stopped it and ran Combofix again. Hopefully that wasn't a problem.
Here is that log file.

ComboFix 11-01-09.03 - IT_Admin 01/10/2011 10:08:01.3.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2046.887 [GMT -6:00]
Running from: c:\users\IT_Admin\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-10 to 2011-01-10 )))))))))))))))))))))))))))))))
.

2011-01-10 16:18 . 2011-01-10 16:18 -------- d-----w- c:\users\wbrownin\AppData\Local\temp
2011-01-10 16:18 . 2011-01-10 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-10 16:18 . 2011-01-10 16:18 -------- d-----w- c:\users\dcarlson\AppData\Local\temp
2011-01-10 16:18 . 2011-01-10 16:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-01-10 16:18 . 2011-01-10 16:18 -------- d-----w- c:\users\admdswlb\AppData\Local\temp
2011-01-10 15:56 . 2011-01-10 16:18 -------- d-----w- c:\users\IT_Admin\AppData\Local\temp
2011-01-07 20:39 . 2011-01-07 20:39 -------- d-----w- c:\users\IT_Admin\AppData\Roaming\Intel
2011-01-07 19:58 . 2011-01-09 23:37 0 ----a-w- c:\users\dcarlson\AppData\Local\Jkuxoqo.bin
2011-01-05 18:21 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66F485B6-5725-434E-AAA5-3540E2DCDA91}\mpengine.dll
2011-01-02 21:09 . 2011-01-02 21:09 -------- d-----w- c:\users\IT_Admin\AppData\Local\Eraser 6
2010-12-31 23:44 . 2010-12-31 23:44 -------- d-----w- c:\users\IT_Admin\AppData\Roaming\Malwarebytes
2010-12-31 22:01 . 2010-12-31 22:01 -------- d-----w- c:\users\IT_Admin\AppData\Local\Adobe
2010-12-31 21:54 . 2010-12-31 21:54 -------- d-----w- c:\users\IT_Admin\AppData\Roaming\Apple Computer
2010-12-31 21:53 . 2010-12-31 21:53 -------- d-----w- c:\users\IT_Admin\AppData\Local\Symantec
2010-12-31 17:45 . 2010-12-31 17:45 -------- d-----w- c:\users\dcarlson\AppData\Roaming\Malwarebytes
2010-12-31 17:45 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-31 17:45 . 2010-12-31 17:45 -------- d-----w- c:\programdata\Malwarebytes
2010-12-31 17:20 . 2010-12-31 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-31 17:20 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-27 22:27 . 2010-12-27 22:27 -------- d-----w- c:\program files\Rusys
2010-12-22 18:12 . 2010-12-23 16:11 -------- d-----w- c:\users\dcarlson\AppData\Local\AirportMania2
2010-12-22 18:11 . 2010-12-22 18:11 -------- d-----w- c:\program files\Airport Mania 2 - Wild Trips Premium Edition
2010-12-20 17:07 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-20 17:07 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-20 17:07 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-12-20 17:07 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-20 17:07 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-20 17:07 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-12-20 17:07 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-20 17:07 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-12-20 17:07 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-20 17:07 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-20 17:06 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-20 17:04 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-17 20:26 . 2010-11-04 04:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-17 20:24 . 2010-11-04 05:48 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-17 20:23 . 2010-11-04 05:52 978944 ----a-w- c:\windows\system32\wininet.dll
2010-12-17 20:22 . 2010-11-04 05:48 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2010-12-17 20:21 . 2010-11-04 04:41 386048 ----a-w- c:\windows\system32\html.iec
2010-12-17 20:21 . 2010-11-04 05:48 860160 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2010-12-17 20:19 . 2010-11-04 05:54 673040 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2010-12-17 20:15 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-17 20:14 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-17 18:23 . 2010-12-17 18:23 -------- d-----w- c:\program files\iPod
2010-12-17 18:06 . 2010-12-17 18:06 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-04 22:17 . 2009-07-13 23:11 245328 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-10-30 06:42 . 2010-11-22 17:19 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-19 16:41 . 2009-12-28 01:42 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 20:44 . 2006-06-30 01:40 528384 ----a-w- c:\program files\FTPWanderer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-07-23 115560]
"Eraser "= "c:\progra~1\Eraser\Eraser.exe" [2009-12-15 976784]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"PWMTRV "= "c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-05-12 894312]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"itype "= "c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
"HideFastUserSwitching "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentProgForNewUserInStartMenu "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1 "=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 135664]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-12-02 29472]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-05-12 132456]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [2009-08-20 13952]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-05-12 75112]
R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismc32.sys [2006-10-03 47488]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-12 1343400]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-05-12 24304]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-28 102448]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-01-13 6628352]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-09-22 15488]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnwlh.sys [2009-08-20 34944]


--- Other Services/Drivers In Memory ---

*Deregistered* - ugryrpow
.
Contents of the 'Scheduled Tasks' folder

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 20:20]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 20:20]

2011-01-10 c:\windows\Tasks\SyncBack C_Drive_Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-03-01 16:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: att.com\*.teleconference
Trusted Zone: brainshark.com
Trusted Zone: concursolutions.com
Trusted Zone: desktop-shipping.com
Trusted Zone: fidelity.com
Trusted Zone: ge.com\*.gecits
Trusted Zone: hrdpt.com\compucom
Trusted Zone: hrdpt.com\compucomdev
Trusted Zone: ingrammicro.ca
Trusted Zone: ingrammicro.com
Trusted Zone: livemeeting.com
Trusted Zone: medco.com
Trusted Zone: placemeeting.com
Trusted Zone: synnex.ca
Trusted Zone: synnex.com
Trusted Zone: techdata.ca
Trusted Zone: techdata.com
FF - ProfilePath -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-10 10:23:33
ComboFix-quarantined-files.txt 2011-01-10 16:23
ComboFix2.txt 2011-01-10 15:56

Pre-Run: 57,619,410,944 bytes free
Post-Run: 57,407,016,960 bytes free

- - End Of File - - 1C60C27193966A18B3A985F304C0EBA1

 

It seems to be running quite a bit better.
I had executed MBAM as well as all of the other scanners from the local admin account.
I logged in as myself (which has a domain account on the corp network and belongs to the local administrators group) and got a popup at login.
There was a problem starting c:\users\dcarlson\appdata\local\I10402.dll
I assume that's because there is a pointer in the registry to a file that combofix or MBAM got rid of.

Here is the first part of the OTL log: (I had to split it and the extras log will also be in another post)

OTL logfile created on: 1/10/2011 11:35:17 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\dcarlson\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): c:\pagefile.sys 3069 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92.85 Gb Total Space | 53.46 Gb Free Space | 57.57% Space Free | Partition Type: NTFS
Drive E: | 1.86 Gb Total Space | 0.02 Gb Free Space | 1.09% Space Free | Partition Type: FAT

Computer Name: MB-NW7-174279 | User Name: DCarlson | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/10 11:27:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dcarlson\Desktop\OTL.exe
PRC - [2010/12/09 15:01:24 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/09 15:01:13 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
PRC - [2010/07/23 08:17:17 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/07/23 08:17:16 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/07/23 08:17:15 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Smc.exe
PRC - [2010/07/23 08:17:15 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SmcGui.exe
PRC - [2010/07/23 08:17:14 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2010/02/15 07:10:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2010/02/15 07:10:23 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2010/01/19 16:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/01/19 15:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/12/15 08:46:48 | 000,976,784 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/02 16:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/07/13 19:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/05/18 16:28:04 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/06 23:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2008/07/15 16:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/07/23 10:33:58 | 005,803,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2007/06/01 02:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/01/10 11:27:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dcarlson\Desktop\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 19:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 19:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 19:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 19:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 19:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 19:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 19:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 19:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/12 16:23:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/07/23 08:17:17 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/07/23 08:17:17 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/07/23 08:17:15 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2010/07/23 08:17:15 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SNAC.EXE -- (SNAC)
SRV - [2010/07/23 08:17:14 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/05/12 02:25:00 | 000,132,456 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/05/12 02:25:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010/02/17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/19 16:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010/01/19 15:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/10/02 16:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 19:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 19:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 19:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 19:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 19:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 19:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 19:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 19:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 19:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 19:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 19:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 19:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 19:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/06 23:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2008/07/15 16:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/06/01 02:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\IT_Admin\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/12/31 19:28:33 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110109.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/31 19:28:33 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110109.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/28 02:11:19 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/22 15:17:32 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpdispm.sys -- (RDPDISPM)
DRV - [2010/08/06 09:41:56 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/07/23 08:17:17 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/07/23 08:17:17 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/07/23 08:17:17 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/07/23 08:17:10 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/07/07 17:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/05/26 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/12 02:25:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/05/12 02:25:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/03/26 08:15:50 | 000,221,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel(R)
DRV - [2010/03/01 12:13:44 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/01/13 07:29:56 | 006,628,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R)
DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/11 01:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/12/03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/12/03 16:45:24 | 000,230,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/12/02 12:11:04 | 000,018,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/12/02 12:11:02 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2009/12/02 12:11:02 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2009/12/02 12:11:02 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/11/12 11:07:52 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/11/12 11:07:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/08/20 10:19:18 | 000,034,944 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\covpnwlh.sys -- (urvpndrv)
DRV - [2009/08/20 10:19:15 | 000,013,952 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\urfltwlh.sys -- (f5ipfw)
DRV - [2009/07/13 19:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 19:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 19:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 19:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 19:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 19:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 19:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 19:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 19:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 19:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 19:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 19:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 19:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 19:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 19:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 19:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 19:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 19:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 19:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 19:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 19:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 19:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 19:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 19:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 19:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 19:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 19:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 19:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 19:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 19:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 19:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 19:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 19:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 19:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 19:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 19:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 19:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 19:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 19:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 18:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 18:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 18:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 17:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 17:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 17:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 17:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 17:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 17:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 17:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 17:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 17:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 17:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 17:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 17:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 17:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 17:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 17:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 16:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 16:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 16:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 16:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 16:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 16:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 16:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 16:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 16:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 16:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 16:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2009/07/13 16:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 16:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 16:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/05/18 16:32:58 | 000,381,440 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/04/20 14:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cpqbttn.sys -- (HBtnKey)
DRV - [2008/12/01 22:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/05/12 17:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/01/19 05:55:26 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2007/06/01 02:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2006/12/21 12:50:24 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 12:49:04 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/12/21 12:48:54 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/27 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/10/03 01:07:00 | 000,047,488 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rismc32.sys -- (RICOH SmartCard Reader)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://thewire.compucom.com/default.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en&t=0|http://images.google.com/|https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&LANGUAGE=ENGLISH|https://easyweb.tdcanadatrust.com/|https://www.sunnet.sunlife.com/member/signin/index.aspx?|http://advrider.com/forums/|http://www.shapelink.com/en/mydiary|http://www.ntsba.net/ntsba/cgi-bin/yabb2/YaBB.pl|http://www.facebook.com/#!/home.php?sk=lf "
FF - prefs.js..extensions.enabledItems: weatherwatcherlive@singerscreations.com:1.0.13
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: afom@idevfh:2.0
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:3.2.4
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/09 15:01:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/09 15:01:55 | 000,000,000 | ---D | M]

[2010/02/17 15:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Extensions
[2011/01/07 16:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Firefox\Profiles\6u6z38e1.default\extensions
[2010/12/12 16:41:19 | 000,000,000 | ---D | M] (RSS Ticker) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Firefox\Profiles\6u6z38e1.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
[2010/02/18 09:44:12 | 000,000,000 | ---D | M] (IE View) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Firefox\Profiles\6u6z38e1.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/07/20 10:46:35 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Firefox\Profiles\6u6z38e1.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2010/10/18 09:08:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Firefox\Profiles\6u6z38e1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/08 23:14:31 | 000,000,000 | ---D | M] (AFOM Addon) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Firefox\Profiles\6u6z38e1.default\extensions\afom@idevfh
[2010/12/14 09:32:29 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Firefox\Profiles\6u6z38e1.default\extensions\tineye@ideeinc.com
[2010/02/18 09:38:17 | 000,000,000 | ---D | M] (Weather Watcher Live) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Firefox\Profiles\6u6z38e1.default\extensions\weatherwatcherlive@singerscreations.com
[2010/02/17 15:47:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2005/06/24 19:38:58 | 001,462,784 | ---- | M] (VideoLAN Team) -- C:\Program Files\Mozilla Firefox\plugins\npgooglevlc.dll

O1 HOSTS File: ([2011/01/10 09:50:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [Bmoxopacajuhi] C:\Users\dcarlson\AppData\Local\azozijuqum.DLL File not found
O4 - HKCU..\Run: [COMMUNICATOR] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKCU..\Run: [nBwhGyYIndfV.exe] C:\ProgramData\nBwhGyYIndfV.exe File not found
O4 - HKCU..\Run: [OgFxKQNDTf.exe] C:\ProgramData\OgFxKQNDTf.exe File not found
O4 - HKCU..\Run: [Tbayehudafugaho] C:\Users\dcarlson\AppData\Local\I10402.DLL File not found
O4 - HKCU..\Run: [TQlG2UWyPla] C:\ProgramData\TQlG2UWyPla.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentProgForNewUserInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: att.com ([*.teleconference] * in Trusted sites)
O15 - HKLM\..Trusted Domains: brainshark.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: cmpcext.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.com ([]https in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.local ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.local ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.local ([]https in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.local ([dcf-sp099eca01] http in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.local ([dcf-sp099ecv01] http in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.local ([sp099eca01] http in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.local ([sp099ecv01] http in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.local ([sp099ecw01] http in Local intranet)
O15 - HKLM\..Trusted Domains: concursolutions.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: concursolutions.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: concursolutions.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: desktop-shipping.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: fidelity.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: fidelity.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: ge.com ([*.gecits] http in Trusted sites)
O15 - HKLM\..Trusted Domains: ge.com ([*.gecits] https in Trusted sites)
O15 - HKLM\..Trusted Domains: gecitsolutions.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: hrdpt.com ([compucom] http in Trusted sites)
O15 - HKLM\..Trusted Domains: hrdpt.com ([compucom] https in Trusted sites)
O15 - HKLM\..Trusted Domains: hrdpt.com ([compucomdev] http in Trusted sites)
O15 - HKLM\..Trusted Domains: ingrammicro.ca ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: ingrammicro.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: ingrammicro.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: livemeeting.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: medco.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: medco.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: placemeeting.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: synnex.ca ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: synnex.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: synnex.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: techdata.ca ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: techdata.ca ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: techdata.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: techdata.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: att.com ([*.teleconference] * in Trusted sites)
O15 - HKCU\..Trusted Domains: brainshark.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: cmpcext.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.com ([]https in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.local ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.local ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.local ([]https in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.local ([dcf-sp099eca01] http in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.local ([dcf-sp099ecv01] http in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.local ([sp099eca01] http in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.local ([sp099ecv01] http in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.local ([sp099ecw01] http in Local intranet)
O15 - HKCU\..Trusted Domains: concursolutions.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: concursolutions.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: concursolutions.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: desktop-shipping.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: fidelity.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: fidelity.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ge.com ([*.gecits] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ge.com ([*.gecits] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gecitsolutions.com ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: hrdpt.com ([compucom] http in Trusted sites)
O15 - HKCU\..Trusted Domains: hrdpt.com ([compucom] https in Trusted sites)
O15 - HKCU\..Trusted Domains: hrdpt.com ([compucomdev] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ingrammicro.ca ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ingrammicro.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ingrammicro.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: livemeeting.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: medco.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: medco.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: placemeeting.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: synnex.ca ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: synnex.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: synnex.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: techdata.ca ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: techdata.ca ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: techdata.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: techdata.com ([]https in Trusted sites)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} C:\Users\dcarlson\AppData\Local\Temp\f5tmp\urxvpn.cab (F5 Networks VPN Manager)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\dcarlson\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\dcarlson\AppData\Local\Temp\f5tmp\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\dcarlson\AppData\Local\Temp\f5tmp\urxshost.cab (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\dcarlson\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = compucom.local
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()


========== Files/Folders - Created Within 30 Days ==========

[2011/01/10 11:30:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\dcarlson\Desktop\OTL.exe
[2011/01/10 10:23:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/10 10:23:36 | 000,000,000 | ---D | C] -- C:\Users\dcarlson\AppData\Local\temp
[2011/01/10 10:20:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/10 10:05:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/04 10:15:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/04 10:15:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/04 10:15:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/04 10:14:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/04 10:12:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/01 00:04:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/12/31 11:45:35 | 000,000,000 | ---D | C] -- C:\Users\dcarlson\AppData\Roaming\Malwarebytes
[2010/12/31 11:45:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/31 11:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/31 11:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/31 11:20:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/31 11:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/31 10:33:23 | 000,000,000 | ---D | C] -- C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Scan
[2010/12/29 10:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2010/12/27 16:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Rusys
[2010/12/22 12:12:16 | 000,000,000 | ---D | C] -- C:\Users\dcarlson\AppData\Local\AirportMania2
[2010/12/22 12:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Airport Mania 2 - Wild Trips Premium Edition
[2010/12/17 12:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/17 12:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2006/06/29 19:40:20 | 000,528,384 | ---- | C] (Pablo Software Solutions) -- C:\Program Files\FTPWanderer.exe
[1 C:\Users\dcarlson\Documents\*.tmp files -> C:\Users\dcarlson\Documents\*.tmp -> ]

 

Second part of OTL log:

========== Files - Modified Within 30 Days ==========

[2011/01/10 11:27:40 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/10 11:27:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dcarlson\Desktop\OTL.exe
[2011/01/10 11:06:23 | 000,012,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/10 11:06:23 | 000,012,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/10 10:46:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/10 09:50:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/10 09:24:29 | 000,623,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/10 09:24:29 | 000,106,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/10 09:01:02 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\SyncBack C_Drive_Backup.job
[2011/01/10 09:00:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/09 20:17:52 | 000,000,463 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2011/01/09 20:14:32 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/09 17:38:06 | 000,000,120 | ---- | M] () -- C:\Users\dcarlson\AppData\Local\Gmimiwelo.dat
[2011/01/09 17:37:47 | 000,000,000 | ---- | M] () -- C:\Users\dcarlson\AppData\Local\Jkuxoqo.bin
[2011/01/04 10:00:33 | 329,553,404 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/03 13:45:59 | 024,412,160 | ---- | M] () -- C:\Users\dcarlson\Documents\My Money.mny
[2011/01/03 13:45:59 | 024,324,271 | R--- | M] () -- C:\Users\dcarlson\Documents\My Money Backup.mbf
[2011/01/01 20:02:31 | 001,811,631 | ---- | M] () -- C:\Users\dcarlson\Desktop\ANABOLIC_AMPLIFIER_EFFECT.pdf
[2010/12/28 13:15:09 | 000,427,670 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101231-103259.backup
[2010/12/28 12:33:15 | 000,050,031 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/12/28 12:33:15 | 000,001,912 | RHS- | M] () -- C:\Users\dcarlson\ntuser.pol
[2010/12/27 16:27:15 | 000,001,125 | ---- | M] () -- C:\Users\dcarlson\Desktop\DartPro.lnk
[2010/12/22 11:56:21 | 000,427,004 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101227-132039.backup
[2010/12/21 03:20:56 | 000,528,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/16 10:52:45 | 000,426,260 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101217-115827.backup
[2010/12/15 12:55:05 | 000,410,112 | ---- | M] () -- C:\Users\dcarlson\Desktop\Deployment_Timeline & Resource Plan.mpp
[1 C:\Users\dcarlson\Documents\*.tmp files -> C:\Users\dcarlson\Documents\*.tmp -> ]========== Files Created - No Company Name ==========

[2011/01/07 13:58:32 | 000,000,120 | ---- | C] () -- C:\Users\dcarlson\AppData\Local\Gmimiwelo.dat
[2011/01/07 13:58:32 | 000,000,000 | ---- | C] () -- C:\Users\dcarlson\AppData\Local\Jkuxoqo.bin
[2011/01/04 10:15:45 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/04 10:15:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/04 10:15:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/04 10:15:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/04 10:15:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/04 10:00:33 | 329,553,404 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/01 20:02:28 | 001,811,631 | ---- | C] () -- C:\Users\dcarlson\Desktop\ANABOLIC_AMPLIFIER_EFFECT.pdf
[2010/12/27 16:27:15 | 000,001,125 | ---- | C] () -- C:\Users\dcarlson\Desktop\DartPro.lnk
[2010/12/15 12:55:05 | 000,410,112 | ---- | C] () -- C:\Users\dcarlson\Desktop\Deployment_Timeline & Resource Plan.mpp
[2010/11/22 21:49:05 | 000,007,599 | ---- | C] () -- C:\Users\dcarlson\AppData\Local\Resmon.ResmonCfg
[2010/11/22 11:19:02 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/10/01 13:39:33 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/05/17 09:32:33 | 000,011,264 | ---- | C] () -- C:\Users\dcarlson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/01 13:13:04 | 000,027,019 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/03/01 13:04:15 | 000,000,243 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/03/01 13:04:15 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/03/01 13:03:32 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/03/01 13:01:37 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010/02/15 07:50:01 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/15 06:52:23 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2010/02/15 06:52:08 | 000,000,463 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2010/02/15 06:51:05 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2009/12/27 19:04:12 | 000,050,031 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/20 19:42:18 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/12/02 19:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/12/01 20:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll

========== LOP Check ==========

[2010/03/04 11:05:12 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\Audacity
[2010/12/03 00:39:09 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\Gafe
[2010/02/25 08:32:50 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\ICAClient
[2011/01/03 13:58:15 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\IrfanView
[2010/06/25 11:13:21 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\PLSQL Developer
[2010/10/01 13:41:50 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\PrimoPDF
[2010/02/19 14:00:24 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\Qlock
[2010/02/17 16:29:34 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\Research In Motion
[2010/04/05 14:22:14 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\ScreenCapturePrint
[2010/12/09 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\Tiluv
[2010/03/01 15:16:56 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\TrueCrypt
[2010/02/19 11:48:45 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/06/17 18:42:25 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\Update
[2010/05/25 09:13:09 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\WeatherBug
[2010/11/11 13:25:13 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\Windows Live Writer
[2010/03/09 10:56:23 | 000,030,938 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/10 09:01:02 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\SyncBack C_Drive_Backup.job

========== Purity Check ==========
========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 15:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/01/10 10:23:34 | 000,013,055 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 15:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/09 20:14:32 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/27 12:32:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/27 12:32:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/09 20:14:36 | 3218,079,744 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/13 22:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 19:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/12/10 08:24:06 | 000,082,168 | ---- | M] (Microsoft Corporation.) -- C:\Windows\System32\spool\prtprocs\w32x86\lmdippr8.dll
[2006/10/26 18:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 19:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 22:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2010/02/19 14:44:21 | 000,528,384 | ---- | M] (Pablo Software Solutions) -- C:\Program Files\FTPWanderer.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/02/15 11:49:05 | 000,000,221 | -HS- | M] () -- C:\Users\dcarlson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/10 11:27:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dcarlson\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/03/29 12:30:22 | 000,000,014 | ---- | M] () -- C:\Users\dcarlson\sccmscriptrun.exe

< %systemroot%\ADDINS\*.* >
[2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/01/03 10:19:14 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2011/01/03 10:19:15 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2011/01/03 10:13:08 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2011/01/03 10:13:10 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/12/13 11:07:59 | 000,000,402 | -HS- | M] () -- C:\Users\dcarlson\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/12/28 12:33:15 | 000,050,031 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"UseWUServer" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

 

Oops. Posted the second part of the otl log instead of the extras log.
Sorry, here is the right log:

OTL Extras logfile created on: 1/10/2011 11:35:17 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\dcarlson\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): c:\pagefile.sys 3069 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92.85 Gb Total Space | 53.46 Gb Free Space | 57.57% Space Free | Partition Type: NTFS
Drive E: | 1.86 Gb Total Space | 0.02 Gb Free Space | 1.09% Space Free | Partition Type: FAT

Computer Name: MB-NW7-174279 | User Name: DCarlson | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DoNotAllowExceptions" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\CheckPoint\SecuRemote\bin\SR_GUI.exe:129.189.0.0/16,150.124.0.0/16,161.108.0.0/16,192.0.0.0/8,198.0.0.0/8,199.0.0.0/8:Enabled:SecureClient" = %ProgramFiles%\CheckPoint\SecuRemote\bin\SR_GUI.exe:129.189.0.0/16,150.124.0.0/16,161.108.0.0/16,192.0.0.0/8,198.0.0.0/8,199.0.0.0/8:Enabled:SecureClient -- File not found
"%systemroot%\PCHealth\HelpCtr\Binaries\HelpSvc.exe:*:Enabled:Remote Assistance Outbound" = %systemroot%\PCHealth\HelpCtr\Binaries\HelpSvc.exe:*:Enabled:Remote Assistance Outbound -- File not found
"%SystemRoot%\SMSADMIN\bin\i386\statview.exe:*:Enabled:SMS management" = %SystemRoot%\SMSADMIN\bin\i386\statview.exe:*:Enabled:SMS management -- File not found
"%systemroot%\system32\sessmgr.exe:*:Enabled:RemoteAssistance" = %systemroot%\system32\sessmgr.exe:*:Enabled:RemoteAssistance -- File not found
"Software\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\%ProgramFiles%\Cisco Systems\Cisco IP Communicator\Communicator.exe:*:enabled:Cisco IP Communicator" = Software\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\%ProgramFiles%\Cisco Systems\Cisco IP Communicator\Communicator.exe:*:enabled:Cisco IP Communicator
"Software\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\%ProgramFiles%\Cisco Systems\Cisco IP SoftPhone\CiscoIPSoftphone.exe:*:Enabled:CiscoIPSoftphone" = Software\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\%ProgramFiles%\Cisco Systems\Cisco IP SoftPhone\CiscoIPSoftphone.exe:*:Enabled:CiscoIPSoftphone

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:SMS Remote Assistance" = 135:TCP:*:Enabled:SMS Remote Assistance
"1418:TCP:*:Enabled:SMS Admin" = 1418:TCP:*:Enabled:SMS Admin
"2701:TCP:*:Enabled:SMS Allows general contact, reboot, and ping" = 2701:TCP:*:Enabled:SMS Allows general contact, reboot, and ping
"2702:TCP:*:Enabled:SMS Remote Control" = 2702:TCP:*:Enabled:SMS Remote Control
"2967:TCP:*:Enabled:SAV Rtvscan Service" = 2967:TCP:*:Enabled:SAV Rtvscan Service
"2967:UDP:*:Enabled:SAV Intel PDS Service" = 2967:UDP:*:Enabled:SAV Intel PDS Service
"8014:TCP:*:Enabled:Symantec Endpoint" = 8014:TCP:*:Enabled:Symantec Endpoint
"8293:UDP:*:SAV Roaming Client" = 8293:UDP:*:SAV Roaming Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 1
"AllowOutboundSourceQuench" = 1
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 1
"LogFilePath" = %systemroot%\pfirewall.log -- File not found
"LogFileSize" = 4096

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework]
"Enabled" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 1
"AllowOutboundSourceQuench" = 1
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 1
"LogFilePath" = %systemroot%\pfirewall.log -- File not found
"LogFileSize" = 4096

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework]
"Enabled" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1C1A21AF-75C5-42A1-89B9-419121336BF5}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{1D643CD0-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2FB1A282-D3E3-4DE3-A355-9109E5CF7B3F}_is1" = Airport Mania 2 - Wild Trips Premium Edition version R 593
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49BF098D-5806-45E0-9707-5CE3D8C53D98}" = Service Tracker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C64E149-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007
"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISSTD_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTD_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC388C78-2619-452C-BFBE-FABCC3194387}" = Microsoft Office Live Meeting 2007
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.3
"{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}" = Intel(R) PROSet/Wireless WiFi Software
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BC14E9A8-E41F-4345-BAB3-2EC6CC315085}" = Eraser 6.0.6.1376
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite MFC-7820N
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB639F99-ED74-49D4-8FFD-5B8C34C00D64}" = AutoSketch Release 9
"{DC2FA8DF-25B8-49AC-AEA7-6F4489CC04F7}" = bodybugg Software
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF49D66D-D2D3-46DA-878B-F0BFC7795276}" = Flip
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2486DE6-CC2E-48C0-AD20-C2C142FA1636}" = APC PowerChute Personal Edition v2.2
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EC759F47-D73E-4987-A857-3E6070737453}" = ClarifyCRM 6.0.1.19 Client for Oracle
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.0.2
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"CadStd" = CadStd
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Collectorz.com Book Collector" = Collectorz.com Book Collector
"Cool Timer_is1" = Cool Timer 3.6
"CRT 3.0" = Van Dyke Technologies CRT 3.3
"DartPro_is1" = DartPro 2.9.0.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.1.3631 [2010-11-15]
"Formatter Plus V1.4" = Formatter Plus V1.4
"Google Calendar Sync" = Google Calendar Sync
"GoogleVideoViewer" = Google Video Viewer 1.0 (based on VLC 0.8.2 Player)
"InstallShield_{DC2FA8DF-25B8-49AC-AEA7-6F4489CC04F7}" = bodybugg Software
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NewsBin5" = NewsBin Pro
"PL/SQL Developer [80687277]" = PL/SQL Developer
"Power Management Driver" = ThinkPad Power Management Driver
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PRJSTD" = Microsoft Office Project Standard 2007
"ProInst" = Intel PROSet Wireless
"Qlock" = Qlock Lite
"QuickPar" = QuickPar 0.9
"SpywareBlaster_is1" = SpywareBlaster 4.4
"ST6UNST #1" = ScreenPrint32 v3.5
"SyncBack_is1" = SyncBack
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TrueCrypt" = TrueCrypt
"VISSTD" = Microsoft Office Visio Standard 2007
"VLC media player" = VLC media player 1.1.0
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2011 1:33:01 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/01/10 11:33:01.409]: [00003936]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[69.43.160.144]

Error - 1/10/2011 1:34:10 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/01/10 11:34:10.415]: [00003936]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[69.43.160.144]

Error - 1/10/2011 1:35:19 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/01/10 11:35:19.420]: [00003936]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[69.43.160.144]

Error - 1/10/2011 1:36:28 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/01/10 11:36:28.425]: [00003936]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[69.43.160.144]

Error - 1/10/2011 1:36:37 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/01/10 11:36:37.955]: [00003936]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[69.43.160.143]

Error - 1/10/2011 1:37:37 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/01/10 11:37:37.430]: [00003936]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[69.43.160.143]

Error - 1/10/2011 1:38:46 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/01/10 11:38:46.493]: [00003936]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[69.43.160.143]

Error - 1/10/2011 1:39:55 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/01/10 11:39:55.498]: [00003936]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[69.43.160.143]

Error - 1/10/2011 1:41:04 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/01/10 11:41:04.503]: [00003936]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[69.43.160.143]

Error - 1/10/2011 1:42:13 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/01/10 11:42:13.508]: [00003936]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[69.43.160.143]

[ OSession Events ]
Error - 5/5/2010 3:57:21 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 442981
seconds with 19860 seconds of active time. This session ended with a crash.

Error - 5/10/2010 10:49:48 AM | Computer Name = MB-NW7-174279.compucom.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 413531
seconds with 7620 seconds of active time. This session ended with a crash.

Error - 6/2/2010 3:05:46 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2596
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 6/11/2010 12:36:48 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 334025
seconds with 11700 seconds of active time. This session ended with a crash.

Error - 7/2/2010 6:18:39 AM | Computer Name = MB-NW7-174279.compucom.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 307704
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 7/23/2010 11:16:43 AM | Computer Name = MB-NW7-174279.compucom.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 347849
seconds with 20520 seconds of active time. This session ended with a crash.

Error - 8/25/2010 3:50:07 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 223
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/10/2011 12:07:50 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/10/2011 12:18:25 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/10/2011 12:26:39 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 1/10/2011 12:26:40 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 1/10/2011 12:26:41 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 1/10/2011 12:57:01 PM | Computer Name = MB-NW7-174279.compucom.local | Source = DCOM | ID = 10016
Description =

Error - 1/10/2011 1:27:41 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 1/10/2011 1:29:58 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 1/10/2011 1:29:59 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 1/10/2011 1:29:59 PM | Computer Name = MB-NW7-174279.compucom.local | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.


< End of report >

 

The machine started dropping and reconnecting again. I can tell every time because I'm using Outlook via shared cache mode and it senses every time the network connection goes away and displays a popup. Since that's a symptom of TDL, I ran the dds script which is what revealed that possible infection last time.
I have those logs and post them if you want.

 

Here is the log from the OTL fix. I'll post the quick scan log as soon as it completes.
BTW, I got error messages in the JavaRa log about not being able to remove some Firefox stuff even after I killed the Firefox process.
That log follows the OTL fix log.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware (reboot) deleted successfully.
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Bmoxopacajuhi deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nBwhGyYIndfV.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\OgFxKQNDTf.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Tbayehudafugaho deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TQlG2UWyPla deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\dcarlson\Documents\~ofE8A.tmp deleted successfully.
C:\Users\dcarlson\AppData\Local\Gmimiwelo.dat moved successfully.
C:\Users\dcarlson\AppData\Local\Jkuxoqo.bin moved successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: admdswlb
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: dcarlson
->Temp folder emptied: 223838 bytes
->Temporary Internet Files folder emptied: 1230809 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 46797282 bytes
->Flash cache emptied: 1673 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: IT_Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 589850 bytes
->Flash cache emptied: 434 bytes

User: Public
->Temp folder emptied: 0 bytes

User: wbrownin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67593 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 46638 bytes

Total Files Cleaned = 47.00 mb


[EMPTYFLASH]

User: admdswlb
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: dcarlson
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: IT_Admin
->Flash cache emptied: 0 bytes

User: Public

User: wbrownin

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.1 log created on 01102011_133136

Files\Folders moved on Reboot...
C:\Users\dcarlson\AppData\Local\Temp\ExchangePerflog_8484fa313ab9df6cdcd6c672.dat moved successfully.
C:\Users\dcarlson\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\dcarlson\AppData\Local\Temp\~DFD3BD42EC4B29A2BF.TMP moved successfully.
C:\Users\dcarlson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{0AFC3241-57B9-485F-8B30-B039A8CC9B67}.tmp moved successfully.
C:\Users\dcarlson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2B2DA536-CB1B-4932-87AA-27D1F27E2B99}.tmp moved successfully.
C:\Users\dcarlson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{304D4C4D-6137-4A6E-984F-C42FD81D0488}.tmp moved successfully.
C:\Users\dcarlson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8FD30D00-902F-4F21-A740-412B8F487EB2}.tmp moved successfully.
C:\Users\dcarlson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A8D16117-A63A-4354-91CA-A34ED3A0F042}.tmp moved successfully.
C:\Users\dcarlson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D6513A1A-672B-489E-95F8-D528EAFCCAD1}.tmp moved successfully.
C:\Users\dcarlson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F928D5C1-7BC0-4E62-B9A7-A3C405246627}.tmp moved successfully.

Registry entries deleted on Reboot...



JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Jan 10 13:27:42 2011

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: Applications\java.exe

Found and removed: Applications\javaw.exe

Found and removed: JavaPlugin.FamilyVersionSupport

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

Found and removed: Software\JavaSoft\Java Update

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\JavaPlugin

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412061F08

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612061F08

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

------------------------------------

Finished reporting.

 

Here is the quick scan log split in two posts:


OTL logfile created on: 1/10/2011 1:46:41 PM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\dcarlson\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): c:\pagefile.sys 3069 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92.85 Gb Total Space | 53.28 Gb Free Space | 57.38% Space Free | Partition Type: NTFS
Drive E: | 1.86 Gb Total Space | 0.02 Gb Free Space | 1.09% Space Free | Partition Type: FAT

Computer Name: MB-NW7-174279 | User Name: DCarlson | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/10 11:27:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dcarlson\Desktop\OTL.exe
PRC - [2010/12/09 15:01:24 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/09 15:01:13 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
PRC - [2010/07/23 08:17:17 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/07/23 08:17:16 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/07/23 08:17:15 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Smc.exe
PRC - [2010/07/23 08:17:15 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SmcGui.exe
PRC - [2010/07/23 08:17:14 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2010/01/19 16:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/01/19 15:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/12/15 08:46:48 | 000,976,784 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/02 16:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/07/13 19:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/05/18 16:28:04 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/06 23:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2008/07/15 16:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/07/23 10:33:58 | 005,803,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2007/06/01 02:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/01/10 11:27:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dcarlson\Desktop\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 19:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 19:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 19:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 19:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 19:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 19:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 19:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 19:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/12 16:23:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/07/23 08:17:17 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/07/23 08:17:17 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/07/23 08:17:15 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2010/07/23 08:17:15 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SNAC.EXE -- (SNAC)
SRV - [2010/07/23 08:17:14 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/05/12 02:25:00 | 000,132,456 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/05/12 02:25:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010/02/17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/19 16:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010/01/19 15:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/10/02 16:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 19:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 19:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 19:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 19:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 19:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 19:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 19:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 19:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 19:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 19:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 19:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 19:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 19:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/06 23:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2008/07/15 16:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/06/01 02:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\IT_Admin\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/01/10 13:09:11 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110110.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/01/10 13:09:11 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110110.004\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/28 02:11:19 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/22 15:17:32 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpdispm.sys -- (RDPDISPM)
DRV - [2010/08/06 09:41:56 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/07/23 08:17:17 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/07/23 08:17:17 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/07/23 08:17:17 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/07/23 08:17:10 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/07/07 17:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/05/26 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/12 02:25:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/05/12 02:25:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/03/26 08:15:50 | 000,221,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel(R)
DRV - [2010/03/01 12:13:44 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/01/13 07:29:56 | 006,628,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R)
DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/11 01:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/12/03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/12/03 16:45:24 | 000,230,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/12/02 12:11:04 | 000,018,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/12/02 12:11:02 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2009/12/02 12:11:02 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2009/12/02 12:11:02 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/11/12 11:07:52 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/11/12 11:07:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/08/20 10:19:18 | 000,034,944 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\covpnwlh.sys -- (urvpndrv)
DRV - [2009/08/20 10:19:15 | 000,013,952 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\urfltwlh.sys -- (f5ipfw)
DRV - [2009/07/13 19:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 19:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 19:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 19:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 19:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 19:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 19:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 19:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 19:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 19:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 19:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 19:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 19:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 19:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 19:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 19:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 19:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 19:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 19:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 19:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 19:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 19:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 19:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 19:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 19:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 19:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 19:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 19:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 19:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 19:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 19:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 19:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 19:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 19:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 19:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 19:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 19:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 19:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 19:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 18:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 18:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 18:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 17:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 17:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 17:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 17:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 17:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 17:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 17:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 17:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 17:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 17:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 17:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 17:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 17:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 17:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 17:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 16:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 16:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 16:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 16:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 16:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 16:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 16:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 16:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 16:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 16:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 16:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2009/07/13 16:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 16:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 16:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/05/18 16:32:58 | 000,381,440 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/04/20 14:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cpqbttn.sys -- (HBtnKey)
DRV - [2008/12/01 22:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/05/12 17:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/01/19 05:55:26 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2007/06/01 02:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2006/12/21 12:50:24 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 12:49:04 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/12/21 12:48:54 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/27 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/10/03 01:07:00 | 000,047,488 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rismc32.sys -- (RICOH SmartCard Reader)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://thewire.compucom.com/default.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en&t=0|http://images.google.com/|https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&LANGUAGE=ENGLISH|https://easyweb.tdcanadatrust.com/|https://www.sunnet.sunlife.com/member/signin/index.aspx?|http://advrider.com/forums/|http://www.shapelink.com/en/mydiary|http://www.ntsba.net/ntsba/cgi-bin/yabb2/YaBB.pl|http://www.facebook.com/#!/home.php?sk=lf "
FF - prefs.js..extensions.enabledItems: weatherwatcherlive@singerscreations.com:1.0.13
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: afom@idevfh:2.0
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:3.2.4
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/09 15:01:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/10 13:20:04 | 000,000,000 | ---D | M]

[2010/02/17 15:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Extensions
[2011/01/10 13:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Firefox\Profiles\6u6z38e1.default\extensions
[2010/12/12 16:41:19 | 000,000,000 | ---D | M] (RSS Ticker) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Firefox\Profiles\6u6z38e1.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
[2010/02/18 09:44:12 | 000,000,000 | ---D | M] (IE View) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Firefox\Profiles\6u6z38e1.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/07/20 10:46:35 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Firefox\Profiles\6u6z38e1.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2010/10/18 09:08:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Firefox\Profiles\6u6z38e1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/08 23:14:31 | 000,000,000 | ---D | M] (AFOM Addon) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Firefox\Profiles\6u6z38e1.default\extensions\afom@idevfh
[2010/12/14 09:32:29 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Firefox\Profiles\6u6z38e1.default\extensions\tineye@ideeinc.com
[2010/02/18 09:38:17 | 000,000,000 | ---D | M] (Weather Watcher Live) -- C:\Users\dcarlson\AppData\Roaming\mozilla\Firefox\Profiles\6u6z38e1.default\extensions\weatherwatcherlive@singerscreations.com
[2011/01/10 13:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/10 13:20:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/06/24 19:38:58 | 001,462,784 | ---- | M] (VideoLAN Team) -- C:\Program Files\Mozilla Firefox\plugins\npgooglevlc.dll

 

O1 HOSTS File: ([2011/01/10 09:50:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [COMMUNICATOR] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentProgForNewUserInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: att.com ([*.teleconference] * in Trusted sites)
O15 - HKLM\..Trusted Domains: brainshark.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: cmpcext.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.com ([]https in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.local ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.local ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.local ([]https in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.local ([dcf-sp099eca01] http in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.local ([dcf-sp099ecv01] http in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.local ([sp099eca01] http in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.local ([sp099ecv01] http in Local intranet)
O15 - HKLM\..Trusted Domains: compucom.local ([sp099ecw01] http in Local intranet)
O15 - HKLM\..Trusted Domains: concursolutions.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: concursolutions.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: concursolutions.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: desktop-shipping.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: fidelity.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: fidelity.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: ge.com ([*.gecits] http in Trusted sites)
O15 - HKLM\..Trusted Domains: ge.com ([*.gecits] https in Trusted sites)
O15 - HKLM\..Trusted Domains: gecitsolutions.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: hrdpt.com ([compucom] http in Trusted sites)
O15 - HKLM\..Trusted Domains: hrdpt.com ([compucom] https in Trusted sites)
O15 - HKLM\..Trusted Domains: hrdpt.com ([compucomdev] http in Trusted sites)
O15 - HKLM\..Trusted Domains: ingrammicro.ca ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: ingrammicro.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: ingrammicro.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: livemeeting.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: medco.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: medco.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: placemeeting.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: synnex.ca ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: synnex.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: synnex.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: techdata.ca ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: techdata.ca ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: techdata.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: techdata.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: att.com ([*.teleconference] * in Trusted sites)
O15 - HKCU\..Trusted Domains: brainshark.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: cmpcext.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.com ([]https in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.local ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.local ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.local ([]https in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.local ([dcf-sp099eca01] http in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.local ([dcf-sp099ecv01] http in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.local ([sp099eca01] http in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.local ([sp099ecv01] http in Local intranet)
O15 - HKCU\..Trusted Domains: compucom.local ([sp099ecw01] http in Local intranet)
O15 - HKCU\..Trusted Domains: concursolutions.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: concursolutions.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: concursolutions.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: desktop-shipping.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: fidelity.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: fidelity.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ge.com ([*.gecits] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ge.com ([*.gecits] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gecitsolutions.com ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: hrdpt.com ([compucom] http in Trusted sites)
O15 - HKCU\..Trusted Domains: hrdpt.com ([compucom] https in Trusted sites)
O15 - HKCU\..Trusted Domains: hrdpt.com ([compucomdev] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ingrammicro.ca ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ingrammicro.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ingrammicro.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: livemeeting.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: medco.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: medco.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: placemeeting.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: synnex.ca ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: synnex.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: synnex.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: techdata.ca ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: techdata.ca ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: techdata.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: techdata.com ([]https in Trusted sites)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} C:\Users\dcarlson\AppData\Local\Temp\f5tmp\urxvpn.cab (F5 Networks VPN Manager)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\dcarlson\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\dcarlson\AppData\Local\Temp\f5tmp\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\dcarlson\AppData\Local\Temp\f5tmp\urxshost.cab (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\dcarlson\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = compucom.local
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/10 13:31:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/10 13:30:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\dcarlson\Desktop\OTL.exe
[2011/01/10 13:26:50 | 000,400,384 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\dcarlson\Desktop\JavaRa.exe
[2011/01/10 13:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/10 10:23:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/10 10:23:36 | 000,000,000 | ---D | C] -- C:\Users\dcarlson\AppData\Local\temp
[2011/01/10 10:20:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/10 10:05:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/04 10:15:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/04 10:15:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/04 10:15:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/04 10:14:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/04 10:12:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/01 00:04:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/12/31 11:45:35 | 000,000,000 | ---D | C] -- C:\Users\dcarlson\AppData\Roaming\Malwarebytes
[2010/12/31 11:45:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/31 11:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/31 11:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/31 11:20:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/31 11:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/31 10:33:23 | 000,000,000 | ---D | C] -- C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Scan
[2010/12/29 10:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2010/12/27 16:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Rusys
[2010/12/22 12:12:16 | 000,000,000 | ---D | C] -- C:\Users\dcarlson\AppData\Local\AirportMania2
[2010/12/22 12:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Airport Mania 2 - Wild Trips Premium Edition
[2010/12/17 12:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/17 12:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2006/06/29 19:40:20 | 000,528,384 | ---- | C] (Pablo Software Solutions) -- C:\Program Files\FTPWanderer.exe

========== Files - Modified Within 30 Days ==========

[2011/01/10 13:48:37 | 000,623,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/10 13:48:37 | 000,106,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/10 13:46:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/10 13:43:17 | 000,000,463 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2011/01/10 13:41:16 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/10 13:38:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/10 13:38:04 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/10 11:27:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dcarlson\Desktop\OTL.exe
[2011/01/10 11:06:23 | 000,012,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/10 11:06:23 | 000,012,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/10 09:50:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/10 09:01:02 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\SyncBack C_Drive_Backup.job
[2011/01/04 10:00:33 | 329,553,404 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/03 13:45:59 | 024,412,160 | ---- | M] () -- C:\Users\dcarlson\Documents\My Money.mny
[2011/01/03 13:45:59 | 024,324,271 | R--- | M] () -- C:\Users\dcarlson\Documents\My Money Backup.mbf
[2011/01/01 20:02:31 | 001,811,631 | ---- | M] () -- C:\Users\dcarlson\Desktop\ANABOLIC_AMPLIFIER_EFFECT.pdf
[2010/12/31 11:57:52 | 000,624,128 | ---- | M] () -- C:\Users\dcarlson\Desktop\dds.scr
[2010/12/28 13:15:09 | 000,427,670 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101231-103259.backup
[2010/12/28 12:33:15 | 000,050,031 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/12/28 12:33:15 | 000,001,912 | RHS- | M] () -- C:\Users\dcarlson\ntuser.pol
[2010/12/27 19:23:50 | 000,400,384 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\dcarlson\Desktop\JavaRa.exe
[2010/12/27 19:17:14 | 000,299,233 | ---- | M] () -- C:\Users\dcarlson\Desktop\JavaRa.def
[2010/12/27 16:27:15 | 000,001,125 | ---- | M] () -- C:\Users\dcarlson\Desktop\DartPro.lnk
[2010/12/22 11:56:21 | 000,427,004 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101227-132039.backup
[2010/12/21 03:20:56 | 000,528,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/16 10:52:45 | 000,426,260 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101217-115827.backup
[2010/12/15 12:55:05 | 000,410,112 | ---- | M] () -- C:\Users\dcarlson\Desktop\Deployment_Timeline & Resource Plan.mpp

========== Files Created - No Company Name ==========

[2011/01/10 13:26:51 | 000,002,553 | ---- | C] () -- C:\Users\dcarlson\Desktop\Suomi.lng
[2011/01/10 13:26:50 | 000,299,233 | ---- | C] () -- C:\Users\dcarlson\Desktop\JavaRa.def
[2011/01/10 12:18:30 | 000,624,128 | ---- | C] () -- C:\Users\dcarlson\Desktop\dds.scr
[2011/01/04 10:15:45 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/04 10:15:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/04 10:15:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/04 10:15:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/04 10:15:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/04 10:00:33 | 329,553,404 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/01 20:02:28 | 001,811,631 | ---- | C] () -- C:\Users\dcarlson\Desktop\ANABOLIC_AMPLIFIER_EFFECT.pdf
[2010/12/27 16:27:15 | 000,001,125 | ---- | C] () -- C:\Users\dcarlson\Desktop\DartPro.lnk
[2010/12/15 12:55:05 | 000,410,112 | ---- | C] () -- C:\Users\dcarlson\Desktop\Deployment_Timeline & Resource Plan.mpp
[2010/11/22 21:49:05 | 000,007,599 | ---- | C] () -- C:\Users\dcarlson\AppData\Local\Resmon.ResmonCfg
[2010/11/22 11:19:02 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/10/01 13:39:33 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/05/17 09:32:33 | 000,011,264 | ---- | C] () -- C:\Users\dcarlson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/01 13:13:04 | 000,027,019 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/03/01 13:04:15 | 000,000,243 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/03/01 13:04:15 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/03/01 13:03:32 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/03/01 13:01:37 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010/02/15 07:50:01 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/15 06:52:23 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2010/02/15 06:52:08 | 000,000,463 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2010/02/15 06:51:05 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2009/12/27 19:04:12 | 000,050,031 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/20 19:42:18 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/12/02 19:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/12/01 20:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll

========== LOP Check ==========

[2010/03/04 11:05:12 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\Audacity
[2010/12/03 00:39:09 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\Gafe
[2010/02/25 08:32:50 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\ICAClient
[2011/01/03 13:58:15 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\IrfanView
[2010/06/25 11:13:21 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\PLSQL Developer
[2010/10/01 13:41:50 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\PrimoPDF
[2010/02/19 14:00:24 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\Qlock
[2010/02/17 16:29:34 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\Research In Motion
[2010/04/05 14:22:14 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\ScreenCapturePrint
[2010/12/09 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\Tiluv
[2010/03/01 15:16:56 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\TrueCrypt
[2010/02/19 11:48:45 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/06/17 18:42:25 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\Update
[2010/05/25 09:13:09 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\WeatherBug
[2010/11/11 13:25:13 | 000,000,000 | ---D | M] -- C:\Users\dcarlson\AppData\Roaming\Windows Live Writer
[2010/03/09 10:56:23 | 000,031,188 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/10 09:01:02 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\SyncBack C_Drive_Backup.job

========== Purity Check ==========



< End of report >

 

Here is the DDS log. That second last line is what worries me.


DDS (Ver_10-12-12.02) - NTFSx86
Run by DCarlson at 14:24:54.92 on Mon 01/10/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2046.656 [GMT -6:00]

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\dcarlson\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = https://thewire.compucom.com/default.aspx
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [COMMUNICATOR] "c:\program files\microsoft office communicator\Communicator.exe" /silentRetrials /background
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe "
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
uPolicies-explorer: ClearRecentProgForNewUserInStartMenu = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: att.com\*.teleconference
Trusted Zone: brainshark.com
Trusted Zone: concursolutions.com
Trusted Zone: desktop-shipping.com
Trusted Zone: fidelity.com
Trusted Zone: ge.com\*.gecits
Trusted Zone: hrdpt.com\compucom
Trusted Zone: hrdpt.com\compucomdev
Trusted Zone: ingrammicro.ca
Trusted Zone: ingrammicro.com
Trusted Zone: livemeeting.com
Trusted Zone: medco.com
Trusted Zone: placemeeting.com
Trusted Zone: synnex.ca
Trusted Zone: synnex.com
Trusted Zone: techdata.ca
Trusted Zone: techdata.com
Trusted Zone: att.com\*.teleconference
Trusted Zone: brainshark.com
Trusted Zone: concursolutions.com
Trusted Zone: desktop-shipping.com
Trusted Zone: fidelity.com
Trusted Zone: ge.com\*.gecits
Trusted Zone: hrdpt.com\compucom
Trusted Zone: hrdpt.com\compucomdev
Trusted Zone: ingrammicro.ca
Trusted Zone: ingrammicro.com
Trusted Zone: livemeeting.com
Trusted Zone: medco.com
Trusted Zone: placemeeting.com
Trusted Zone: synnex.ca
Trusted Zone: synnex.com
Trusted Zone: techdata.ca
Trusted Zone: techdata.com
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - c:\users\dcarlson\appdata\local\temp\f5tmp\urxvpn.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\users\dcarlson\appdata\local\temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\users\dcarlson\appdata\local\temp\f5tmp\InstallerControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - c:\users\dcarlson\appdata\local\temp\f5tmp\urxshost.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\dcarlson\appdata\local\temp\f5tmp\urxhost.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\dcarlson\appdata\roaming\mozilla\firefox\profiles\6u6z38e1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&t=0|http://images.google.com/|https://w....pl|http://www.facebook.com/#!/home.php?sk=lf
FF - component: c:\users\dcarlson\appdata\roaming\mozilla\firefox\profiles\6u6z38e1.default\extensions\afom@idevfh\components\npAFOM.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgooglevlc.dll
FF - plugin: c:\users\dcarlson\appdata\roaming\mozilla\plugins\npicaN.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: AFOM Addon: afom@idevfh - %profile%\extensions\afom@idevfh
FF - Ext: RSS Ticker: {1f91cde0-c040-11da-a94d-0800200c9a66} - %profile%\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
FF - Ext: All-in-One Gestures: {8b86149f-01fb-4842-9dd8-4d7eb02fd055} - %profile%\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-6-17 24304]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-12 13480]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-17 1153368]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2010-7-23 1831024]
R2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-31 102448]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-1-13 6628352]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-9-22 15488]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpnwlh.sys [2009-8-20 34944]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 135664]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-8-25 29472]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-6-17 132456]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [2009-12-27 13952]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-6-17 75112]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rismc32.sys [2006-10-3 47488]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-13 1343400]

=============== Created Last 30 ================

2011-01-10 19:31:36 -------- d-----w- C:\_OTL
2011-01-10 19:20:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-10 19:20:04 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-10 16:23:36 -------- d-----w- c:\users\dcarlson\appdata\local\temp
2011-01-10 16:20:31 -------- d-sh--w- C:\$RECYCLE.BIN
2011-01-05 18:21:02 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{66f485b6-5725-434e-aaa5-3540e2dcda91}\mpengine.dll
2011-01-04 16:15:45 89088 ----a-w- c:\windows\MBR.exe
2011-01-04 16:15:44 256512 ----a-w- c:\windows\PEV.exe
2011-01-04 16:15:44 161792 ----a-w- c:\windows\SWREG.exe
2011-01-04 16:15:43 98816 ----a-w- c:\windows\sed.exe
2010-12-31 17:45:35 -------- d-----w- c:\users\dcarlson\appdata\roaming\Malwarebytes
2010-12-31 17:45:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-31 17:45:24 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-31 17:20:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-31 17:20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-27 22:27:11 -------- d-----w- c:\program files\Rusys
2010-12-22 18:12:16 -------- d-----w- c:\users\dcarlson\appdata\local\AirportMania2
2010-12-22 18:11:18 -------- d-----w- c:\program files\Airport Mania 2 - Wild Trips Premium Edition
2010-12-20 17:07:52 516096 ----a-w- c:\program files\windows mail\wab.exe
2010-12-20 17:07:51 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-20 17:07:46 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-20 17:07:46 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-12-20 17:07:45 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-20 17:07:45 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-12-20 17:07:44 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-20 17:07:42 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-12-20 17:07:19 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-20 17:07:02 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-20 17:06:59 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-20 17:04:35 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-17 20:26:21 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-17 20:24:03 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-17 20:23:14 978944 ----a-w- c:\windows\system32\wininet.dll
2010-12-17 20:22:11 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
2010-12-17 20:21:53 386048 ----a-w- c:\windows\system32\html.iec
2010-12-17 20:21:09 860160 ----a-w- c:\program files\internet explorer\iedvtool.dll
2010-12-17 20:19:17 673040 ----a-w- c:\program files\internet explorer\iexplore.exe
2010-12-17 20:15:09 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-17 20:14:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-17 18:23:49 -------- d-----w- c:\program files\iPod
2010-12-17 18:06:02 -------- d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-10-30 06:42:54 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 20:44:21 528384 ----a-w- c:\program files\FTPWanderer.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: HTS541010G9SA00 rev.MBZIC60R -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: >>UNKNOWN [0x82C48000]<< >>UNKNOWN [0x88C00000]<< >>UNKNOWN [0x88FDB000]<< >>UNKNOWN [0x833A5000]<< >>UNKNOWN [0x82C11000]<< >>UNKNOWN [0x88BD1000]<< >>UNKNOWN [0x88A2E000]<< >>UNKNOWN [0x94EEB000]<< >>UNKNOWN [0x88F68000]<< >>UNKNOWN [0x88EB1000]<< >>UNKNOWN [0x8902D000]<< >>UNKNOWN [0x9763F000]<< >>UNKNOWN [0x94EFD000]<< >>UNKNOWN [0x82005000]<< >>UNKNOWN [0x94FB4000]<< >>UNKNOWN [0x88EA3000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x82C84458] -> \Device\Harddisk0\DR0[0x85A7EAA0]
\Driver\Disk[0x85A7DC08] -> IRP_MJ_CREATE -> 0x88C0439F
3 [0x88C0459E] -> ntkrnlpa!IofCallDriver[0x82C84458] -> \Device\Ide\IdeDeviceP1T0L0-2[0x8596A908]
\Driver\atapi[0x85992A10] -> IRP_MJ_CREATE -> 0x833BF8C4
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 14:27:04.48 ===============

 

Sneaky thing is hiding somewhere.

2011/01/10 15:58:09.0585 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/10 15:58:09.0585 ================================================================================
2011/01/10 15:58:09.0585 SystemInfo:
2011/01/10 15:58:09.0585
2011/01/10 15:58:09.0585 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/10 15:58:09.0585 Product type: Workstation
2011/01/10 15:58:09.0586 ComputerName: MB-NW7-174279
2011/01/10 15:58:09.0590 UserName: DCarlson
2011/01/10 15:58:09.0590 Windows directory: C:\Windows
2011/01/10 15:58:09.0590 System windows directory: C:\Windows
2011/01/10 15:58:09.0590 Processor architecture: Intel x86
2011/01/10 15:58:09.0590 Number of processors: 2
2011/01/10 15:58:09.0590 Page size: 0x1000
2011/01/10 15:58:09.0590 Boot type: Normal boot
2011/01/10 15:58:09.0590 ================================================================================
2011/01/10 15:58:10.0955 Initialize success
2011/01/10 15:58:20.0775 ================================================================================
2011/01/10 15:58:20.0775 Scan started
2011/01/10 15:58:20.0775 Mode: Manual;
2011/01/10 15:58:20.0775 ================================================================================
2011/01/10 15:58:23.0340 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/01/10 15:58:23.0404 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/01/10 15:58:23.0489 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/01/10 15:58:23.0583 ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\Windows\system32\drivers\ADIHdAud.sys
2011/01/10 15:58:23.0655 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/10 15:58:23.0775 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/10 15:58:23.0831 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/10 15:58:23.0950 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/01/10 15:58:24.0047 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/01/10 15:58:24.0178 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/01/10 15:58:24.0235 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/01/10 15:58:24.0318 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/01/10 15:58:24.0366 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/01/10 15:58:24.0410 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/01/10 15:58:24.0460 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/10 15:58:24.0502 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/10 15:58:24.0550 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/01/10 15:58:24.0688 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/10 15:58:24.0748 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/01/10 15:58:24.0818 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/01/10 15:58:24.0918 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/01/10 15:58:24.0968 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/10 15:58:25.0021 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/10 15:58:25.0065 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/01/10 15:58:25.0349 atikmdag (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/10 15:58:25.0597 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
2011/01/10 15:58:25.0713 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/01/10 15:58:25.0777 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/01/10 15:58:25.0918 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/01/10 15:58:25.0983 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/10 15:58:26.0059 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/10 15:58:26.0107 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/10 15:58:26.0144 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/10 15:58:26.0210 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/01/10 15:58:26.0251 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/10 15:58:26.0287 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/10 15:58:26.0332 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/10 15:58:26.0462 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/01/10 15:58:26.0497 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/10 15:58:26.0546 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/01/10 15:58:26.0605 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/01/10 15:58:26.0669 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/01/10 15:58:26.0733 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
2011/01/10 15:58:26.0808 btwaudio (7e826be3b3558208d5c9b00034e51be5) C:\Windows\system32\drivers\btwaudio.sys
2011/01/10 15:58:26.0932 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/01/10 15:58:26.0984 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/01/10 15:58:27.0028 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/01/10 15:58:27.0255 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/10 15:58:27.0445 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/10 15:58:27.0508 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/10 15:58:27.0573 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/01/10 15:58:27.0632 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/10 15:58:27.0670 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/01/10 15:58:27.0723 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/01/10 15:58:27.0781 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/10 15:58:27.0839 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/01/10 15:58:27.0914 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/10 15:58:28.0062 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/01/10 15:58:28.0162 dc3d (91c1736e77cff029302728b431d0eedb) C:\Windows\system32\DRIVERS\dc3d.sys
2011/01/10 15:58:28.0235 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/01/10 15:58:28.0448 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/01/10 15:58:28.0506 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/01/10 15:58:28.0620 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\Windows\system32\DRIVERS\DozeHDD.sys
2011/01/10 15:58:28.0738 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/01/10 15:58:28.0804 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/10 15:58:28.0907 e1express (339cbffbbc29580dbc3b235f2fb74f74) C:\Windows\system32\DRIVERS\e1e6232.sys
2011/01/10 15:58:29.0010 e1yexpress (8eef52ad831471e323ee7364a8656d35) C:\Windows\system32\DRIVERS\e1y6032.sys
2011/01/10 15:58:29.0228 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/01/10 15:58:29.0451 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/10 15:58:29.0641 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/10 15:58:29.0733 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/01/10 15:58:29.0774 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/01/10 15:58:29.0898 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/01/10 15:58:30.0021 f5ipfw (b4d86204df12e6f650ae04ee4b0c65ec) C:\Windows\system32\drivers\urfltwlh.sys
2011/01/10 15:58:30.0086 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/01/10 15:58:30.0156 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/10 15:58:30.0216 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/01/10 15:58:30.0253 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/01/10 15:58:30.0298 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/10 15:58:30.0354 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/01/10 15:58:30.0424 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/01/10 15:58:30.0468 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/10 15:58:30.0538 FTDIBUS (a36e8beedb3aaca09bf55a1d17904bc8) C:\Windows\system32\drivers\ftdibus.sys
2011/01/10 15:58:30.0641 FTSER2K (a14a1f4bb391df9c233cb5dbd05feb70) C:\Windows\system32\drivers\ftser2k.sys
2011/01/10 15:58:30.0707 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/10 15:58:30.0771 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/10 15:58:30.0844 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/10 15:58:30.0920 HBtnKey (7dad592a4d28092d584cfb4deef1373d) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/01/10 15:58:30.0964 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/10 15:58:31.0015 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/01/10 15:58:31.0134 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/10 15:58:31.0167 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/10 15:58:31.0215 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/10 15:58:31.0259 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/10 15:58:31.0352 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/10 15:58:31.0439 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/01/10 15:58:31.0556 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/01/10 15:58:31.0699 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/01/10 15:58:31.0793 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/01/10 15:58:31.0852 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/10 15:58:31.0915 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/10 15:58:32.0074 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/01/10 15:58:32.0152 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
2011/01/10 15:58:32.0235 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/10 15:58:32.0300 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/10 15:58:32.0356 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/10 15:58:32.0410 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/10 15:58:32.0467 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/01/10 15:58:32.0587 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/01/10 15:58:32.0662 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
2011/01/10 15:58:32.0709 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/01/10 15:58:32.0777 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/01/10 15:58:32.0827 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/10 15:58:32.0891 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/10 15:58:32.0951 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/10 15:58:33.0029 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/10 15:58:33.0126 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/10 15:58:33.0251 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
2011/01/10 15:58:33.0352 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/10 15:58:33.0434 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/10 15:58:33.0481 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/10 15:58:33.0524 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/10 15:58:33.0592 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/10 15:58:33.0683 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/01/10 15:58:33.0760 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/01/10 15:58:33.0802 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/10 15:58:33.0850 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/10 15:58:33.0937 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/01/10 15:58:33.0992 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/10 15:58:34.0035 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/10 15:58:34.0072 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/10 15:58:34.0148 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/01/10 15:58:34.0191 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/01/10 15:58:34.0271 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/10 15:58:34.0332 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/01/10 15:58:34.0408 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/10 15:58:34.0458 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/10 15:58:34.0510 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/10 15:58:34.0567 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/01/10 15:58:34.0614 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/01/10 15:58:34.0698 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/01/10 15:58:34.0755 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/10 15:58:34.0798 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/01/10 15:58:34.0871 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/10 15:58:34.0957 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/10 15:58:35.0000 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/01/10 15:58:35.0060 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/01/10 15:58:35.0115 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/10 15:58:35.0153 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/01/10 15:58:35.0185 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/10 15:58:35.0236 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/01/10 15:58:35.0390 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/10 15:58:35.0567 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110110.004\NAVENG.SYS
2011/01/10 15:58:35.0665 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110110.004\NAVEX15.SYS
2011/01/10 15:58:35.0850 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/01/10 15:58:35.0924 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/10 15:58:35.0971 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/10 15:58:36.0015 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/10 15:58:36.0062 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/10 15:58:36.0110 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/01/10 15:58:36.0223 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/10 15:58:36.0277 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/10 15:58:36.0635 netw5v32 (feb745e4669476c8d368f6c1ca7c7442) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/01/10 15:58:36.0981 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/10 15:58:37.0040 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/01/10 15:58:37.0100 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/01/10 15:58:37.0151 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/10 15:58:37.0249 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/01/10 15:58:37.0462 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/01/10 15:58:37.0516 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/01/10 15:58:37.0573 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/01/10 15:58:37.0626 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/01/10 15:58:37.0671 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/01/10 15:58:37.0731 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/10 15:58:37.0845 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/01/10 15:58:37.0889 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/01/10 15:58:37.0996 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/01/10 15:58:38.0051 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/01/10 15:58:38.0097 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/10 15:58:38.0250 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/10 15:58:38.0328 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/01/10 15:58:38.0388 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/01/10 15:58:38.0593 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
2011/01/10 15:58:38.0772 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/10 15:58:38.0869 prepdrvr (2a4514a9233d35a355f569ff8b8f6240) C:\Windows\system32\CCM\prepdrv.sys
2011/01/10 15:58:38.0916 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/01/10 15:58:39.0000 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/10 15:58:39.0084 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/01/10 15:58:39.0210 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/10 15:58:39.0356 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/10 15:58:39.0418 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/10 15:58:39.0457 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/10 15:58:39.0521 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/10 15:58:39.0600 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/10 15:58:39.0651 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/10 15:58:39.0701 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/10 15:58:39.0755 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/10 15:58:39.0804 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/10 15:58:39.0848 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/10 15:58:39.0973 RDPDISPM (3a3a4c256b91276210d3a2faf019313d) C:\Windows\system32\DRIVERS\rdpdispm.sys
2011/01/10 15:58:40.0032 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/01/10 15:58:40.0085 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/10 15:58:40.0171 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/10 15:58:40.0218 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/01/10 15:58:40.0267 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/01/10 15:58:40.0362 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/01/10 15:58:40.0415 RICOH SmartCard Reader (02585ea3748ca37118400c7b07b21593) C:\Windows\system32\DRIVERS\rismc32.sys
2011/01/10 15:58:40.0532 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2011/01/10 15:58:40.0618 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/01/10 15:58:40.0708 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
2011/01/10 15:58:40.0860 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/10 15:58:40.0909 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/01/10 15:58:41.0026 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/01/10 15:58:41.0070 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/01/10 15:58:41.0116 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/01/10 15:58:41.0235 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/01/10 15:58:41.0366 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/10 15:58:41.0455 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
2011/01/10 15:58:41.0524 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/10 15:58:41.0607 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/10 15:58:41.0650 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/01/10 15:58:41.0701 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/10 15:58:41.0795 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/10 15:58:41.0886 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/10 15:58:41.0958 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/10 15:58:42.0023 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/10 15:58:42.0086 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/01/10 15:58:42.0152 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/10 15:58:42.0198 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/10 15:58:42.0247 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/01/10 15:58:42.0485 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/01/10 15:58:42.0595 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/01/10 15:58:42.0712 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\Windows\system32\Drivers\SRTSP.SYS
2011/01/10 15:58:42.0773 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\Windows\system32\Drivers\SRTSPL.SYS
2011/01/10 15:58:42.0835 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\Windows\system32\Drivers\SRTSPX.SYS
2011/01/10 15:58:42.0915 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/01/10 15:58:42.0976 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/10 15:58:43.0100 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/01/10 15:58:43.0192 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/01/10 15:58:43.0284 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/01/10 15:58:43.0451 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/10 15:58:43.0550 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/10 15:58:43.0623 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
2011/01/10 15:58:43.0688 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/01/10 15:58:43.0743 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/01/10 15:58:43.0783 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/10 15:58:43.0866 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/01/10 15:58:43.0949 SynTP (0953d53a2d272de4c4be1e6c6a2c90d4) C:\Windows\system32\DRIVERS\SynTP.sys
2011/01/10 15:58:44.0160 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/01/10 15:58:44.0266 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/10 15:58:44.0342 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/10 15:58:44.0409 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/01/10 15:58:44.0458 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/01/10 15:58:44.0554 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/10 15:58:44.0599 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/10 15:58:44.0679 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
2011/01/10 15:58:44.0747 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys
2011/01/10 15:58:44.0860 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys
2011/01/10 15:58:44.0956 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/10 15:58:45.0057 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/10 15:58:45.0101 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/10 15:58:45.0161 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/10 15:58:45.0264 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/01/10 15:58:45.0356 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/10 15:58:45.0408 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/10 15:58:45.0510 urvpndrv (9ac4ee7e86a78d8f949e72116226f531) C:\Windows\system32\DRIVERS\covpnwlh.sys
2011/01/10 15:58:45.0604 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/01/10 15:58:45.0722 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/10 15:58:45.0786 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/01/10 15:58:45.0835 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/10 15:58:45.0886 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/10 15:58:45.0934 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/10 15:58:45.0989 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/10 15:58:46.0035 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/10 15:58:46.0076 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/10 15:58:46.0178 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/01/10 15:58:46.0323 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/01/10 15:58:46.0382 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/10 15:58:46.0428 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/01/10 15:58:46.0490 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/01/10 15:58:46.0547 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/01/10 15:58:46.0583 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/01/10 15:58:46.0632 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/01/10 15:58:46.0682 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/01/10 15:58:46.0744 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/01/10 15:58:46.0797 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/01/10 15:58:46.0846 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/01/10 15:58:46.0967 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/01/10 15:58:47.0034 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/10 15:58:47.0097 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/01/10 15:58:47.0178 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/10 15:58:47.0236 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/10 15:58:47.0267 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/10 15:58:47.0383 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/01/10 15:58:47.0442 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/10 15:58:47.0596 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/10 15:58:47.0728 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/01/10 15:58:48.0016 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/01/10 15:58:48.0190 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/01/10 15:58:48.0373 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/10 15:58:48.0479 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/10 15:58:48.0581 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/01/10 15:58:48.0625 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/10 15:58:48.0723 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/01/10 15:58:50.0219 ================================================================================
2011/01/10 15:58:50.0219 Scan finished
2011/01/10 15:58:50.0219 ================================================================================

 

I'm going to reboot and log in as the local admin and run it and see what I get for results.

 

Ok, I ran as the local admin and the result was the same as above. No identified infections found.
When I first started this process before New Years on malwarebytes.org, it did find something in one of the driver files which it said it cleaned. It appears it has now more successfully hidden itself elsewhere.