TechSpot

Another case of System Check malware

By bdawkins94
Jan 26, 2012
  1. Hello,

    I was recently affected by the System Check malware and have followed your instructions for steps 1-5.

    Here are the log files:

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.25.05

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 8.0.7601.17514
    Brent :: VYNAMIC040 [administrator]

    Protection: Enabled

    1/25/2012 2:54:49 PM
    mbam-log-2012-01-25 (14-54-49).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 217681
    Time elapsed: 1 hour(s), 10 minute(s), 33 second(s)

    Memory Processes Detected: 1
    C:\ProgramData\vjFDrMidYFj.exe (Trojan.FakeAlert) -> 5040 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SYSTEM\CurrentControlSet\Services\AFD (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vjFDrMidYFj.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\vjFDrMidYFj.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\ProgramData\vjFDrMidYFj.exe (Trojan.FakeAlert) -> Delete on reboot.
    C:\Windows\System32\drivers\afd.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\users\brent\appdata\roaming\ac6c4\777ee.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

    (end)
     
  2. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    Logs too large

    ============== Running Processes ===============

    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
    C:\Windows\System32\svchost.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\LTSVC\LTSVC.exe
    C:\Windows\LTSvc\LTSvcMon.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Windows\system32\SAgent4.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\net.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
    C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Users\Brent\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Users\Brent\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe
    C:\Users\Brent\Desktop\gmer.exe
    C:\Windows\system32\taskmgr.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uLocal Page = c:\windows\system32\blank.htm
    uSearch Page = hxxp://www.google.com
    uStart Page = https://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
    uInternet Settings,ProxyServer = http=127.0.0.1:59616
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110913132222.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
    uRun: [WorkForce 610(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S10FF.tmp" /EF "HKCU"
    uRun: [{E8951905-B0E2-46E3-8881-5C20EAE8B00B}] c:\windows\system32\msiexec.exe /cmdloc "hkcu\software\gpscraper.com aitemp\{E8951905-B0E2-46E3-8881-5C20EAE8B00B}"
    uRun: [Google Update] "c:\users\brent\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    uRun: [Akamai NetSession Interface] "c:\users\brent\appdata\local\akamai\netsession_win.exe"
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
    mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
    mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
    mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
    mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
    mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
    mRun: [EasyMessage] c:\program files\easy message\em2.exe
    mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
    mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [ArcSoft MediaImpression Monitor] c:\program files\kodak\mediaimpression\ArcMonitor.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    Trusted Zone: apptix.net\mail
    Trusted Zone: collaborationhost.com\vynamic
    Trusted Zone: localima.org\www
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //FWEvent.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    Trusted Zone: tgelite.com\labtech
    DPF: CabCCT - hxxps://ondemand.apptix.net/codebase/ActCtrl_Apptix.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn1.appliedsystems.com/CACHE/stc/1/binaries/vpnweb.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tlr.webex.com/client/T26L/webex/ieatgpc1.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{49A738B7-03B3-47B9-9727-51289FA76CED} : DhcpNameServer = 10.232.53.29 10.232.53.30 10.232.53.11 10.232.53.145
    TCP: Interfaces\{D21D20D7-5BBE-485B-BA3C-2734D8B9A433} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D21D20D7-5BBE-485B-BA3C-2734D8B9A433}\249627B64616C65602055726C69636 : DhcpNameServer = 192.168.3.1
    TCP: Interfaces\{D21D20D7-5BBE-485B-BA3C-2734D8B9A433}\D697071627B6 : DhcpNameServer = 192.168.16.2
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
    Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt5.0.0.811.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~3\GO36F4~1.DLL
    LSA: Authentication Packages = msv1_0 wvauth
    SubSystems: Windows = winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
    mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
    mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\brent\appdata\roaming\mozilla\firefox\profiles\bwy2t5l6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 59616
    FF - prefs.js: network.proxy.type - 1
    FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll
    FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\brent\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\users\brent\appdata\roaming\move networks\plugins\npqmp071505000011.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: McAfee SiteAdvisor Enterprise: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor Enterprise
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\brent\appdata\roaming\Move Networks
    FF - Ext: Google Reader Watcher: grwatcher@ajnasz.hu - %profile%\extensions\grwatcher@ajnasz.hu

    ============= SERVICES / DRIVERS ===============


    =============== Created Last 30 ================

    2012-01-25 20:17:13 851 ----a-w- c:\programdata\yibrfaa.tmp
    2012-01-25 20:17:07 854 ----a-w- c:\programdata\xibrfaa.tmp
    2012-01-25 20:17:02 791 ----a-w- c:\programdata\wibrfaa.tmp
    2012-01-25 20:16:57 847 ----a-w- c:\programdata\vibrfaa.tmp
    2012-01-25 20:14:13 829 ----a-w- c:\programdata\rekuaaa.tmp
    2012-01-25 20:09:18 838 ----a-w- c:\programdata\bdfqaaa.tmp
    2012-01-25 20:08:45 818 ----a-w- c:\programdata\cdfqaaa.tmp
    2012-01-25 20:08:12 808 ----a-w- c:\programdata\ckjlaaa.tmp
    2012-01-25 20:04:12 850 ----a-w- c:\programdata\zcfqaaa.tmp
    2012-01-25 20:01:55 839 ----a-w- c:\programdata\bkjlaaa.tmp
    2012-01-25 19:53:32 -------- d-----w- c:\users\brent\appdata\roaming\Malwarebytes
    2012-01-25 19:53:08 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-25 19:52:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-25 19:50:08 135781 ---ha-w- C:\mbam-setup-1.60.0.1800.exe
    2012-01-25 19:50:08 135781 ---ha-w- \mbam-setup-1.60.0.1800.exe
    2012-01-25 19:50:08 135781 ---ha-w- \mbam-setup-1.60.0.1800.exe
    2012-01-25 19:21:36 896 ----a-w- c:\programdata\dkjlaaa.tmp
    2012-01-25 19:21:34 829 ----a-w- c:\programdata\adfqaaa.tmp
    2012-01-25 19:21:24 831 ----a-w- c:\programdata\ycfqaaa.tmp
    2012-01-25 19:21:21 880 ----a-w- c:\programdata\akjlaaa.tmp
    2012-01-25 19:20:41 836 ----a-w- c:\programdata\ekjlaaa.tmp
    2012-01-25 15:52:48 351992 ---ha-w- c:\programdata\oTEgArsEo7ELIu.exe
    2012-01-25 15:27:44 818 ---ha-w- c:\programdata\zqeliaa.tmp
    2012-01-25 15:10:19 814 ---ha-w- c:\programdata\breliaa.tmp
    2012-01-25 14:48:30 834 ---ha-w- c:\programdata\mdcagaa.tmp
    2012-01-25 14:40:13 797 ---ha-w- c:\programdata\kdcagaa.tmp
    2012-01-25 14:39:33 819 ---ha-w- c:\programdata\odcagaa.tmp
    2012-01-25 14:39:28 826 ---ha-w- c:\programdata\ndcagaa.tmp
    2012-01-25 14:39:18 850 ---ha-w- c:\programdata\ldcagaa.tmp
    2012-01-25 13:47:27 873 ---ha-w- c:\programdata\yqeliaa.tmp
    2012-01-25 13:15:17 807 ---ha-w- c:\programdata\areliaa.tmp
    2012-01-25 12:40:33 831 ---ha-w- c:\programdata\kpeikaa.tmp
    2012-01-25 12:39:53 849 ---ha-w- c:\programdata\opeikaa.tmp
    2012-01-25 12:39:53 831 ---ha-w- c:\programdata\npeikaa.tmp
    2012-01-25 12:39:45 849 ---ha-w- c:\programdata\mpeikaa.tmp
    2012-01-25 12:39:39 835 ---ha-w- c:\programdata\lpeikaa.tmp
    2012-01-25 04:50:52 845 ---ha-w- c:\programdata\creliaa.tmp
    2012-01-25 04:05:59 912 ---ha-w- c:\programdata\cvgveaa.tmp
    2012-01-25 04:05:54 812 ---ha-w- c:\programdata\bvgveaa.tmp
    2012-01-25 04:05:49 824 ---ha-w- c:\programdata\avgveaa.tmp
    2012-01-25 04:05:44 848 ---ha-w- c:\programdata\zugveaa.tmp
    2012-01-25 03:51:51 802 ---ha-w- c:\programdata\gdcjiaa.tmp
    2012-01-25 03:51:46 813 ---ha-w- c:\programdata\fdcjiaa.tmp
    2012-01-25 03:51:41 886 ---ha-w- c:\programdata\edcjiaa.tmp
    2012-01-25 03:51:36 814 ---ha-w- c:\programdata\ddcjiaa.tmp
    2012-01-25 03:26:30 833 ---ha-w- c:\programdata\qobmaaa.tmp
    2012-01-25 03:12:16 842 ---ha-w- c:\programdata\tobmaaa.tmp
    2012-01-25 02:43:24 865 ---ha-w- c:\programdata\iqgqaaa.tmp
    2012-01-25 02:42:44 805 ---ha-w- c:\programdata\mqgqaaa.tmp
    2012-01-25 02:42:39 842 ---ha-w- c:\programdata\lqgqaaa.tmp
    2012-01-25 02:42:34 843 ---ha-w- c:\programdata\kqgqaaa.tmp
    2012-01-25 02:42:31 813 ---ha-w- c:\programdata\uobmaaa.tmp
    2012-01-25 02:42:29 852 ---ha-w- c:\programdata\jqgqaaa.tmp
    2012-01-25 02:42:21 823 ---ha-w- c:\programdata\sobmaaa.tmp
    2012-01-25 02:42:19 865 ---ha-w- c:\programdata\robmaaa.tmp
    2012-01-25 02:33:42 817 ---ha-w- c:\programdata\iynlaaa.tmp
    2012-01-25 02:33:34 831 ---ha-w- c:\programdata\bwdpaaa.tmp
    2012-01-25 02:33:10 831 ---ha-w- c:\programdata\szxzeaa.tmp
    2012-01-25 02:32:08 855 ---ha-w- c:\programdata\tzxzeaa.tmp
    2012-01-25 02:29:26 829 ---ha-w- c:\programdata\hynlaaa.tmp
    2012-01-25 02:22:56 831 ---ha-w- c:\programdata\gynlaaa.tmp
    2012-01-25 02:17:25 919 ---ha-w- c:\programdata\dwdpaaa.tmp
    2012-01-25 02:10:54 858 ---ha-w- c:\programdata\wzxzeaa.tmp
    2012-01-25 01:48:49 831 ---ha-w- c:\programdata\uzxzeaa.tmp
    2012-01-25 01:26:10 857 ---ha-w- c:\programdata\eynlaaa.tmp
    2012-01-25 00:56:20 837 ---ha-w- c:\programdata\edwbfba.tmp
    2012-01-25 00:56:15 850 ---ha-w- c:\programdata\ddwbfba.tmp
    2012-01-25 00:52:05 838 ---ha-w- c:\programdata\aopxeba.tmp
    2012-01-25 00:51:34 854 ---ha-w- c:\programdata\eopxeba.tmp
    2012-01-25 00:51:26 832 ---ha-w- c:\programdata\dopxeba.tmp
    2012-01-25 00:51:16 790 ---ha-w- c:\programdata\copxeba.tmp
    2012-01-25 00:51:10 835 ---ha-w- c:\programdata\bopxeba.tmp
    2012-01-25 00:43:07 830 ---ha-w- c:\programdata\ewdpaaa.tmp
    2012-01-24 22:59:23 849 ---ha-w- c:\programdata\qcaozaa.tmp
    2012-01-24 22:58:14 829 ---ha-w- c:\programdata\ncaozaa.tmp
    2012-01-24 22:51:09 811 ---ha-w- c:\programdata\pcaozaa.tmp
    2012-01-24 22:50:54 823 ---ha-w- c:\programdata\mcaozaa.tmp
    2012-01-24 22:50:04 833 ---ha-w- c:\programdata\ocaozaa.tmp
    2012-01-24 21:23:03 851 ---ha-w- c:\programdata\mwatuaa.tmp
    2012-01-24 21:22:23 848 ---ha-w- c:\programdata\qwatuaa.tmp
    2012-01-24 21:22:18 839 ---ha-w- c:\programdata\pwatuaa.tmp
    2012-01-24 21:22:13 859 ---ha-w- c:\programdata\owatuaa.tmp
    2012-01-24 21:22:08 789 ---ha-w- c:\programdata\nwatuaa.tmp
    2012-01-24 20:50:28 861 ---ha-w- c:\programdata\snzbpaa.tmp
    2012-01-24 20:49:48 876 ---ha-w- c:\programdata\wnzbpaa.tmp
    2012-01-24 20:49:43 859 ---ha-w- c:\programdata\vnzbpaa.tmp
    2012-01-24 20:49:38 833 ---ha-w- c:\programdata\unzbpaa.tmp
    2012-01-24 20:49:33 865 ---ha-w- c:\programdata\tnzbpaa.tmp
    2012-01-24 18:49:51 830 ---ha-w- c:\programdata\mwoamaa.tmp
    2012-01-24 18:49:15 841 ---ha-w- c:\programdata\qwoamaa.tmp
    2012-01-24 18:49:10 830 ---ha-w- c:\programdata\pwoamaa.tmp
    2012-01-24 18:49:04 862 ---ha-w- c:\programdata\owoamaa.tmp
    2012-01-24 18:48:56 895 ---ha-w- c:\programdata\nwoamaa.tmp
    2012-01-24 17:21:39 887 ---ha-w- c:\programdata\fynlaaa.tmp
    2012-01-24 16:49:51 804 ---ha-w- c:\programdata\sdywnaa.tmp
    2012-01-24 16:49:11 822 ---ha-w- c:\programdata\wdywnaa.tmp
    2012-01-24 16:49:06 796 ---ha-w- c:\programdata\vdywnaa.tmp
    2012-01-24 16:49:01 841 ---ha-w- c:\programdata\udywnaa.tmp
    2012-01-24 16:48:56 849 ---ha-w- c:\programdata\tdywnaa.tmp
    2012-01-24 14:50:58 830 ---ha-w- c:\programdata\ecdikaa.tmp
    2012-01-24 14:49:37 824 ---ha-w- c:\programdata\acdikaa.tmp
    2012-01-24 14:48:52 886 ---ha-w- c:\programdata\dcdikaa.tmp
    2012-01-24 14:48:48 894 ---ha-w- c:\programdata\ccdikaa.tmp
    2012-01-24 14:48:43 837 ---ha-w- c:\programdata\bcdikaa.tmp
    2012-01-24 13:55:46 903 ---ha-w- c:\programdata\awdpaaa.tmp
    2012-01-24 13:55:46 842 ---ha-w- c:\programdata\cwdpaaa.tmp
    2012-01-24 13:28:56 793 ---ha-w- c:\programdata\fnvlaaa.tmp
    2012-01-24 13:28:50 815 ---ha-w- c:\programdata\lqijlba.tmp
    2012-01-24 13:28:49 858 ---ha-w- c:\programdata\wzspaaa.tmp
    2012-01-24 13:28:46 869 ---ha-w- c:\programdata\kqijlba.tmp
    2012-01-24 13:28:40 845 ---ha-w- c:\programdata\jqijlba.tmp
    2012-01-24 13:28:17 857 ---ha-w- c:\programdata\dnvlaaa.tmp
    2012-01-24 13:28:02 854 ---ha-w- c:\programdata\xzspaaa.tmp
    2012-01-24 13:27:57 858 ---ha-w- c:\programdata\zzspaaa.tmp
    2012-01-24 13:27:09 811 ---ha-w- c:\programdata\nlizfaa.tmp
    2012-01-24 13:23:51 830 ---ha-w- c:\programdata\mqijlba.tmp
    2012-01-24 13:22:59 841 ---ha-w- c:\programdata\llizfaa.tmp
    2012-01-24 13:22:42 825 ---ha-w- c:\programdata\aatpaaa.tmp
    2012-01-24 13:14:27 870 ---ha-w- c:\programdata\iqijlba.tmp
    2012-01-24 13:12:26 893 ---ha-w- c:\programdata\gnvlaaa.tmp
    2012-01-24 13:10:22 825 ---ha-w- c:\programdata\yzspaaa.tmp
    2012-01-24 13:01:56 875 ---ha-w- c:\programdata\klizfaa.tmp
    2012-01-24 12:36:15 889 ---ha-w- c:\programdata\envlaaa.tmp
    2012-01-24 12:28:36 806 ---ha-w- c:\programdata\obarbba.tmp
    2012-01-24 12:28:06 832 ---ha-w- c:\programdata\sbarbba.tmp
    2012-01-24 12:28:05 817 ---ha-w- c:\programdata\qbarbba.tmp
    2012-01-24 12:28:05 815 ---ha-w- c:\programdata\rbarbba.tmp
    2012-01-24 12:27:46 840 ---ha-w- c:\programdata\pbarbba.tmp
    2012-01-24 12:22:01 807 ---ha-w- c:\programdata\mlizfaa.tmp
    2012-01-24 11:36:59 839 ---ha-w- c:\programdata\ktgepba.tmp
    2012-01-24 11:36:09 865 ---ha-w- c:\programdata\mtgepba.tmp
    2012-01-24 11:36:05 857 ---ha-w- c:\programdata\ltgepba.tmp
    2012-01-24 11:29:29 867 ---ha-w- c:\programdata\wjwnmba.tmp
    2012-01-24 11:28:49 836 ---ha-w- c:\programdata\akwnmba.tmp
    2012-01-24 11:28:45 858 ---ha-w- c:\programdata\zjwnmba.tmp
    2012-01-24 11:28:41 845 ---ha-w- c:\programdata\yjwnmba.tmp
    2012-01-24 11:28:34 837 ---ha-w- c:\programdata\xjwnmba.tmp
    2012-01-24 11:21:41 806 ---ha-w- c:\programdata\mechrba.tmp
    2012-01-24 11:21:35 839 ---ha-w- c:\programdata\lechrba.tmp
    2012-01-24 11:21:30 799 ---ha-w- c:\programdata\kechrba.tmp
    2012-01-24 11:21:24 827 ---ha-w- c:\programdata\jechrba.tmp
    2012-01-24 10:35:37 830 ---ha-w- c:\programdata\itvdqba.tmp
    2012-01-24 10:35:32 872 ---ha-w- c:\programdata\htvdqba.tmp
    2012-01-24 10:35:28 899 ---ha-w- c:\programdata\gtvdqba.tmp
    2012-01-24 10:35:25 847 ---ha-w- c:\programdata\ktvdqba.tmp
    2012-01-24 10:34:41 843 ---ha-w- c:\programdata\jtvdqba.tmp
    2012-01-24 09:48:54 819 ---ha-w- c:\programdata\excamba.tmp
    2012-01-24 09:48:49 842 ---ha-w- c:\programdata\dxcamba.tmp
    2012-01-24 09:48:44 875 ---ha-w- c:\programdata\cxcamba.tmp
    2012-01-24 09:47:59 863 ---ha-w- c:\programdata\fxcamba.tmp
    2012-01-24 09:27:30 834 ---ha-w- c:\programdata\aybydaa.tmp
    2012-01-24 09:27:25 876 ---ha-w- c:\programdata\zxbydaa.tmp
    2012-01-24 09:27:20 863 ---ha-w- c:\programdata\yxbydaa.tmp
    2012-01-24 09:27:15 850 ---ha-w- c:\programdata\xxbydaa.tmp
    2012-01-24 07:20:46 887 ---ha-w- c:\programdata\glbdkba.tmp
    2012-01-24 07:19:05 848 ---ha-w- c:\programdata\klbdkba.tmp
    2012-01-24 07:19:01 819 ---ha-w- c:\programdata\jlbdkba.tmp
    2012-01-24 07:18:56 841 ---ha-w- c:\programdata\ilbdkba.tmp
    2012-01-24 07:18:50 820 ---ha-w- c:\programdata\hlbdkba.tmp
    2012-01-24 05:28:47 802 ---ha-w- c:\programdata\olizfaa.tmp
    2012-01-24 04:25:09 815 ---ha-w- c:\programdata\ttkrxaa.tmp
    2012-01-24 03:48:56 818 ---ha-w- c:\programdata\igvhlba.tmp
    2012-01-24 03:46:15 828 ---ha-w- c:\programdata\mgvhlba.tmp
    2012-01-24 03:46:10 820 ---ha-w- c:\programdata\lgvhlba.tmp
    2012-01-24 03:46:05 848 ---ha-w- c:\programdata\kgvhlba.tmp
    2012-01-24 03:46:00 829 ---ha-w- c:\programdata\jgvhlba.tmp
    2012-01-24 01:54:31 825 ---ha-w- c:\programdata\yenajba.tmp
    2012-01-24 01:54:20 807 ---ha-w- c:\programdata\wenajba.tmp
    2012-01-24 01:47:04 820 ---ha-w- c:\programdata\uenajba.tmp
    2012-01-24 01:46:19 863 ---ha-w- c:\programdata\xenajba.tmp
    2012-01-23 23:47:53 857 ---ha-w- c:\programdata\whppcba.tmp
    2012-01-23 23:47:13 826 ---ha-w- c:\programdata\aippcba.tmp
    2012-01-23 23:46:58 845 ---ha-w- c:\programdata\xhppcba.tmp
    2012-01-23 23:46:08 854 ---ha-w- c:\programdata\zhppcba.tmp
    2012-01-23 23:46:03 832 ---ha-w- c:\programdata\yhppcba.tmp
    2012-01-23 21:46:34 844 ---ha-w- c:\programdata\uefavaa.tmp
    2012-01-23 21:45:54 838 ---ha-w- c:\programdata\yefavaa.tmp
    2012-01-23 21:45:50 844 ---ha-w- c:\programdata\xefavaa.tmp
    2012-01-23 21:45:44 847 ---ha-w- c:\programdata\wefavaa.tmp
    2012-01-23 21:45:42 815 ---ha-w- c:\programdata\vefavaa.tmp
    2012-01-23 20:49:21 851 ---ha-w- c:\programdata\yepnwaa.tmp
    2012-01-23 20:49:16 886 ---ha-w- c:\programdata\xepnwaa.tmp
    2012-01-23 20:49:11 822 ---ha-w- c:\programdata\wepnwaa.tmp
    2012-01-23 20:49:06 837 ---ha-w- c:\programdata\vepnwaa.tmp
    2012-01-23 20:48:49 800 ---ha-w- c:\programdata\cnvlaaa.tmp
    2012-01-23 19:46:16 840 ---ha-w- c:\programdata\ovgxoaa.tmp
    2012-01-23 19:45:36 796 ---ha-w- c:\programdata\svgxoaa.tmp
    2012-01-23 19:45:31 834 ---ha-w- c:\programdata\rvgxoaa.tmp
    2012-01-23 19:45:26 897 ---ha-w- c:\programdata\qvgxoaa.tmp
    2012-01-23 19:45:21 836 ---ha-w- c:\programdata\pvgxoaa.tmp
    2012-01-23 17:47:48 821 ---ha-w- c:\programdata\iegjnaa.tmp
    2012-01-23 17:45:08 851 ---ha-w- c:\programdata\megjnaa.tmp
    2012-01-23 17:45:03 840 ---ha-w- c:\programdata\legjnaa.tmp
    2012-01-23 17:44:59 840 ---ha-w- c:\programdata\kegjnaa.tmp
    2012-01-23 17:44:54 820 ---ha-w- c:\programdata\jegjnaa.tmp
    2012-01-23 15:45:47 837 ---ha-w- c:\programdata\iqqbhaa.tmp
    2012-01-23 15:45:07 831 ---ha-w- c:\programdata\mqqbhaa.tmp
    2012-01-23 15:45:02 826 ---ha-w- c:\programdata\lqqbhaa.tmp
    2012-01-23 15:44:57 838 ---ha-w- c:\programdata\kqqbhaa.tmp
    2012-01-23 15:44:52 858 ---ha-w- c:\programdata\jqqbhaa.tmp
    2012-01-23 14:10:52 841 ---ha-w- c:\programdata\oxsloaa.tmp
    2012-01-23 12:55:47 819 ---ha-w- c:\programdata\jnupaaa.tmp
    2012-01-23 12:52:59 892 ---ha-w- c:\programdata\kxsloaa.tmp
    2012-01-23 12:52:14 847 ---ha-w- c:\programdata\nxsloaa.tmp
    2012-01-23 12:52:09 828 ---ha-w- c:\programdata\mxsloaa.tmp
    2012-01-23 12:52:04 858 ---ha-w- c:\programdata\lxsloaa.tmp
    2012-01-23 12:45:14 844 ---ha-w- c:\programdata\knupaaa.tmp
    2012-01-23 12:38:09 869 ---ha-w- c:\programdata\pepefaa.tmp
    2012-01-23 12:35:56 836 ---ha-w- c:\programdata\szrsbba.tmp
    2012-01-23 12:35:16 800 ---ha-w- c:\programdata\wzrsbba.tmp
    2012-01-23 12:35:11 855 ---ha-w- c:\programdata\vzrsbba.tmp
    2012-01-23 12:35:06 817 ---ha-w- c:\programdata\uzrsbba.tmp
    2012-01-23 12:35:01 817 ---ha-w- c:\programdata\tzrsbba.tmp
    2012-01-23 12:03:14 851 ---ha-w- c:\programdata\gnupaaa.tmp
    2012-01-23 11:59:26 839 ---ha-w- c:\programdata\nepefaa.tmp
    2012-01-23 10:35:35 824 ---ha-w- c:\programdata\uungaba.tmp
    2012-01-23 10:34:55 836 ---ha-w- c:\programdata\yungaba.tmp
    2012-01-23 10:34:50 810 ---ha-w- c:\programdata\xungaba.tmp
    2012-01-23 10:34:45 838 ---ha-w- c:\programdata\wungaba.tmp
    2012-01-23 10:34:40 863 ---ha-w- c:\programdata\vungaba.tmp
    2012-01-23 09:51:34 848 ---ha-w- c:\programdata\inupaaa.tmp
    2012-01-23 09:49:37 827 ---ha-w- c:\programdata\mepefaa.tmp
    2012-01-23 05:10:22 830 ---ha-w- c:\programdata\hnupaaa.tmp
    2012-01-23 04:08:59 888 ---ha-w- c:\programdata\onobqaa.tmp
    2012-01-23 04:08:19 828 ---ha-w- c:\programdata\snobqaa.tmp
    2012-01-23 04:08:14 829 ---ha-w- c:\programdata\rnobqaa.tmp
    2012-01-23 04:08:09 790 ---ha-w- c:\programdata\qnobqaa.tmp
    2012-01-23 04:08:04 852 ---ha-w- c:\programdata\pnobqaa.tmp
    2012-01-23 02:08:22 854 ---ha-w- c:\programdata\medigaa.tmp
    2012-01-23 02:07:42 890 ---ha-w- c:\programdata\qedigaa.tmp
    2012-01-23 02:07:37 824 ---ha-w- c:\programdata\pedigaa.tmp
    2012-01-23 02:07:32 860 ---ha-w- c:\programdata\oedigaa.tmp
    2012-01-23 02:07:27 855 ---ha-w- c:\programdata\nedigaa.tmp
    2012-01-23 01:09:12 867 ---ha-w- c:\programdata\qepefaa.tmp
    2012-01-23 01:09:02 863 ---ha-w- c:\programdata\oepefaa.tmp
    2012-01-23 00:55:30 814 ---ha-w- c:\programdata\kdedsaa.tmp
    2012-01-23 00:40:59 805 ---ha-w- c:\programdata\jympaaa.tmp
    2012-01-23 00:36:12 811 ---ha-w- c:\programdata\iiscvaa.tmp
    2012-01-23 00:35:46 858 ---ha-w- c:\programdata\bsjldaa.tmp
    2012-01-23 00:35:00 823 ---ha-w- c:\programdata\jmslaaa.tmp
    2012-01-23 00:25:41 827 ---ha-w- c:\programdata\asjldaa.tmp
    2012-01-23 00:24:54 828 ---ha-w- c:\programdata\mmslaaa.tmp
    2012-01-23 00:20:21 866 ---ha-w- c:\programdata\miscvaa.tmp
    2012-01-23 00:20:15 875 ---ha-w- c:\programdata\liscvaa.tmp
    2012-01-23 00:20:10 846 ---ha-w- c:\programdata\kiscvaa.tmp
    2012-01-23 00:20:05 862 ---ha-w- c:\programdata\jiscvaa.tmp
    2012-01-23 00:16:54 817 ---ha-w- c:\programdata\iympaaa.tmp
    2012-01-23 00:15:30 842 ---ha-w- c:\programdata\imslaaa.tmp
    2012-01-22 23:52:48 882 ---ha-w- c:\programdata\esjldaa.tmp
    2012-01-22 23:45:00 839 ---ha-w- c:\programdata\csjldaa.tmp
    2012-01-22 23:04:10 857 ---ha-w- c:\programdata\mympaaa.tmp
    2012-01-22 22:23:10 855 ---ha-w- c:\programdata\eksccaa.tmp
    2012-01-22 22:19:30 820 ---ha-w- c:\programdata\iksccaa.tmp
    2012-01-22 22:19:25 852 ---ha-w- c:\programdata\hksccaa.tmp
    2012-01-22 22:19:20 836 ---ha-w- c:\programdata\gksccaa.tmp
    2012-01-22 22:19:15 827 ---ha-w- c:\programdata\fksccaa.tmp
    2012-01-22 22:10:50 866 ---ha-w- c:\programdata\lympaaa.tmp
    2012-01-22 22:02:21 862 ---ha-w- c:\programdata\kmslaaa.tmp
    2012-01-22 20:56:04 831 ---ha-w- c:\programdata\lmslaaa.tmp
    2012-01-22 20:30:51 834 ---ha-w- c:\programdata\dsjldaa.tmp
    2012-01-22 20:20:51 833 ---ha-w- c:\programdata\opfxcaa.tmp
    2012-01-22 20:20:01 851 ---ha-w- c:\programdata\qpfxcaa.tmp
    2012-01-22 20:19:56 844 ---ha-w- c:\programdata\ppfxcaa.tmp
    2012-01-22 20:19:11 893 ---ha-w- c:\programdata\spfxcaa.tmp
    2012-01-22 20:19:06 824 ---ha-w- c:\programdata\rpfxcaa.tmp
    2012-01-22 19:14:16 838 ---ha-w- c:\programdata\kympaaa.tmp
    2012-01-22 19:08:40 2641408 ---ha-w- c:\windows\winDAFD.tmp
    2012-01-22 19:08:35 2641408 ---ha-w- c:\windows\winC75C.tmp
    2012-01-22 19:08:30 2641408 ---ha-w- c:\windows\winB16A.tmp
    2012-01-22 19:08:24 2641408 ---ha-w- c:\windows\win9DC9.tmp
    2012-01-22 19:08:19 2641408 ---ha-w- c:\windows\win85C4.tmp
    2012-01-22 19:08:12 2641408 ---ha-w- c:\windows\win6DDF.tmp
    2012-01-22 19:08:07 2641408 ---ha-w- c:\windows\win59A2.tmp
    2012-01-22 19:07:54 2641408 ---ha-w- c:\windows\win294D.tmp
    2012-01-22 19:07:49 2641408 ---ha-w- c:\windows\win15AB.tmp
    2012-01-22 19:07:44 2641408 ---ha-w- c:\windows\winFFAA.tmp
    2012-01-22 19:07:39 2641408 ---ha-w- c:\windows\winEC09.tmp
    2012-01-22 19:07:34 2641408 ---ha-w- c:\windows\winD867.tmp
    2012-01-22 19:04:40 2641408 ---ha-w- c:\windows\win30F9.tmp
    2012-01-22 19:04:35 2641408 ---ha-w- c:\windows\win1D57.tmp
    2012-01-22 19:04:30 2641408 ---ha-w- c:\windows\win997.tmp
    2012-01-22 19:04:25 2641408 ---ha-w- c:\windows\winF5A8.tmp
    2012-01-22 19:04:20 2641408 ---ha-w- c:\windows\winE1C8.tmp
    2012-01-22 19:04:14 2641408 ---ha-w- c:\windows\winCE27.tmp
    2012-01-22 19:04:09 2641408 ---ha-w- c:\windows\winB8A2.tmp
    2012-01-22 19:04:04 2641408 ---ha-w- c:\windows\winA501.tmp
    2012-01-22 19:03:59 2641408 ---ha-w- c:\windows\win9160.tmp
    2012-01-22 19:03:54 2641408 ---ha-w- c:\windows\win7DBE.tmp
    2012-01-22 19:03:49 2641408 ---ha-w- c:\windows\win6A1D.tmp
    2012-01-22 19:03:44 2641408 ---ha-w- c:\windows\win567C.tmp
    2012-01-22 19:00:53 2641408 ---ha-w- c:\windows\winBAF1.tmp
    2012-01-22 19:00:47 2641408 ---ha-w- c:\windows\winA637.tmp
    2012-01-22 19:00:42 2641408 ---ha-w- c:\windows\win8F99.tmp
    2012-01-22 19:00:37 2641408 ---ha-w- c:\windows\win7B5C.tmp
    2012-01-22 19:00:31 2641408 ---ha-w- c:\windows\win654B.tmp
    2012-01-22 19:00:26 2641408 ---ha-w- c:\windows\win50EE.tmp
    2012-01-22 19:00:20 2641408 ---ha-w- c:\windows\win3B79.tmp
    2012-01-22 19:00:15 2641408 ---ha-w- c:\windows\win2539.tmp
    2012-01-22 19:00:09 2641408 ---ha-w- c:\windows\winF66.tmp
    2012-01-22 19:00:02 2641408 ---ha-w- c:\windows\winF530.tmp
    2012-01-22 18:59:44 2641408 ---ha-w- c:\windows\winAC5C.tmp
    2012-01-22 18:59:38 2641408 ---ha-w- c:\windows\win96E7.tmp
    2012-01-22 18:59:31 2641408 ---ha-w- c:\windows\win79C4.tmp
    2012-01-22 18:59:24 2641408 ---ha-w- c:\windows\win5E94.tmp
    2012-01-22 18:59:18 2641408 ---ha-w- c:\windows\win49BB.tmp
    2012-01-22 18:59:13 2641408 ---ha-w- c:\windows\win34B3.tmp
    2012-01-22 18:58:57 2641408 ---ha-w- c:\windows\winF4B5.tmp
    2012-01-22 18:58:51 2641408 ---ha-w- c:\windows\winDDE8.tmp
    2012-01-22 18:58:44 2641408 ---ha-w- c:\windows\winC4DB.tmp
    2012-01-22 18:58:38 2641408 ---ha-w- c:\windows\winAC1B.tmp
    2012-01-22 18:58:29 2641408 ---ha-w- c:\windows\win8799.tmp
    2012-01-22 18:58:21 2641408 ---ha-w- c:\windows\win6825.tmp
    2012-01-22 18:58:10 2641408 ---ha-w- c:\windows\win3DF8.tmp
    2012-01-22 18:57:55 2641408 ---ha-w- c:\windows\win395.tmp
    2012-01-22 18:57:38 2641408 ---ha-w- c:\windows\winC01E.tmp
    2012-01-22 18:57:24 2641408 ---ha-w- c:\windows\win89DF.tmp
    2012-01-22 18:57:14 2641408 ---ha-w- c:\windows\win6415.tmp
    2012-01-22 18:57:03 2641408 ---ha-w- c:\windows\win39E8.tmp
    2012-01-22 18:55:55 2641408 ---ha-w- c:\windows\win2E5B.tmp
    2012-01-22 18:54:54 2641408 ---ha-w- c:\windows\win40DB.tmp
    2012-01-22 18:54:49 2641408 ---ha-w- c:\windows\win2D2A.tmp
    2012-01-22 18:54:43 2641408 ---ha-w- c:\windows\win17F4.tmp
    2012-01-22 18:54:38 2641408 ---ha-w- c:\windows\win3B6.tmp
    2012-01-22 18:54:33 2641408 ---ha-w- c:\windows\winEDB5.tmp
    2012-01-22 18:54:28 2641408 ---ha-w- c:\windows\winD9A6.tmp
    2012-01-22 18:54:22 2641408 ---ha-w- c:\windows\winC338.tmp
    2012-01-22 18:54:17 2641408 ---ha-w- c:\windows\winAEBC.tmp
    2012-01-22 18:54:11 2641408 ---ha-w- c:\windows\win986C.tmp
    2012-01-22 18:54:06 2641408 ---ha-w- c:\windows\win849C.tmp
    2012-01-22 18:54:01 2641408 ---ha-w- c:\windows\win709D.tmp
    2012-01-22 18:53:55 2641408 ---ha-w- c:\windows\win5A4E.tmp
    2012-01-22 18:53:50 2641408 ---ha-w- c:\windows\win4527.tmp
    2012-01-22 18:53:44 2641408 ---ha-w- c:\windows\win3108.tmp
    2012-01-22 18:53:39 2641408 ---ha-w- c:\windows\win1D29.tmp
    2012-01-22 18:53:34 2641408 ---ha-w- c:\windows\win949.tmp
    2012-01-22 18:53:29 2641408 ---ha-w- c:\windows\winF52B.tmp
    2012-01-22 18:53:24 2641408 ---ha-w- c:\windows\winE12C.tmp
    2012-01-22 18:53:19 2641408 ---ha-w- c:\windows\winCD4D.tmp
    2012-01-22 18:53:14 2641408 ---ha-w- c:\windows\winB97D.tmp
    2012-01-22 18:53:09 2641408 ---ha-w- c:\windows\winA5BC.tmp
    2012-01-22 18:53:04 2641408 ---ha-w- c:\windows\win91CD.tmp
    2012-01-22 18:52:57 2641408 ---ha-w- c:\windows\win7843.tmp
    2012-01-22 18:52:50 2641408 ---ha-w- c:\windows\win5E5B.tmp
    2012-01-22 18:52:45 2641408 ---ha-w- c:\windows\win481A.tmp
    2012-01-22 18:52:40 2641408 ---ha-w- c:\windows\win340C.tmp
    2012-01-22 18:52:34 2641408 ---ha-w- c:\windows\win1DFB.tmp
    2012-01-22 18:52:29 2641408 ---ha-w- c:\windows\winA1B.tmp
    2012-01-22 18:52:23 2641408 ---ha-w- c:\windows\winF439.tmp
    2012-01-22 18:52:18 2641408 ---ha-w- c:\windows\winE059.tmp
    2012-01-22 18:52:13 2641408 ---ha-w- c:\windows\winCBBE.tmp
    2012-01-22 18:52:08 2641408 ---ha-w- c:\windows\winB7EE.tmp
    2012-01-22 18:52:02 2641408 ---ha-w- c:\windows\winA0C4.tmp
    2012-01-22 18:51:57 2641408 ---ha-w- c:\windows\win8BC3.tmp
    2012-01-22 18:51:51 2641408 ---ha-w- c:\windows\win762E.tmp
    2012-01-22 18:51:46 2641408 ---ha-w- c:\windows\win6201.tmp
    2012-01-22 18:51:40 2641408 ---ha-w- c:\windows\win49FC.tmp
    2012-01-22 18:51:35 2641408 ---ha-w- c:\windows\win363C.tmp
    2012-01-22 18:51:30 2641408 ---ha-w- c:\windows\win21EF.tmp
    2012-01-22 18:51:24 2641408 ---ha-w- c:\windows\winDF0.tmp
    2012-01-22 18:51:19 2641408 ---ha-w- c:\windows\winFA3F.tmp
    2012-01-22 18:51:14 2641408 ---ha-w- c:\windows\winE68E.tmp
    2012-01-22 18:51:09 2641408 ---ha-w- c:\windows\winD2BE.tmp
    2012-01-22 18:50:59 2641408 ---ha-w- c:\windows\winAB3F.tmp
    2012-01-22 18:48:51 2641408 ---ha-w- c:\windows\winB5E9.tmp
    2012-01-22 18:48:46 2641408 ---ha-w- c:\windows\winA238.tmp
    2012-01-22 18:48:36 2641408 ---ha-w- c:\windows\win7B07.tmp
    2012-01-22 18:48:31 2641408 ---ha-w- c:\windows\win6766.tmp
    2012-01-22 18:48:26 2641408 ---ha-w- c:\windows\win53C4.tmp
    2012-01-22 18:48:21 2641408 ---ha-w- c:\windows\win4014.tmp
    2012-01-22 18:48:16 2641408 ---ha-w- c:\windows\win2C34.tmp
    2012-01-22 18:48:10 2641408 ---ha-w- c:\windows\win1883.tmp
    2012-01-22 18:48:05 2641408 ---ha-w- c:\windows\win494.tmp
    2012-01-22 18:48:00 2641408 ---ha-w- c:\windows\winEEC1.tmp
    2012-01-22 18:47:55 2641408 ---ha-w- c:\windows\winDB20.tmp
    2012-01-22 18:47:50 2641408 ---ha-w- c:\windows\winC76F.tmp
    2012-01-22 18:47:45 2641408 ---ha-w- c:\windows\winB370.tmp
    2012-01-22 18:47:40 2641408 ---ha-w- c:\windows\win9FCF.tmp
    2012-01-22 18:47:34 2641408 ---ha-w- c:\windows\win8C0F.tmp
    2012-01-22 18:47:29 2641408 ---ha-w- c:\windows\win782F.tmp
    2012-01-22 18:47:24 2641408 ---ha-w- c:\windows\win645F.tmp
    2012-01-22 18:47:19 2641408 ---ha-w- c:\windows\win509E.tmp
    2012-01-22 18:47:14 2641408 ---ha-w- c:\windows\win3CDE.tmp
    2012-01-22 18:47:09 2641408 ---ha-w- c:\windows\win291E.tmp
    2012-01-22 18:47:04 2641408 ---ha-w- c:\windows\win156D.tmp
    2012-01-22 18:46:59 2641408 ---ha-w- c:\windows\win19D.tmp
    2012-01-22 18:46:54 2641408 ---ha-w- c:\windows\winED9E.tmp
    2012-01-22 18:46:49 2641408 ---ha-w- c:\windows\winD9ED.tmp
    2012-01-22 18:46:47 -------- d--h--w- c:\program files\C4528
    2012-01-22 18:46:14 -------- d--h--w- c:\users\brent\appdata\roaming\AC6C4
    2012-01-22 18:46:03 -------- d--h--w- c:\program files\LP
    2012-01-16 15:01:39 103864 ---ha-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

    ==================== Find3M ====================

    2012-01-25 19:50:09 135781 ---ha-w- \mbam-setup-1.60.0.1800.exe
    2012-01-25 19:50:09 135781 ---ha-w- \mbam-setup-1.60.0.1800.exe
    2012-01-24 23:48:58 60304 ---ha-w- c:\users\brent\g2mdlhlpx.exe
    2012-01-22 18:55:50 2641408 ---ha-w- c:\windows\win14E0.tmp
    2012-01-22 18:55:43 2641408 ---ha-w- c:\windows\winF1.tmp
    2012-01-22 18:55:38 2641408 ---ha-w- c:\windows\winEC37.tmp
    2012-01-22 18:55:36 831 ---ha-w- c:\programdata\btbswka.tmp
    2012-01-22 18:55:33 2641408 ---ha-w- c:\windows\winD72F.tmp
    2012-01-22 18:55:30 814 ---ha-w- c:\programdata\atbswka.tmp
    2012-01-22 18:55:27 2641408 ---ha-w- c:\windows\winC2C3.tmp
    2012-01-22 18:55:25 836 ---ha-w- c:\programdata\zsbswka.tmp
    2012-01-22 18:55:22 2641408 ---ha-w- c:\windows\winAEF3.tmp
    2012-01-22 18:55:17 2641408 ---ha-w- c:\windows\win9AE5.tmp
    2012-01-22 18:55:12 2641408 ---ha-w- c:\windows\win813B.tmp
    2012-01-22 18:55:05 2641408 ---ha-w- c:\windows\win6C04.tmp
    2012-01-22 18:55:00 2641408 ---ha-w- c:\windows\win57B7.tmp
    2011-09-25 02:31:52 44 ---h--w- c:\program files\d345a5c1.tmp

    ============= FINISH: 17:18:37.78 ===============
     
  3. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    More logs

    Attach.txt


    ==== Installed Programs ======================

    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    7-Zip 4.65
    Adobe Acrobat 9 Standard - English, Français, Deutsch
    Adobe Acrobat 9.5.0 - CPSID_83708
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    AI RoboForm (All Users)
    AIM 7
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    All Day Battery Life Configuration
    Any Video Converter 3.1.7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft MediaImpression for Kodak
    AuthenTec Fingerprint Software
    Auto Click Profits 1.0.0
    Belarc Advisor 8.1
    BioAPI Framework
    BlackBerry Desktop Software 6.0
    Bonjour
    Broadcom NetXtreme-I Netlink Driver and Management Installer
    CameraHelperMsi
    CherryPicker
    Cisco AnyConnect VPN Client
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Conexant HDA D330 MDC V.92 Modem
    Core FTP LE 2.1
    Corel Graphics - Windows Shell Extension
    CorelDRAW Graphics Suite X5
    CorelDRAW Graphics Suite X5 - Capture
    CorelDRAW Graphics Suite X5 - Common
    CorelDRAW Graphics Suite X5 - Connect
    CorelDRAW Graphics Suite X5 - Custom Data
    CorelDRAW Graphics Suite X5 - Draw
    CorelDRAW Graphics Suite X5 - EN
    CorelDRAW Graphics Suite X5 - Filters
    CorelDRAW Graphics Suite X5 - FontNav
    CorelDRAW Graphics Suite X5 - IPM
    CorelDRAW Graphics Suite X5 - PHOTO-PAINT
    CorelDRAW Graphics Suite X5 - Photozoom Plugin
    CorelDRAW Graphics Suite X5 - Redist
    CorelDRAW Graphics Suite X5 - Setup Files
    CorelDRAW Graphics Suite X5 - VBA
    CorelDRAW Graphics Suite X5 - VideoBrowser
    CorelDRAW Graphics Suite X5 - VSTA
    CorelDRAW Graphics Suite X5 - WT
    CorelDRAW(R) Graphics Suite X5
    DCP32MMWrapper
    Dell Control Point
    Dell ControlPoint Security Manager
    Dell ControlPoint System Manager
    Dell Driver Download Manager
    Dell Edoc Viewer
    Dell Embassy Trust Suite by Wave Systems
    Dell Security Device Driver Pack
    Dell Touchpad
    Dell Wireless WLAN Card Utility
    Digital Line Detect
    Document Manager Lite
    Domain Samurai
    Download Updater (AOL LLC)
    Dropbox
    EMBASSY Security Center
    EMBASSY Security Setup
    Epson Event Manager
    Epson FAX Utility
    Epson PC-FAX Driver
    EPSON Scan
    EPSON WorkForce 610 Series Printer Uninstall
    EpsonNet Print
    EpsonNet Setup
    erLT
    ESC Home Page Plugin
    Facebook FriendAdder
    FB Leads Maker version 1.1
    FreeMind
    Gemalto
    GIMP 2.6.11
    Golf Solitaire 1.1.0
    Google Chrome
    Google Desktop
    Google Quick Search Box
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 5.1.0.880
    GPScraper 2011
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    IDT Audio
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    Intel® Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Jing
    Junk Mail filter update
    Logitech Webcam Software
    LWS Facebook
    LWS Help_main
    LWS VideoEffects
    LWS Webcam Software
    Malwarebytes Anti-Malware version 1.60.0.1800
    MapPI v4.4 version 4.4
    Market Samurai
    Maxtor Manager
    McAfee Browser Protection Service
    McAfee Firewall Protection Service
    McAfee Security Scan Plus
    McAfee SiteAdvisor Enterprise Plus
    McAfee Virus and Spyware Protection Service
    MFCLOC
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Project 2007 Service Pack 2 (SP2)
    Microsoft Office Project MUI (English) 2007
    Microsoft Office Project Standard 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Visio 2007 Service Pack 2 (SP2)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Tools for Applications 2.0 Runtime
    Mobile Broadband Generic Drivers
    Move Media Player
    Mozilla Firefox (3.6.13)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetWaiting
    NicheSensei
    Notepad++
    NTRU TCG Software Stack
    Nvu 1.0PR
    OGA Notifier 2.0.0048.0
    PayPal Plug-In
    Picasa 3
    PingPlotter Standard 3.30.4s
    PowerDVD DX
    Preboot Manager
    Private Information Manager
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE 10.3
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio 2007 (KB2553010)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Wizards
    Sierra Utilities
    Skype™ 5.5
    SO32MMWrapper
    Trillian
    TrueKat Show
    Trusted Drive Manager
    Tube Toolbox
    Tweet Siphon 1.0
    Underachiever Secrets
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Project 2007 Help (KB963668)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Visio 2007 Help (KB963666)
    Update for Microsoft Office Word 2007 Help (KB963665)
    UPEK TouchChip Fingerprint Reader
    Verizon Wireless MiFi-2200 Firmware Updates
    Visual Basic for Applications (R) Core
    Visual Basic for Applications (R) Core - English
    Visual C++ 8.0 x86 Runtime Setup Package
    VZAccess Manager
    Wave Infrastructure Installer
    Wave Support Software
    WebEx
    WIDCOMM Bluetooth Software
    Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
    Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Xtreme Traffic Arbitrage
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Yammer
    YPScraper

    ==== End Of File =========================
     
  4. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    GMER log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-26 17:16:01
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1
    Running: gmer.exe; Driver: C:\Users\Brent\AppData\Local\Temp\fxliqfow.sys


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\701a041e8bee
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\701a041e8bee (not active ControlSet)

    ---- Files - GMER 1.0.15 ----

    F
    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\services.exe[596] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00070FEF
    .text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00070FEF
    .text C:\Windows\system32\svchost.exe[4124] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00070FEF
    .text C:\Windows\system32\lsass.exe[612] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00090000
    .text C:\Windows\System32\svchost.exe[2008] msvcrt.dll!_open 762B7E48 5 Bytes JMP 001E0FE3
    .text C:\Windows\system32\svchost.exe[848] msvcrt.dll!_open 762B7E48 5 Bytes JMP 002E0FEF
    .text C:\Windows\system32\svchost.exe[632] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00310FEF
    .text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00330000
    .text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!_open 762B7E48 5 Bytes JMP 003B0000
    .text C:\Windows\system32\svchost.exe[748] msvcrt.dll!_open 762B7E48 5 Bytes JMP 003C0FEF
    .text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00580FEF
    .text C:\Windows\System32\svchost.exe[556] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00860000
    .text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_open 762B7E48 5 Bytes JMP 008C0FE3
    .text C:\Windows\system32\svchost.exe[2328] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00900FEF
    .text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00BC0FEF
    .text C:\Windows\Explorer.EXE[3644] msvcrt.dll!_open 762B7E48 5 Bytes JMP 02F30000
    .text C:\Windows\system32\services.exe[596] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 00070031
    .text C:\Windows\system32\svchost.exe[4124] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 00070FA3
    .text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 00070FD4
    .text C:\Windows\system32\lsass.exe[612] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 0009005A
    .text C:\Windows\System32\svchost.exe[2008] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 001E0042
    .text C:\Windows\system32\svchost.exe[848] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 002E0FC3
    .text C:\Windows\system32\svchost.exe[632] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 00310F7A
    .text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 0033004E
    .text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 003B006E
    .text C:\Windows\system32\svchost.exe[748] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 003C0044
    .text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 0058005D
    .text C:\Windows\System32\svchost.exe[556] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 00860FB4
    .text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 008C0038
    .text C:\Windows\system32\svchost.exe[2328] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 00900F97
    .text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 00BC0FCD
    .text C:\Windows\Explorer.EXE[3644] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 02F30042
    .text C:\Windows\system32\svchost.exe[4124] msvcrt.dll!system 762EB16F 5 Bytes JMP 00070038
    .text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!system 762EB16F 5 Bytes JMP 0007005F
    .text C:\Windows\system32\services.exe[596] msvcrt.dll!system 762EB16F 5 Bytes JMP 00070FA6
    .text C:\Windows\system32\lsass.exe[612] msvcrt.dll!system 762EB16F 5 Bytes JMP 0009003F
    .text C:\Windows\System32\svchost.exe[2008] msvcrt.dll!system 762EB16F 5 Bytes JMP 001E0027
    .text C:\Windows\system32\svchost.exe[848] msvcrt.dll!system 762EB16F 5 Bytes JMP 002E0044
    .text C:\Windows\system32\svchost.exe[632] msvcrt.dll!system 762EB16F 5 Bytes JMP 00310F95
    .text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!system 762EB16F 5 Bytes JMP 00330FCD
    .text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!system 762EB16F 5 Bytes JMP 003B005D
    .text C:\Windows\system32\svchost.exe[748] msvcrt.dll!system 762EB16F 5 Bytes JMP 003C0033
    .text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!system 762EB16F 5 Bytes JMP 00580042
    .text C:\Windows\System32\svchost.exe[556] msvcrt.dll!system 762EB16F 5 Bytes JMP 00860049
    .text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!system 762EB16F 5 Bytes JMP 008C0027
    .text C:\Windows\system32\svchost.exe[2328] msvcrt.dll!system 762EB16F 5 Bytes JMP 00900FB2
    .text C:\Windows\System32\svchost.exe[964] msvcrt.dll!system 762EB16F 5 Bytes JMP 00BC0FDE
    .text C:\Windows\Explorer.EXE[3644] msvcrt.dll!system 762EB16F 5 Bytes JMP 02F30027
    .text C:\Windows\system32\services.exe[596] msvcrt.dll!_creat 762EED29 5 Bytes JMP 0007000C
    .text C:\Windows\system32\svchost.exe[4124] msvcrt.dll!_creat 762EED29 5 Bytes JMP 0007000C
    .text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_creat 762EED29 5 Bytes JMP 00070033
    .text C:\Windows\system32\lsass.exe[612] msvcrt.dll!_creat 762EED29 5 Bytes JMP 0009002E
    .text C:\Windows\System32\svchost.exe[2008] msvcrt.dll!_creat 762EED29 5 Bytes JMP 001E0FC1
    .text C:\Windows\system32\svchost.exe[848] msvcrt.dll!_creat 762EED29 5 Bytes JMP 002E0FD4
    .text C:\Windows\system32\svchost.exe[632] msvcrt.dll!_creat 762EED29 5 Bytes JMP 00310FC1
    .text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_creat 762EED29 5 Bytes JMP 00330022
    .text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!_creat 762EED29 5 Bytes JMP 003B001D
    .text C:\Windows\system32\svchost.exe[748] msvcrt.dll!_creat 762EED29 5 Bytes JMP 003C0FCD
    .text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!_creat 762EED29 5 Bytes JMP 00580FD2
    .text C:\Windows\System32\svchost.exe[556] msvcrt.dll!_creat 762EED29 5 Bytes JMP 0086002E
    .text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_creat 762EED29 5 Bytes JMP 008C0FB7
    .text C:\Windows\system32\svchost.exe[2328] msvcrt.dll!_creat 762EED29 5 Bytes JMP 00900018
    .text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_creat 762EED29 5 Bytes JMP 00BC0029
    .text C:\Windows\Explorer.EXE[3644] msvcrt.dll!_creat 762EED29 5 Bytes JMP 02F30FD2
    .text C:\Windows\system32\svchost.exe[4124] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 0007001D
    .text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 0007004E
    .text C:\Windows\system32\services.exe[596] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 00070FB7
    .text C:\Windows\system32\lsass.exe[612] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 00090FCF
    .text C:\Windows\System32\svchost.exe[2008] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 001E0016
    .text C:\Windows\system32\svchost.exe[848] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 002E0029
    .text C:\Windows\system32\svchost.exe[632] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 00310FA6
    .text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 0033003D
    .text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 003B0042
    .text C:\Windows\system32\svchost.exe[748] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 003C0022
    .text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 00580027
    .text C:\Windows\System32\svchost.exe[556] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 00860FD9
    .text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 008C000C
    .text C:\Windows\system32\svchost.exe[2328] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 00900FC3
    .text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 00BC004E
    .text C:\Windows\Explorer.EXE[3644] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 02F30FB7
    .text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 00070018
    .text C:\Windows\system32\svchost.exe[4124] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 00070FD2
    .text C:\Windows\system32\services.exe[596] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 00070FDE
    .text C:\Windows\system32\lsass.exe[612] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 0009001D
    .text C:\Windows\System32\svchost.exe[2008] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 001E0FD2
    .text C:\Windows\system32\svchost.exe[848] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 002E000C
    .text C:\Windows\system32\svchost.exe[632] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 00310FDE
    .text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 00330011
    .text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 003B0FE3
    .text C:\Windows\system32\svchost.exe[748] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 003C0FDE
    .text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 0058000C
    .text C:\Windows\System32\svchost.exe[556] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 0086001D
    .text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 008C0FD2
    .text C:\Windows\system32\svchost.exe[2328] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 00900FDE
    .text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 00BC0018
    .text C:\Windows\Explorer.EXE[3644] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 02F30FEF

    ---- Files - GMER 1.0.15 ----
     
  5. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    More GMER.log

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\lsass.exe[612] WININET.dll!InternetOpenW 76719197 5 Bytes JMP 000A0025
    .text C:\Windows\System32\svchost.exe[2008] WININET.dll!InternetOpenW 76719197 5 Bytes JMP 001F0FD4
    .text C:\Windows\Explorer.EXE[3644] WININET.dll!InternetOpenW 76719197 5 Bytes JMP 02F4001B
    .text C:\Windows\system32\lsass.exe[612] WININET.dll!InternetOpenA 7671F18E 5 Bytes JMP 000A000A
    .text C:\Windows\System32\svchost.exe[2008] WININET.dll!InternetOpenA 7671F18E 5 Bytes JMP 001F0FE5
    .text C:\Windows\Explorer.EXE[3644] WININET.dll!InternetOpenA 7671F18E 5 Bytes JMP 02F40000
    .text C:\Windows\system32\lsass.exe[612] WININET.dll!InternetOpenUrlA 767330E9 5 Bytes JMP 000A0040
    .text C:\Windows\System32\svchost.exe[2008] WININET.dll!InternetOpenUrlA 767330E9 5 Bytes JMP 001F000A
    .text C:\Windows\Explorer.EXE[3644] WININET.dll!InternetOpenUrlA 767330E9 5 Bytes JMP 02F4002C
    .text C:\Windows\system32\lsass.exe[612] WININET.dll!InternetOpenUrlW 7676BF94 5 Bytes JMP 000A005B
    .text C:\Windows\System32\svchost.exe[2008] WININET.dll!InternetOpenUrlW 7676BF94 5 Bytes JMP 001F0FB9
    .text C:\Windows\Explorer.EXE[3644] WININET.dll!InternetOpenUrlW 7676BF94 5 Bytes JMP 02F40FDB
    .text C:\Windows\system32\services.exe[596] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00080000
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 0009000A
    .text C:\Windows\system32\svchost.exe[4124] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00190000
    .text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00190FEF
    .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 0034000A
    .text C:\Windows\System32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00340FEF
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 003F0FE5
    .text C:\Windows\system32\svchost.exe[632] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00400FEF
    .text C:\Windows\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00460000
    .text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00590000
    .text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00690000
    .text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00870000
    .text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 008D0000
    .text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00BD000A
    .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00BD0FEF
    .text C:\Windows\Explorer.EXE[3644] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 02F5000A
    .text C:\Windows\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00080FC3
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00090058
    .text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00190040
    .text C:\Windows\system32\svchost.exe[4124] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00190FC0
    .text C:\Windows\System32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 0034001E
    .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 0034002F
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 003F0025
    .text C:\Windows\system32\svchost.exe[632] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00400FB2
    .text C:\Windows\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00460FC0
    .text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00590FC3
    .text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00690036
    .text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00870047
    .text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 008D0FD1
    .text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00BD005B
    .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00BD0F9E
    .text C:\Windows\Explorer.EXE[3644] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 02F50051
    .text C:\Windows\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00080F94
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00090073
    .text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 0019006C
    .text C:\Windows\system32\svchost.exe[4124] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00190F94
    .text C:\Windows\System32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00340F7C
    .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00340F8D
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 003F0036
    .text C:\Windows\system32\svchost.exe[632] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00400043
    .text C:\Windows\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00460F94
    .text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00590FB2
    .text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00690065
    .text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00870FA5
    .text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 008D0FAF
    .text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00BD0076
    .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00BD0F72
    .text C:\Windows\Explorer.EXE[3644] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 02F50FC3
    .text C:\Windows\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00080040
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00090FC7
    .text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00190051
    .text C:\Windows\system32\svchost.exe[4124] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00190FA5
    .text C:\Windows\System32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00340F97
    .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00340FA8
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 003F0F94
    .text C:\Windows\system32\svchost.exe[632] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00400FA1
    .text C:\Windows\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00460FAF
    .text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 0059004A
    .text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00690FB9
    .text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00870FB6
    .text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 008D0FC0
    .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00BD0F8D
    .text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00BD0FD4
    .text C:\Windows\Explorer.EXE[3644] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 02F50FD4
    .text C:\Windows\system32\services.exe[596] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00080FEF
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 0009001B
    .text C:\Windows\system32\svchost.exe[4124] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00190011
    .text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00190FDE
    .text C:\Windows\System32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00340FD4
    .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00340FEF
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 003F0FD4
    .text C:\Windows\system32\svchost.exe[632] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 0040000A
    .text C:\Windows\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00460FEF
    .text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00590FE5
    .text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00690011
    .text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00870011
    .text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 008D0011
    .text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00BD001B
    .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00BD0FD4
    .text C:\Windows\Explorer.EXE[3644] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 02F50FEF
    .text C:\Windows\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00080F83
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00090084
    .text C:\Windows\system32\svchost.exe[4124] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00190F83
    .text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00190FB9
    .text C:\Windows\System32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00340039
    .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 0034004A
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 003F0047
    .text C:\Windows\system32\svchost.exe[632] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 0040005E
    .text C:\Windows\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00460F83
    .text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 0059006F
    .text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00690076
    .text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00870062
    .text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 008D0F9E
    .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00BD002F
    .text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00BD009B
    .text C:\Windows\Explorer.EXE[3644] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 02F50FA8
    .text C:\Windows\system32\services.exe[596] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00080025
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 0009003D
    .text C:\Windows\system32\svchost.exe[4124] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00190022
    .text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 0019002F
    .text C:\Windows\System32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00340FA8
    .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00340FC3
    .text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 003F0FB9
    .text C:\Windows\system32\svchost.exe[632] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00400FC3
    .text C:\Windows\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 0046002C
    .text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00590FD4
    .text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00690FCA
    .text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 0087002C
    .text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 008D003D
    .text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00BD004A
    .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00BD0FC3
    .text C:\Windows\Explorer.EXE[3644] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 02F50040
    .text C:\Windows\system32\services.exe[596] ADVAPI32.dll!RegOpenKeyExA 76A04907 5 Bytes JMP 00080FD4
    .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExA 76A04907 5 Bytes JMP 0009002C
    .text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!RegOpenKeyExA 76A04907 5 Bytes JMP 0019001E
    .text C:\Windows\system32\svchost.exe[4124] ADVAPI32.dll!RegOpenKeyExA 76A04907 5 Bytes JMP 00190FDB
    .text C:\Windows\System32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyExA
     
  6. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    More GMER.log

    ---- Files - GMER 1.0.15 ----


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 8323C5C5 5 Bytes JMP 8CBA1258 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    .text ntkrnlpa.exe!ZwSaveKey + 13D1 8324E369 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83287D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

    ---- Files - GMER 1.0.15 ----


    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!NtMapViewOfSection 83457452 7 Bytes JMP 8CBA126C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 8346BA7D 5 Bytes JMP 8CBA1296 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 834756FA 5 Bytes JMP 8CBA1282 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

    ---- Files - GMER 1.0.15 ----


    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE peauth.sys 92F07BEC 111 Bytes [AE, EA, A7, BE, 8A, 33, 63, ...]

    ---- Files - GMER 1.0.15 ----


    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\mfevtps.exe[2140] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0013A510] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74995600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749956BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749A4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749A4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749A506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749A5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [749A6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749A826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749A8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749A87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [749A901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749AE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749B2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [749B24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2512] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75BCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2512] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75BCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2512] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75BCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2512] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75BCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2512] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75BCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2512] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75BCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:720] C5B2EBD0

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\0000005e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8CBA1268]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8CBA1292]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8CBA127E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8CBA1254]

    ---- Files - GMER 1.0.15 ----


    File C:\Windows\$NtUninstallKB46542$\3480255166 0 bytes
    File C:\Windows\$NtUninstallKB46542$\3480255166\@ 2048 bytes
    File C:\Windows\$NtUninstallKB46542$\3480255166\bckfg.tmp 845 bytes
    File C:\Windows\$NtUninstallKB46542$\3480255166\cfg.ini 200 bytes
    File C:\Windows\$NtUninstallKB46542$\3480255166\Desktop.ini 4608 bytes
    File C:\Windows\$NtUninstallKB46542$\3480255166\keywords 722 bytes
    File C:\Windows\$NtUninstallKB46542$\3480255166\kwrd.dll 223744 bytes
    File C:\Windows\$NtUninstallKB46542$\3480255166\L 0 bytes
    File C:\Windows\$NtUninstallKB46542$\3480255166\L\xadqgnnk 338944 bytes
    File C:\Windows\$NtUninstallKB46542$\3480255166\lsflt7.ver 5176 bytes
    File C:\Windows\$NtUninstallKB46542$\3480255166\U 0 bytes
    File C:\Windows\$NtUninstallKB46542$\3480255166\U\00000001.@ 2048 bytes
    File C:\Windows\$NtUninstallKB46542$\3480255166\U\00000002.@ 224768 bytes
    File C:\Windows\$NtUninstallKB46542$\3480255166\U\00000004.@ 1024 bytes
    File C:\Windows\$NtUninstallKB46542$\3480255166\U\80000000.@ 11264 bytes
    File C:\Windows\$NtUninstallKB46542$\3480255166\U\80000004.@ 12800 bytes
    File C:\Windows\$NtUninstallKB46542$\3480255166\U\80000032.@ 77312 bytes
    File C:\Windows\$NtUninstallKB46542$\483184839
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I've deleted your duplicate thread. Sometimes it takes a few minutes for a post to show. Please keep all logs and comments for this problem on this thread.

    There are headers missing from the top of the DDS.txt log and the Attach.txt logs. They give me information about your system. Please find them in you system and post only the top header for each log. Please paste in next reply first, then go on with the scans

    Please read scan instructions carefully. You missed the Warning in GMER saying don't click show all.

    I have no system information due to the headers missing. I see a McAfee in GMER- is that you AV?
    --------------------------------------------
    You have diagnosed System Check malware, but you have not given me any information about the problems you're having: for instance:
    If you are infected with System Check it is important that you do not delete any files from your Temp folder or use any temp file cleaners
    • System Check is a fake (Rogue) computer analysis and optimization program.
    • The 'alerts' ??? tell you the problems have lead to corrupt and missing data
    • It will display false error messages and security warnings.???
    • It "hides" Icons, desktop, programs??? and files so that they appear to be missing and some programs can't be run
    • This can be installed through hacked sites that exploit vulnerabilities on the system or through fake online scanner pages
    • The malware is configured to automatically start when you logon to Windows.
    • It can also be started if you click on any of these alerts.
    =====================================
    Go you have internet access?
    Can you get into Normal Mode?? Safe Mode with Networking?
    =====================================
    I'd like you to go ahead and run Combofix. It should find and remove the malware entries for 1/24-1/25. If you have AVG, you will need to uninstall it temporarily to run Combofix, Use the AppRemover first if it applies:
    I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =========================================

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PMwith your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.
     
  8. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    A Question

    I ran GMER and it never wanred me or asked me to click anything, it just ran so I never saw that message - should i run it again? It took 7 hours to run today (obviously i did something wrong).

    I went back and checked and there were no headers in the DDS or Attach logs - should I rerun those to get the header information?

    "I have no system information due to the headers missing. I see a McAfee in GMER- is that you AV?
    --------------------------------------------
    You have diagnosed System Check malware, but you have not given me any information about the problems you're having: for instance:"

    My symptoms are:

    I got the System Check icon in the system tray and a popup claiming I had bad RAM, disk, virus, etc. but I knew it was fake since the alerts were in the systerm tray and I had never seen that program before. It made my icons disappear, made the background turn black, launched about 20 bogus error "alerts" that kept coming back if I tried to cles them and hid all of my files on the hard drive. I used the cmd.exe to check it had really deleted them and saw that everything was still there. I had internet access until I rebooted and then it started blocking me from getting an IP address from my wireless router. So I am using a second clean computer to copy all of the files in the 5 steps over using a thumb drive.

    I have been afraid to cleanup anything until I get some advice from you since you have seen this thing before.

    I now have control back, I ran all 5 steps plus unhide.exe but nothing else.

    I have not rebooted since running the 5 steps and have re-activated McAfee S-a-a-S which is my only AV. I do not have internet access.

    =====================================
    Do you have internet access? No
    Can you get into Normal Mode?? Yes
    Safe Mode with Networking? Have not tried
    =====================================
     
  9. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    Current Progress

    Just wanted to say thanks again for your help with this! It is very much appreciated.

    I see what you mean with GMER, sorry about that, I completely missed the checkbox on "Show All". I must have clicked it and did not realize.

    And the DDS had to be re-downloaded and run again to get the headers to get into the log file. Not sure why.

    I ran Combofix 4 times before it actually worked and completed. But it did and here are the logs. I currently have most everything restored back to norman so I am cautiously optimistic but not feeling 100% yet.

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-01-27 11:09:06
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1
    Running: tycu4fyo.exe; Driver: C:\Users\Brent\AppData\Local\Temp\fxliqfow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----
     
  10. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    More log info

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
    Run by Brent at 11:12:35 on 2012-01-27
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.1763 [GMT -5:00]
    .
    FW: McAfee® Security-as-a-Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Fingerprint Sensor\AtService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Windows\LTSVC\LTSVC.exe
    C:\Windows\LTSvc\LTSvcMon.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Maxtor\Sync\SyncServices.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Windows\system32\SAgent4.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\LTSVC\LTTray.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
    C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Users\Brent\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
    C:\Users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Users\Brent\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Yammer\Yammer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www.google.com/
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
    uInternet Settings,ProxyServer = http=127.0.0.1:59616
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
    uRun: [{E8951905-B0E2-46E3-8881-5C20EAE8B00B}] c:\windows\system32\msiexec.exe /cmdloc "hkcu\software\gpscraper.com aitemp\{E8951905-B0E2-46E3-8881-5C20EAE8B00B}"
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    uRun: [Akamai NetSession Interface] "c:\users\brent\appdata\local\akamai\netsession_win.exe"
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
    mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
    mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
    mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
    mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
    mRun: [EasyMessage] c:\program files\easy message\em2.exe
    mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
    mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [ArcSoft MediaImpression Monitor] c:\program files\kodak\mediaimpression\ArcMonitor.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    StartupFolder: c:\users\brent\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\brent\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\brent\appdata\roaming\micros~1\windows\startm~1\programs\startup\yammer.lnk - c:\program files\yammer\Yammer.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\networ~1.lnk - c:\windows\ltsvc\LTTray.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    Trusted Zone: apptix.net\mail
    Trusted Zone: collaborationhost.com\vynamic
    Trusted Zone: localima.org\www
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //FWEvent.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    Trusted Zone: tgelite.com\labtech
    DPF: CabCCT - hxxps://ondemand.apptix.net/codebase/ActCtrl_Apptix.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn1.appliedsystems.com/CACHE/stc/1/binaries/vpnweb.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tlr.webex.com/client/T26L/webex/ieatgpc1.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{49A738B7-03B3-47B9-9727-51289FA76CED} : DhcpNameServer = 10.232.53.29 10.232.53.30 10.232.53.11 10.232.53.145
    TCP: Interfaces\{D21D20D7-5BBE-485B-BA3C-2734D8B9A433} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D21D20D7-5BBE-485B-BA3C-2734D8B9A433}\249627B64616C65602055726C69636 : DhcpNameServer = 192.168.3.1
    TCP: Interfaces\{D21D20D7-5BBE-485B-BA3C-2734D8B9A433}\D697071627B6 : DhcpNameServer = 192.168.16.2
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll
    LSA: Authentication Packages = msv1_0 wvauth
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\brent\appdata\roaming\mozilla\firefox\profiles\bwy2t5l6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 59616
    FF - prefs.js: network.proxy.type - 1
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\brent\appdata\roaming\Move Networks
    FF - Ext: Google Reader Watcher: grwatcher@ajnasz.hu - %profile%\extensions\grwatcher@ajnasz.hu
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe [2010-11-11 81920]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]
    R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]
    R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 382752]
    R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    R2 LTService;TechGuides Monitoring Service;c:\windows\ltsvc\LTSVC.exe [2011-11-15 8713032]
    R2 LTSvcMon;TechGuides Monitoring Service CheckUp Util;c:\windows\ltsvc\LTSvcMon.exe [2011-11-15 98120]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-25 652872]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-10-9 493248]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-11-25 260648]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-11-25 122368]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-25 20464]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-11-25 29472]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-2-18 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
    S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2009-12-13 34248]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-6-15 20480]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-6-3 174720]
    S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-11-25 47104]
    S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2009-11-25 49152]
    S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-11-25 38400]
    S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-15 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-01-27 15:50:32 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-01-27 15:48:02 -------- d-----w- c:\users\brent\appdata\local\temp
    2012-01-27 15:47:52 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-01-27 13:53:03 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2012-01-27 13:51:36 -------- d-----w- C:\ComboFix
    2012-01-27 02:00:29 98816 ----a-w- c:\windows\sed.exe
    2012-01-27 02:00:29 518144 ----a-w- c:\windows\SWREG.exe
    2012-01-27 02:00:29 256000 ----a-w- c:\windows\PEV.exe
    2012-01-27 02:00:29 208896 ----a-w- c:\windows\MBR.exe
    2012-01-27 01:50:55 306 ----a-w- c:\windows\myClean.bat
    2012-01-26 13:54:15 800234 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2012-01-25 19:53:32 -------- d-----w- c:\users\brent\appdata\roaming\Malwarebytes
    2012-01-25 19:53:08 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-25 19:52:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-25 19:52:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-25 19:50:08 135781 ----a-w- C:\mbam-setup-1.60.0.1800.exe
    2012-01-22 18:46:47 -------- d-----w- c:\program files\C4528
    2012-01-22 18:46:14 -------- d-----w- c:\users\brent\appdata\roaming\AC6C4
    2012-01-18 20:27:45 -------- d-----w- c:\windows\system32\appmgmt
    2012-01-17 15:23:58 224768 ----a-w- c:\windows\system32\schannel.dll
    2012-01-17 15:23:55 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-01-17 15:23:52 1038848 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-17 15:23:51 369352 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-01-17 15:23:49 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-17 15:23:48 22528 ----a-w- c:\windows\system32\lsass.exe
    2012-01-17 15:23:47 314880 ----a-w- c:\windows\system32\webio.dll
    2012-01-17 15:23:45 100352 ----a-w- c:\windows\system32\sspicli.dll
    2012-01-17 15:23:44 22016 ----a-w- c:\windows\system32\secur32.dll
    2012-01-17 15:23:43 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2012-01-16 15:07:19 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2012-01-16 15:01:39 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2012-01-11 19:59:25 1288472 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 19:59:18 67072 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 19:58:37 1328128 ----a-w- c:\windows\system32\quartz.dll
    2012-01-11 19:58:36 514560 ----a-w- c:\windows\system32\qdvd.dll
    .
    ==================== Find3M ====================
    .
    2011-12-19 18:46:41 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-11-15 16:53:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-09-25 02:31:52 44 ------w- c:\program files\d345a5c1.tmp
    .
    ============= FINISH: 11:13:06.99 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/5/2009 12:15:36 PM
    System Uptime: 1/27/2012 10:48:44 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0D693C
    Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 2001/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 218 GiB total, 72.229 GiB free.
    D: is CDROM ()
    Z: is NetworkDisk (FAT) - 0 GiB total, 0 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    RP202: 1/5/2012 6:05:39 PM - Windows Update
    RP203: 1/11/2012 2:30:21 PM - Windows Update
    RP204: 1/12/2012 1:20:53 PM - Windows Update
    RP205: 1/17/2012 1:23:47 PM - Windows Update
    RP206: 1/18/2012 3:21:11 PM - Removed Skype Click to Call
    RP208: 1/18/2012 3:28:13 PM - Removed PayPal Plug-In
    RP209: 1/26/2012 9:00:45 PM - ComboFix created restore point
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    7-Zip 4.65
    Adobe Acrobat 9 Standard - English, Français, Deutsch
    Adobe Acrobat 9.5.0 - CPSID_83708
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    AI RoboForm (All Users)
    AIM 7
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    All Day Battery Life Configuration
    Any Video Converter 3.1.7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft MediaImpression for Kodak
    AuthenTec Fingerprint Software
    Auto Click Profits 1.0.0
    Belarc Advisor 8.1
    BioAPI Framework
    BlackBerry Desktop Software 6.0
    Bonjour
    Broadcom NetXtreme-I Netlink Driver and Management Installer
    CameraHelperMsi
    CherryPicker
    Cisco AnyConnect VPN Client
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Conexant HDA D330 MDC V.92 Modem
    Core FTP LE 2.1
    Corel Graphics - Windows Shell Extension
    CorelDRAW Graphics Suite X5
    CorelDRAW Graphics Suite X5 - Capture
    CorelDRAW Graphics Suite X5 - Common
    CorelDRAW Graphics Suite X5 - Connect
    CorelDRAW Graphics Suite X5 - Custom Data
    CorelDRAW Graphics Suite X5 - Draw
    CorelDRAW Graphics Suite X5 - EN
    CorelDRAW Graphics Suite X5 - Filters
    CorelDRAW Graphics Suite X5 - FontNav
    CorelDRAW Graphics Suite X5 - IPM
    CorelDRAW Graphics Suite X5 - PHOTO-PAINT
    CorelDRAW Graphics Suite X5 - Photozoom Plugin
    CorelDRAW Graphics Suite X5 - Redist
    CorelDRAW Graphics Suite X5 - Setup Files
    CorelDRAW Graphics Suite X5 - VBA
    CorelDRAW Graphics Suite X5 - VideoBrowser
    CorelDRAW Graphics Suite X5 - VSTA
    CorelDRAW Graphics Suite X5 - WT
    CorelDRAW(R) Graphics Suite X5
    DCP32MMWrapper
    Dell Control Point
    Dell ControlPoint Security Manager
    Dell ControlPoint System Manager
    Dell Driver Download Manager
    Dell Edoc Viewer
    Dell Embassy Trust Suite by Wave Systems
    Dell Security Device Driver Pack
    Dell Touchpad
    Dell Wireless WLAN Card Utility
    Digital Line Detect
    Document Manager Lite
    Domain Samurai
    Download Updater (AOL LLC)
    Dropbox
    EMBASSY Security Center
    EMBASSY Security Setup
    Epson Event Manager
    Epson FAX Utility
    Epson PC-FAX Driver
    EPSON Scan
    EPSON WorkForce 610 Series Printer Uninstall
    EpsonNet Print
    EpsonNet Setup
    erLT
    ESC Home Page Plugin
    Facebook FriendAdder
    FB Leads Maker version 1.1
    FreeMind
    Gemalto
    GIMP 2.6.11
    Golf Solitaire 1.1.0
    Google Chrome
    Google Desktop
    Google Quick Search Box
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 5.1.0.880
    GPScraper 2011
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    IDT Audio
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    Intel® Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Jing
    Junk Mail filter update
    Logitech Webcam Software
    LWS Facebook
    LWS Help_main
    LWS VideoEffects
    LWS Webcam Software
    Malwarebytes Anti-Malware version 1.60.0.1800
    MapPI v4.4 version 4.4
    Market Samurai
    Maxtor Manager
    McAfee Security Scan Plus
    MFCLOC
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Project 2007 Service Pack 2 (SP2)
    Microsoft Office Project MUI (English) 2007
    Microsoft Office Project Standard 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Visio 2007 Service Pack 2 (SP2)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Tools for Applications 2.0 Runtime
    Mobile Broadband Generic Drivers
    Move Media Player
    Mozilla Firefox (3.6.13)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetWaiting
    NicheSensei
    Notepad++
    NTRU TCG Software Stack
    Nvu 1.0PR
    OGA Notifier 2.0.0048.0
    PayPal Plug-In
    Picasa 3
    PingPlotter Standard 3.30.4s
    PowerDVD DX
    Preboot Manager
    Private Information Manager
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE 10.3
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio 2007 (KB2553010)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Wizards
    Sierra Utilities
    Skype™ 5.5
    SO32MMWrapper
    Trillian
    TrueKat Show
    Trusted Drive Manager
    Tube Toolbox
    Tweet Siphon 1.0
    Underachiever Secrets
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Project 2007 Help (KB963668)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Visio 2007 Help (KB963666)
    Update for Microsoft Office Word 2007 Help (KB963665)
    UPEK TouchChip Fingerprint Reader
    Verizon Wireless MiFi-2200 Firmware Updates
    Visual Basic for Applications (R) Core
    Visual Basic for Applications (R) Core - English
    Visual C++ 8.0 x86 Runtime Setup Package
    VZAccess Manager
    Wave Infrastructure Installer
    Wave Support Software
    WebEx
    WIDCOMM Bluetooth Software
    Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
    Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Xtreme Traffic Arbitrage
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Yammer
    YPScraper
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/27/2012 10:55:40 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    .
    ==== End Of File ===========================
     
  11. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    Combofix successful

    ComboFix 12-01-26.01 - Brent 01/27/2012 10:03:14.1.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.2753 [GMT -5:00]
    Running from: c:\users\Brent\Desktop\ComboFix.exe
    FW: McAfee® Security-as-a-Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\LP
    c:\program files\LP\EE5A\1312.tmp
    c:\program files\LP\EE5A\20ED.tmp
    c:\program files\LP\EE5A\4B0D.exe
    c:\program files\LP\EE5A\4B0D.tmp
    c:\program files\LP\EE5A\5247.tmp
    c:\program files\LP\EE5A\554A.exe
    c:\program files\LP\EE5A\554A.tmp
    c:\program files\LP\EE5A\A7A9.tmp
    c:\program files\LP\EE5A\B4F2.exe
    c:\program files\LP\EE5A\B4F2.tmp
    c:\program files\LP\EE5A\B679.tmp
    c:\program files\LP\EE5A\bl82412052_64.bat
    c:\program files\LP\EE5A\bl82449242_64.bat
    c:\program files\LP\EE5A\bl82469288_64.bat
    c:\program files\LP\EE5A\C200.tmp
    c:\program files\LP\EE5A\CAA6.exe
    c:\program files\LP\EE5A\CAA6.tmp
    c:\program files\LP\EE5A\DD34.tmp
    c:\program files\LP\EE5A\DEC2.exe
    c:\program files\LP\EE5A\DEC2.tmp
    c:\program files\LP\EE5A\E105.exe
    c:\program files\LP\EE5A\E105.tmp
    c:\program files\LP\EE5A\E2D8.tmp
    c:\programdata\aatpaaa.tmp
    c:\programdata\acdikaa.tmp
    c:\programdata\adfqaaa.tmp
    c:\programdata\aippcba.tmp
    c:\programdata\akjlaaa.tmp
    c:\programdata\akwnmba.tmp
    c:\programdata\aopxeba.tmp
    c:\programdata\areliaa.tmp
    c:\programdata\asjldaa.tmp
    c:\programdata\atbswka.tmp
    c:\programdata\avgveaa.tmp
    c:\programdata\awdpaaa.tmp
    c:\programdata\aybydaa.tmp
    c:\programdata\bcdikaa.tmp
    c:\programdata\bdfqaaa.tmp
    c:\programdata\bkjlaaa.tmp
    c:\programdata\bopxeba.tmp
    c:\programdata\breliaa.tmp
    c:\programdata\bsjldaa.tmp
    c:\programdata\btbswka.tmp
    c:\programdata\bvgveaa.tmp
    c:\programdata\bwdpaaa.tmp
    c:\programdata\ccdikaa.tmp
    c:\programdata\cdfqaaa.tmp
    c:\programdata\ckjlaaa.tmp
    c:\programdata\cnvlaaa.tmp
    c:\programdata\copxeba.tmp
    c:\programdata\creliaa.tmp
    c:\programdata\csjldaa.tmp
    c:\programdata\ctbswka.tmp
    c:\programdata\cvgveaa.tmp
    c:\programdata\cwdpaaa.tmp
    c:\programdata\cxcamba.tmp
    c:\programdata\dcdikaa.tmp
    c:\programdata\ddcjiaa.tmp
    c:\programdata\ddwbfba.tmp
    c:\programdata\dkjlaaa.tmp
    c:\programdata\dnvlaaa.tmp
    c:\programdata\dopxeba.tmp
    c:\programdata\dsjldaa.tmp
    c:\programdata\dwdpaaa.tmp
    c:\programdata\dxcamba.tmp
    c:\programdata\ecdikaa.tmp
    c:\programdata\edcjiaa.tmp
    c:\programdata\edwbfba.tmp
    c:\programdata\ekjlaaa.tmp
    c:\programdata\eksccaa.tmp
    c:\programdata\envlaaa.tmp
    c:\programdata\eopxeba.tmp
    c:\programdata\esjldaa.tmp
    c:\programdata\ewdpaaa.tmp
    c:\programdata\excamba.tmp
    c:\programdata\eynlaaa.tmp
    c:\programdata\fdcjiaa.tmp
    c:\programdata\fksccaa.tmp
    c:\programdata\fnvlaaa.tmp
    c:\programdata\fxcamba.tmp
    c:\programdata\fynlaaa.tmp
    c:\programdata\gdcjiaa.tmp
    c:\programdata\gksccaa.tmp
    c:\programdata\glbdkba.tmp
    c:\programdata\gnupaaa.tmp
    c:\programdata\gnvlaaa.tmp
    c:\programdata\gtvdqba.tmp
    c:\programdata\gynlaaa.tmp
    c:\programdata\hksccaa.tmp
    c:\programdata\hlbdkba.tmp
    c:\programdata\hnupaaa.tmp
    c:\programdata\htvdqba.tmp
    c:\programdata\hynlaaa.tmp
    c:\programdata\iegjnaa.tmp
    c:\programdata\igvhlba.tmp
    c:\programdata\iiscvaa.tmp
    c:\programdata\iksccaa.tmp
    c:\programdata\ilbdkba.tmp
    c:\programdata\imslaaa.tmp
    c:\programdata\inupaaa.tmp
    c:\programdata\iqgqaaa.tmp
    c:\programdata\iqijlba.tmp
    c:\programdata\iqqbhaa.tmp
    c:\programdata\itvdqba.tmp
    c:\programdata\iympaaa.tmp
    c:\programdata\iynlaaa.tmp
    c:\programdata\jechrba.tmp
    c:\programdata\jegjnaa.tmp
    c:\programdata\jgvhlba.tmp
    c:\programdata\jiscvaa.tmp
    c:\programdata\jlbdkba.tmp
    c:\programdata\jmslaaa.tmp
    c:\programdata\jnupaaa.tmp
    c:\programdata\jqgqaaa.tmp
    c:\programdata\jqijlba.tmp
    c:\programdata\jqqbhaa.tmp
    c:\programdata\jtvdqba.tmp
    c:\programdata\jympaaa.tmp
    c:\programdata\kdcagaa.tmp
    c:\programdata\kdedsaa.tmp
    c:\programdata\kechrba.tmp
    c:\programdata\kegjnaa.tmp
    c:\programdata\kgvhlba.tmp
    c:\programdata\kiscvaa.tmp
    c:\programdata\klbdkba.tmp
    c:\programdata\klizfaa.tmp
    c:\programdata\kmslaaa.tmp
    c:\programdata\knupaaa.tmp
    c:\programdata\kpeikaa.tmp
    c:\programdata\kqgqaaa.tmp
    c:\programdata\kqijlba.tmp
    c:\programdata\kqqbhaa.tmp
    c:\programdata\ktgepba.tmp
    c:\programdata\ktvdqba.tmp
    c:\programdata\kxsloaa.tmp
    c:\programdata\kympaaa.tmp
    c:\programdata\ldcagaa.tmp
    c:\programdata\lechrba.tmp
    c:\programdata\legjnaa.tmp
    c:\programdata\lgvhlba.tmp
    c:\programdata\liscvaa.tmp
    c:\programdata\llizfaa.tmp
    c:\programdata\lmslaaa.tmp
    c:\programdata\lpeikaa.tmp
    c:\programdata\lqgqaaa.tmp
    c:\programdata\lqijlba.tmp
    c:\programdata\lqqbhaa.tmp
    c:\programdata\ltgepba.tmp
    c:\programdata\lxsloaa.tmp
    c:\programdata\lympaaa.tmp
    c:\programdata\mcaozaa.tmp
    c:\programdata\mdcagaa.tmp
    c:\programdata\mechrba.tmp
    c:\programdata\medigaa.tmp
    c:\programdata\megjnaa.tmp
    c:\programdata\mepefaa.tmp
    c:\programdata\mgvhlba.tmp
    c:\programdata\miscvaa.tmp
    c:\programdata\mlizfaa.tmp
    c:\programdata\mmslaaa.tmp
    c:\programdata\mpeikaa.tmp
    c:\programdata\mqgqaaa.tmp
    c:\programdata\mqijlba.tmp
    c:\programdata\mqqbhaa.tmp
    c:\programdata\mtgepba.tmp
    c:\programdata\mwatuaa.tmp
    c:\programdata\mwoamaa.tmp
    c:\programdata\mxsloaa.tmp
    c:\programdata\mympaaa.tmp
    c:\programdata\ncaozaa.tmp
    c:\programdata\ndcagaa.tmp
    c:\programdata\nedigaa.tmp
    c:\programdata\nepefaa.tmp
    c:\programdata\nlizfaa.tmp
    c:\programdata\npeikaa.tmp
    c:\programdata\nwatuaa.tmp
    c:\programdata\nwoamaa.tmp
    c:\programdata\nxsloaa.tmp
    c:\programdata\obarbba.tmp
    c:\programdata\ocaozaa.tmp
    c:\programdata\odcagaa.tmp
    c:\programdata\oedigaa.tmp
    c:\programdata\oepefaa.tmp
    c:\programdata\olizfaa.tmp
    c:\programdata\onobqaa.tmp
    c:\programdata\opeikaa.tmp
    c:\programdata\opfxcaa.tmp
    c:\programdata\oTEgArsEo7ELIu.exe
    c:\programdata\ovgxoaa.tmp
    c:\programdata\owatuaa.tmp
    c:\programdata\owoamaa.tmp
    c:\programdata\oxsloaa.tmp
    c:\programdata\pbarbba.tmp
    c:\programdata\pcaozaa.tmp
    c:\programdata\pedigaa.tmp
    c:\programdata\pepefaa.tmp
    c:\programdata\pnobqaa.tmp
    c:\programdata\ppfxcaa.tmp
    c:\programdata\pvgxoaa.tmp
    c:\programdata\pwatuaa.tmp
    c:\programdata\pwoamaa.tmp
    c:\programdata\qbarbba.tmp
    c:\programdata\qcaozaa.tmp
    c:\programdata\qedigaa.tmp
    c:\programdata\qepefaa.tmp
    c:\programdata\qnobqaa.tmp
    c:\programdata\qobmaaa.tmp
    c:\programdata\qpfxcaa.tmp
    c:\programdata\qvgxoaa.tmp
    c:\programdata\qwatuaa.tmp
    c:\programdata\qwoamaa.tmp
    c:\programdata\rbarbba.tmp
    c:\programdata\rekuaaa.tmp
    c:\programdata\rnobqaa.tmp
    c:\programdata\robmaaa.tmp
    c:\programdata\rpfxcaa.tmp
    c:\programdata\rvgxoaa.tmp
    c:\programdata\sbarbba.tmp
    c:\programdata\sdywnaa.tmp
    c:\programdata\snobqaa.tmp
    c:\programdata\snzbpaa.tmp
    c:\programdata\sobmaaa.tmp
    c:\programdata\spfxcaa.tmp
    c:\programdata\svgxoaa.tmp
    c:\programdata\szrsbba.tmp
    c:\programdata\szxzeaa.tmp
    c:\programdata\tdywnaa.tmp
    c:\programdata\tnzbpaa.tmp
    c:\programdata\tobmaaa.tmp
    c:\programdata\ttkrxaa.tmp
    c:\programdata\tzrsbba.tmp
    c:\programdata\tzxzeaa.tmp
    c:\programdata\udywnaa.tmp
    c:\programdata\uefavaa.tmp
    c:\programdata\uenajba.tmp
    c:\programdata\unzbpaa.tmp
    c:\programdata\uobmaaa.tmp
    c:\programdata\uungaba.tmp
    c:\programdata\uzrsbba.tmp
    c:\programdata\uzxzeaa.tmp
    c:\programdata\vdywnaa.tmp
    c:\programdata\vefavaa.tmp
    c:\programdata\vepnwaa.tmp
    c:\programdata\vibrfaa.tmp
    c:\programdata\vnzbpaa.tmp
    c:\programdata\vungaba.tmp
    c:\programdata\vzrsbba.tmp
    c:\programdata\wdywnaa.tmp
    c:\programdata\wefavaa.tmp
    c:\programdata\wenajba.tmp
    c:\programdata\wepnwaa.tmp
    c:\programdata\whppcba.tmp
    c:\programdata\wibrfaa.tmp
    c:\programdata\wjwnmba.tmp
    c:\programdata\wnzbpaa.tmp
    c:\programdata\wungaba.tmp
    c:\programdata\wzrsbba.tmp
    c:\programdata\wzspaaa.tmp
    c:\programdata\wzxzeaa.tmp
    c:\programdata\xefavaa.tmp
    c:\programdata\xenajba.tmp
    c:\programdata\xepnwaa.tmp
    c:\programdata\xhppcba.tmp
    c:\programdata\xibrfaa.tmp
    c:\programdata\xjwnmba.tmp
    c:\programdata\xungaba.tmp
    c:\programdata\xxbydaa.tmp
    c:\programdata\xzspaaa.tmp
    c:\programdata\ycfqaaa.tmp
    c:\programdata\yefavaa.tmp
    c:\programdata\yenajba.tmp
    c:\programdata\yepnwaa.tmp
    c:\programdata\yhppcba.tmp
    c:\programdata\yibrfaa.tmp
    c:\programdata\yjwnmba.tmp
    c:\programdata\yqeliaa.tmp
    c:\programdata\ysbswka.tmp
    c:\programdata\yungaba.tmp
    c:\programdata\yxbydaa.tmp
    c:\programdata\yzspaaa.tmp
    c:\programdata\Z@!-4ad37df4-42e8-4cb4-8e93-d345e3a0bdac.tmp
    c:\programdata\zcfqaaa.tmp
    c:\programdata\zhppcba.tmp
    c:\programdata\zjwnmba.tmp
    c:\programdata\zqeliaa.tmp
    c:\programdata\zsbswka.tmp
    c:\programdata\zugveaa.tmp
    c:\programdata\zxbydaa.tmp
    c:\programdata\zzspaaa.tmp
    c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
    c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
    c:\users\Brent\Desktop\System Check.lnk
    c:\users\Brent\Documents\sol.exe
    c:\users\Brent\Documents\spider.exe
    c:\users\Brent\g2mdlhlpx.exe
    c:\windows\$NtUninstallKB46542$
    c:\windows\$NtUninstallKB46542$\3480255166\L\xadqgnnk
    c:\windows\$NtUninstallKB46542$\3480255166\lsflt7.ver
    c:\windows\$NtUninstallKB46542$\3480255166\U\00000001.@
    c:\windows\$NtUninstallKB46542$\3480255166\U\00000002.@
    c:\windows\$NtUninstallKB46542$\3480255166\U\00000004.@
    c:\windows\$NtUninstallKB46542$\3480255166\U\80000000.@
    c:\windows\$NtUninstallKB46542$\3480255166\U\80000004.@
    c:\windows\$NtUninstallKB46542$\3480255166\U\80000032.@
    c:\windows\expl.dat
    c:\windows\system32\svch.dat
    c:\windows\system32\winl.dat
    c:\windows\win1048.tmp
    c:\windows\win10F9.tmp
    c:\windows\win128E.tmp
    c:\windows\win13F.tmp
    c:\windows\win14E0.tmp
    c:\windows\win156D.tmp
    c:\windows\win15AB.tmp
    c:\windows\win1666.tmp
    c:\windows\win17E5.tmp
    c:\windows\win17F4.tmp
    c:\windows\win1883.tmp
    c:\windows\win18B0.tmp
    c:\windows\win18B9.tmp
    c:\windows\win1911.tmp
    c:\windows\win19D.tmp
    c:\windows\win1AEA.tmp
    c:\windows\win1B61.tmp
    c:\windows\win1BD7.tmp
    c:\windows\win1D29.tmp
    c:\windows\win1D43.tmp
    c:\windows\win1D57.tmp
    c:\windows\win1DC1.tmp
    c:\windows\win1DFB.tmp
    c:\windows\win1E87.tmp
    c:\windows\win200E.tmp
    c:\windows\win21EF.tmp
    c:\windows\win2249.tmp
    c:\windows\win22FD.tmp
    c:\windows\win2396.tmp
    c:\windows\win2408.tmp
    c:\windows\win2539.tmp
    c:\windows\win25B3.tmp
    c:\windows\win265E.tmp
    c:\windows\win291E.tmp
    c:\windows\win294D.tmp
    c:\windows\win2AA3.tmp
    c:\windows\win2B96.tmp
    c:\windows\win2C34.tmp
    c:\windows\win2C52.tmp
    c:\windows\win2C5A.tmp
    c:\windows\win2CB2.tmp
    c:\windows\win2D2A.tmp
    c:\windows\win2E5B.tmp
    c:\windows\win2E9A.tmp
    c:\windows\win2F12.tmp
    c:\windows\win2F2.tmp
    c:\windows\win30E4.tmp
    c:\windows\win30F9.tmp
    c:\windows\win3108.tmp
    c:\windows\win310D.tmp
    c:\windows\win315D.tmp
    c:\windows\win31CF.tmp
    c:\windows\win32F3.tmp
    c:\windows\win33EE.tmp
    c:\windows\win340C.tmp
    c:\windows\win34B3.tmp
    c:\windows\win3619.tmp
    c:\windows\win363C.tmp
    c:\windows\win3737.tmp
    c:\windows\win37C9.tmp
    c:\windows\win395.tmp
    c:\windows\win3963.tmp
    c:\windows\win39E8.tmp
    c:\windows\win3A0F.tmp
    c:\windows\win3B6.tmp
    c:\windows\win3B79.tmp
    c:\windows\win3CDE.tmp
    c:\windows\win3DF8.tmp
    c:\windows\win3E83.tmp
    c:\windows\win3F56.tmp
    c:\windows\win3FF3.tmp
    c:\windows\win4014.tmp
    c:\windows\win401A.tmp
    c:\windows\win4063.tmp
    c:\windows\win40DB.tmp
    c:\windows\win425B.tmp
    c:\windows\win4327.tmp
    c:\windows\win434.tmp
    c:\windows\win4485.tmp
    c:\windows\win44DD.tmp
    c:\windows\win4527.tmp
    c:\windows\win46C3.tmp
    c:\windows\win47CD.tmp
    c:\windows\win4805.tmp
    c:\windows\win481A.tmp
    c:\windows\win494.tmp
    c:\windows\win49BB.tmp
    c:\windows\win49E9.tmp
    c:\windows\win49FC.tmp
    c:\windows\win4AD8.tmp
    c:\windows\win4B6A.tmp
    c:\windows\win4D43.tmp
    c:\windows\win4DFE.tmp
    c:\windows\win4FF.tmp
    c:\windows\win509E.tmp
    c:\windows\win50EE.tmp
    c:\windows\win5262.tmp
    c:\windows\win5317.tmp
    c:\windows\win53B3.tmp
    c:\windows\win53BC.tmp
    c:\windows\win53C4.tmp
    c:\windows\win5404.tmp
    c:\windows\win560.tmp
    c:\windows\win560C.tmp
    c:\windows\win5672.tmp
    c:\windows\win567C.tmp
    c:\windows\win5707.tmp
    c:\windows\win57B7.tmp
    c:\windows\win5817.tmp
    c:\windows\win588E.tmp
    c:\windows\win58AD.tmp
    c:\windows\win592F.tmp
    c:\windows\win59A2.tmp
    c:\windows\win5A4E.tmp
    c:\windows\win5B8D.tmp
    c:\windows\win5B8E.tmp
    c:\windows\win5D9A.tmp
    c:\windows\win5DA9.tmp
    c:\windows\win5E5B.tmp
    c:\windows\win5E7A.tmp
    c:\windows\win5E94.tmp
    c:\windows\win5F1B.tmp
    c:\windows\win6113.tmp
    c:\windows\win61AF.tmp
    c:\windows\win6201.tmp
    c:\windows\win6415.tmp
    c:\windows\win645F.tmp
    c:\windows\win654B.tmp
    c:\windows\win6661.tmp
    c:\windows\win66E7.tmp
    c:\windows\win6754.tmp
    c:\windows\win675D.tmp
    c:\windows\win6766.tmp
    c:\windows\win67C5.tmp
    c:\windows\win6825.tmp
    c:\windows\win69EB.tmp
    c:\windows\win6A1D.tmp
    c:\windows\win6A42.tmp
    c:\windows\win6B15.tmp
    c:\windows\win6C04.tmp
    c:\windows\win6C5E.tmp
    c:\windows\win6C73.tmp
    c:\windows\win6DDF.tmp
    c:\windows\win6F5D.tmp
    c:\windows\win7019.tmp
    c:\windows\win709D.tmp
    c:\windows\win7189.tmp
    c:\windows\win721B.tmp
    c:\windows\win72BC.tmp
    c:\windows\win738B.tmp
    c:\windows\win739.tmp
    c:\windows\win74E3.tmp
    c:\windows\win75EC.tmp
    c:\windows\win762E.tmp
    c:\windows\win782F.tmp
    c:\windows\win7843.tmp
    c:\windows\win79C4.tmp
    c:\windows\win7A51.tmp
    c:\windows\win7AF6.tmp
    c:\windows\win7B0.tmp
    c:\windows\win7B07.tmp
    c:\windows\win7B0E.tmp
    c:\windows\win7B5C.tmp
    c:\windows\win7B66.tmp
    c:\windows\win7DAC.tmp
    c:\windows\win7DBE.tmp
    c:\windows\win7E02.tmp
    c:\windows\win7EB6.tmp
    c:\windows\win803B.tmp
    c:\windows\win809E.tmp
    c:\windows\win810E.tmp
    c:\windows\win813B.tmp
    c:\windows\win816.tmp
    c:\windows\win83F8.tmp
    c:\windows\win83F9.tmp
    c:\windows\win849C.tmp
    c:\windows\win852A.tmp
    c:\windows\win85BC.tmp
    c:\windows\win85C4.tmp
    c:\windows\win867C.tmp
    c:\windows\win8799.tmp
    c:\windows\win87B9.tmp
    c:\windows\win88D2.tmp
    c:\windows\win899D.tmp
    c:\windows\win89DF.tmp
    c:\windows\win8BC3.tmp
    c:\windows\win8C0F.tmp
    c:\windows\win8E01.tmp
    c:\windows\win8E37.tmp
    c:\windows\win8EA7.tmp
    c:\windows\win8EED.tmp
    c:\windows\win8F99.tmp
    c:\windows\win8FB3.tmp
    c:\windows\win915D.tmp
    c:\windows\win9160.tmp
    c:\windows\win91CD.tmp
    c:\windows\win91E2.tmp
    c:\windows\win926.tmp
    c:\windows\win92E4.tmp
    c:\windows\win944.tmp
    c:\windows\win949.tmp
    c:\windows\win94C7.tmp
    c:\windows\win96E7.tmp
    c:\windows\win97A9.tmp
    c:\windows\win97E7.tmp
    c:\windows\win986C.tmp
    c:\windows\win9929.tmp
    c:\windows\win996D.tmp
    c:\windows\win997.tmp
    c:\windows\win9A1E.tmp
    c:\windows\win9AE5.tmp
    c:\windows\win9C73.tmp
    c:\windows\win9CD1.tmp
    c:\windows\win9D4E.tmp
    c:\windows\win9DC9.tmp
    c:\windows\win9E31.tmp
    c:\windows\win9FCF.tmp
    c:\windows\winA0C4.tmp
    c:\windows\winA1B.tmp
    c:\windows\winA1F7.tmp
    c:\windows\winA210.tmp
    c:\windows\winA238.tmp
    c:\windows\winA286.tmp
    c:\windows\winA2CD.tmp
    c:\windows\winA41F.tmp
    c:\windows\winA501.tmp
    c:\windows\winA52D.tmp
    c:\windows\winA5A2.tmp
    c:\windows\winA5BC.tmp
    c:\windows\winA637.tmp
    c:\windows\winA685.tmp
    c:\windows\winA77C.tmp
    c:\windows\winA8A6.tmp
    c:\windows\winAB3F.tmp
    c:\windows\winAB6A.tmp
    c:\windows\winABC6.tmp
    c:\windows\winAC1B.tmp
    c:\windows\winAC5C.tmp
    c:\windows\winAD0E.tmp
    c:\windows\winAD47.tmp
    c:\windows\winADBF.tmp
    c:\windows\winAE6.tmp
    c:\windows\winAEBC.tmp
    c:\windows\winAEF3.tmp
    c:\windows\winB0B1.tmp
    c:\windows\winB0FF.tmp
    c:\windows\winB16A.tmp
    c:\windows\winB370.tmp
    c:\windows\winB41A.tmp
    c:\windows\winB551.tmp
    c:\windows\winB5B7.tmp
    c:\windows\winB5E9.tmp
    c:\windows\winB656.tmp
    c:\windows\winB68D.tmp
    c:\windows\winB7EE.tmp
    c:\windows\winB8A2.tmp
    c:\windows\winB8C9.tmp
    c:\windows\winB8CE.tmp
    c:\windows\winB963.tmp
    c:\windows\winB97D.tmp
    c:\windows\winBA65.tmp
    c:\windows\winBAF1.tmp
    c:\windows\winBB3C.tmp
    c:\windows\winBB6E.tmp
    c:\windows\winBC1.tmp
    c:\windows\winBF3A.tmp
    c:\windows\winBFA6.tmp
    c:\windows\winC01E.tmp
    c:\windows\winC0A0.tmp
    c:\windows\winC0F8.tmp
    c:\windows\winC160.tmp
    c:\windows\winC2C3.tmp
    c:\windows\winC338.tmp
    c:\windows\winC4A0.tmp
    c:\windows\winC4BF.tmp
    c:\windows\winC4DB.tmp
    c:\windows\winC717.tmp
    c:\windows\winC75C.tmp
    c:\windows\winC76F.tmp
    c:\windows\winC896.tmp
    c:\windows\winC912.tmp
    c:\windows\winC988.tmp
    c:\windows\winCA07.tmp
    c:\windows\winCA3E.tmp
    c:\windows\winCBBE.tmp
    c:\windows\winCC9E.tmp
    c:\windows\winCD14.tmp
    c:\windows\winCD4D.tmp
    c:\windows\winCDE1.tmp
    c:\windows\winCE16.tmp
    c:\windows\winCE27.tmp
    c:\windows\winCEFC.tmp
    c:\windows\winD2BE.tmp
    c:\windows\winD357.tmp
    c:\windows\winD4A9.tmp
    c:\windows\winD4AE.tmp
    c:\windows\winD501.tmp
    c:\windows\winD72F.tmp
    c:\windows\winD78.tmp
    c:\windows\winD841.tmp
    c:\windows\winD867.tmp
    c:\windows\winD9A6.tmp
    c:\windows\winD9AE.tmp
    c:\windows\winD9ED.tmp
    c:\windows\winDA82.tmp
    c:\windows\winDAFD.tmp
    c:\windows\winDB20.tmp
    c:\windows\winDCB3.tmp
    c:\windows\winDD48.tmp
    c:\windows\winDDA8.tmp
    c:\windows\winDDE8.tmp
    c:\windows\winDDEF.tmp
    c:\windows\winDE3A.tmp
    c:\windows\winDF0.tmp
    c:\windows\winE03F.tmp
    c:\windows\winE059.tmp
    c:\windows\winE0C4.tmp
    c:\windows\winE12C.tmp
    c:\windows\winE1C8.tmp
    c:\windows\winE1E6.tmp
    c:\windows\winE23D.tmp
    c:\windows\winE2BD.tmp
    c:\windows\winE367.tmp
    c:\windows\winE68E.tmp
    c:\windows\winE708.tmp
    c:\windows\winE8A3.tmp
    c:\windows\winE8B7.tmp
    c:\windows\winE90B.tmp
    c:\windows\winE98.tmp
    c:\windows\winEAAF.tmp
    c:\windows\winEAFD.tmp
    c:\windows\winEBF2.tmp
    c:\windows\winEC09.tmp
    c:\windows\winEC37.tmp
    c:\windows\winED6F.tmp
    c:\windows\winED9E.tmp
    c:\windows\winEDB5.tmp
    c:\windows\winEE23.tmp
    c:\windows\winEEC1.tmp
    c:\windows\winF074.tmp
    c:\windows\winF0E9.tmp
    c:\windows\winF1.tmp
    c:\windows\winF149.tmp
    c:\windows\winF1BF.tmp
    c:\windows\winF3CE.tmp
    c:\windows\winF40F.tmp
    c:\windows\winF439.tmp
    c:\windows\winF475.tmp
    c:\windows\winF4B5.tmp
    c:\windows\winF52B.tmp
    c:\windows\winF530.tmp
    c:\windows\winF5A8.tmp
    c:\windows\winF65E.tmp
    c:\windows\winF66.tmp
    c:\windows\winF6F8.tmp
    c:\windows\winFA3F.tmp
    c:\windows\winFAB9.tmp
    c:\windows\winFC53.tmp
    c:\windows\winFC97.tmp
    c:\windows\winFCCB.tmp
    c:\windows\winFECD.tmp
    c:\windows\winFF5.tmp
    c:\windows\winFFAA.tmp
    .
    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\combofix\HarddiskVolumeShadowCopy6_!Windows!explorer.exe
    .
    Infected copy of c:\windows\System32\svchost.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    .
    Infected copy of c:\windows\System32\winlogon.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    .
    c:\windows\system32\drivers\afd.sys was missing
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
    .
    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\combofix\HarddiskVolumeShadowCopy6_!Windows!explorer.exe
    Infected copy of c:\windows\System32\svchost.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    Infected copy of c:\windows\System32\winlogon.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-27 15:48 . 2012-01-27 15:52 -------- d-----w- c:\users\Brent\AppData\Local\temp
    2012-01-27 15:48 . 2012-01-27 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-27 15:47 . 2011-04-25 03:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-01-27 14:25 . 2012-01-27 14:25 -------- d-----w- c:\programdata\McAfee
    2012-01-27 13:53 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2012-01-27 01:50 . 2009-07-23 05:13 306 ----a-w- c:\windows\myClean.bat
    2012-01-25 19:53 . 2012-01-25 19:53 -------- d-----w- c:\users\Brent\AppData\Roaming\Malwarebytes
    2012-01-25 19:53 . 2012-01-25 19:53 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-25 19:52 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-25 19:52 . 2012-01-25 19:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-25 19:50 . 2012-01-25 19:50 135781 ----a-w- C:\mbam-setup-1.60.0.1800.exe
    2012-01-22 18:46 . 2012-01-25 20:46 -------- d-----w- c:\program files\C4528
    2012-01-22 18:46 . 2012-01-25 20:14 -------- d-----w- c:\users\Brent\AppData\Roaming\AC6C4
    2012-01-17 15:23 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-01-17 15:23 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-01-17 15:23 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-16 15:07 . 2009-08-20 04:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2012-01-16 15:01 . 2012-01-03 13:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-27 15:50 . 2009-12-05 17:16 0 ----a-w- c:\users\Brent\AppData\Local\WavXMapDrive.bat
    2012-01-26 13:54 . 2012-01-26 13:54 800234 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2011-12-19 18:46 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-12-09 14:34 . 2011-12-09 14:34 0 ----a-w- c:\users\Brent\AppData\Local\BITCE20.tmp
    2011-12-01 17:47 . 2011-12-01 17:47 0 ----a-w- c:\users\Brent\AppData\Local\BIT3EC5.tmp
    2011-11-24 04:25 . 2011-12-19 02:47 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-11-19 14:01 . 2012-01-11 19:59 67072 ----a-w- c:\windows\system32\packager.dll
    2011-11-17 05:38 . 2012-01-11 19:59 1288472 ----a-w- c:\windows\system32\ntdll.dll
    2011-11-17 05:35 . 2012-01-17 15:23 314880 ----a-w- c:\windows\system32\webio.dll
    2011-11-17 05:34 . 2012-01-17 15:23 100352 ----a-w- c:\windows\system32\sspicli.dll
    2011-11-17 05:34 . 2012-01-17 15:23 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2011-11-17 05:34 . 2012-01-17 15:23 224768 ----a-w- c:\windows\system32\schannel.dll
    2011-11-17 05:34 . 2012-01-17 15:23 22016 ----a-w- c:\windows\system32\secur32.dll
    2011-11-17 05:32 . 2012-01-17 15:23 1038848 ----a-w- c:\windows\system32\lsasrv.dll
    2011-11-17 05:29 . 2012-01-17 15:23 22528 ----a-w- c:\windows\system32\lsass.exe
    2011-11-15 16:53 . 2011-05-15 19:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-05 04:35 . 2011-12-19 02:47 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-11-05 04:26 . 2011-12-19 02:46 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-05 02:48 . 2011-12-19 02:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-09-25 02:31 . 2011-09-26 14:31 44 ------w- c:\program files\d345a5c1.tmp
    2011-02-18 15:35 . 2011-02-18 15:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-09 39408]
    "GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-05-14 39816]
    "{E8951905-B0E2-46E3-8881-5C20EAE8B00B}"="c:\windows\system32\msiexec.exe" [2010-11-20 73216]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-02 160328]
    "Akamai NetSession Interface"="c:\users\Brent\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-08-05 4562944]
    "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
    "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
    "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
    "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-09 122880]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-02-06 843776]
    "EasyMessage"="c:\program files\Easy Message\em2.exe" [2004-06-27 538624]
    "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-05 495708]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-18 30192]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-02 160328]
    .
    c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
    Yammer.lnk - c:\program files\Yammer\Yammer.exe [2011-10-15 142336]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
    Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-11-25 50688]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
    Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2011-11-15 1126728]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-03 29472]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-18 30192]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
    R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2009-06-15 20480]
    R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-06-03 174720]
    R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
    R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
    R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
    R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-20 32408]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2010-04-05 81920]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
    S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
    S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 LTService;TechGuides Monitoring Service;c:\windows\LTSVC\LTSVC.exe [2011-11-15 8713032]
    S2 LTSvcMon;TechGuides Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [2011-11-15 98120]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:07]
    .
    2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:07]
    .
    2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003Core.job
    - c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 23:59]
    .
    2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003UA.job
    - c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 23:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com/
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
    uInternet Settings,ProxyServer = http=127.0.0.1:59616
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: apptix.net\mail
    Trusted Zone: collaborationhost.com\vynamic
    Trusted Zone: localima.org\www
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //FWEvent.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    Trusted Zone: tgelite.com\labtech
    TCP: DhcpNameServer = 192.168.1.1
    DPF: CabCCT - hxxps://ondemand.apptix.net/codebase/ActCtrl_Apptix.cab
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn1.appliedsystems.com/CACHE/stc/1/binaries/vpnweb.cab
    FF - ProfilePath - c:\users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\bwy2t5l6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 59616
    FF - prefs.js: network.proxy.type - 1
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Brent\AppData\Roaming\Move Networks
    FF - Ext: Google Reader Watcher: grwatcher@ajnasz.hu - %profile%\extensions\grwatcher@ajnasz.hu
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,55,7f,b5,ae,96,8c,46,87,6e,d6,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,55,7f,b5,ae,96,8c,46,87,6e,d6,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(520)
    c:\windows\system32\wvauth.DLL
    .
    - - - - - - - > 'Explorer.exe'(4992)
    c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
    c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
    c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Maxtor\Sync\SyncServices.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\windows\system32\SAgent4.exe
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\DellTPad\Apntex.exe
    c:\program files\Epson Software\Event Manager\EEventManager.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    c:\program files\Citrix\GoToMeeting\457\g2mcomm.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\Citrix\GoToMeeting\457\g2mlauncher.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\cscript.exe
    c:\windows\system32\igfxext.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-27 11:03:03 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-27 16:03
    .
    Pre-Run: 76,990,345,216 bytes free
    Post-Run: 77,314,449,408 bytes free
    .
    - - End Of File - - 9701FCA25CB15068E518D6EB05238F7A
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    It appears that you may have multiple infections amd that they have been on the system for a while.
    Reset your browser proxies
    • For Firefox:
      o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
      o Click on the "Network" tab, and then on the "Settings" button.
      o Please make sure that the "No Proxy" option is selected.
    • For Internet Explorer:
      o Open Internet Explorer.
      o Click on "Tools" and then select "Internet Options".
      o Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
      o Uncheck "Use a Proxy server for your LAN".
      o Click Ok to close the Local Area Network (LAN) Settings window.
      o Click Ok to close the Internet Options window.
    =================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it: Be sure you copy all of the text.
    Code:
    File::
    KillAll::
    c:\users\Brent\AppData\Local\BITCE20.tmp
    c:\users\Brent\AppData\Local\BIT3EC5.tmp
    c:\windows\system32\PerfStringBackup.TMP
    c:\program files\d345a5c1.tmp
    DDS::
    Trusted Zone: apptix.net\mail
    Trusted Zone: collaborationhost.com\vynamic
    Trusted Zone: localima.org\www
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //FWEvent.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    Trusted Zone: tgelite.com\labtech
    mRun: [EasyMessage] c:\program files\easy message\em2.exe
    uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    SubSystems: Windows = winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    =====================================
    Can you identify any of the following?
    =====================================
    Because of the extent of the infection, I'd like you to run the following:
    • Download OTL from one of the links below and save it to your desktop.
      OTL.exe
      OTL.com
      OTL.scr
      You just need one. Sometimes the file extension gets blocked.

      Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    ==================================
     
  13. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    Next steps complete

    Thanks, finished doing exactly the steps you requested:

    As for those 6 entries, I do not recognoze any of them.

    ComboFix 12-01-26.01 - Brent 01/27/2012 13:38:42.2.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.1656 [GMT -5:00]
    Running from: c:\users\Brent\Desktop\ComboFix.exe
    Command switches used :: c:\users\Brent\Desktop\CFScript.txt
    FW: McAfee® Security-as-a-Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\easy message\em2.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-27 18:49 . 2012-01-27 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-27 15:48 . 2012-01-27 18:52 -------- d-----w- c:\users\Brent\AppData\Local\temp
    2012-01-27 15:47 . 2011-04-25 03:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-01-27 14:25 . 2012-01-27 14:25 -------- d-----w- c:\programdata\McAfee
    2012-01-27 13:53 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2012-01-27 01:50 . 2009-07-23 05:13 306 ----a-w- c:\windows\myClean.bat
    2012-01-25 19:53 . 2012-01-25 19:53 -------- d-----w- c:\users\Brent\AppData\Roaming\Malwarebytes
    2012-01-25 19:53 . 2012-01-25 19:53 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-25 19:52 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-25 19:52 . 2012-01-25 19:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-25 19:50 . 2012-01-25 19:50 135781 ----a-w- C:\mbam-setup-1.60.0.1800.exe
    2012-01-22 18:46 . 2012-01-25 20:46 -------- d-----w- c:\program files\C4528
    2012-01-22 18:46 . 2012-01-25 20:14 -------- d-----w- c:\users\Brent\AppData\Roaming\AC6C4
    2012-01-17 15:23 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-01-17 15:23 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-17 15:23 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-01-17 15:23 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-17 15:23 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
    2012-01-16 15:07 . 2009-08-20 04:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2012-01-16 15:01 . 2012-01-03 13:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2012-01-11 19:59 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-27 18:51 . 2009-12-05 17:16 0 ----a-w- c:\users\Brent\AppData\Local\WavXMapDrive.bat
    2012-01-26 13:54 . 2012-01-26 13:54 800234 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2011-12-19 18:46 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-12-09 14:34 . 2011-12-09 14:34 0 ----a-w- c:\users\Brent\AppData\Local\BITCE20.tmp
    2011-12-01 17:47 . 2011-12-01 17:47 0 ----a-w- c:\users\Brent\AppData\Local\BIT3EC5.tmp
    2011-11-24 04:25 . 2011-12-19 02:47 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-11-19 14:01 . 2012-01-11 19:59 67072 ----a-w- c:\windows\system32\packager.dll
    2011-11-17 05:35 . 2012-01-17 15:23 314880 ----a-w- c:\windows\system32\webio.dll
    2011-11-17 05:34 . 2012-01-17 15:23 100352 ----a-w- c:\windows\system32\sspicli.dll
    2011-11-17 05:34 . 2012-01-17 15:23 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2011-11-17 05:34 . 2012-01-17 15:23 224768 ----a-w- c:\windows\system32\schannel.dll
    2011-11-17 05:34 . 2012-01-17 15:23 22016 ----a-w- c:\windows\system32\secur32.dll
    2011-11-15 16:53 . 2011-05-15 19:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-05 04:35 . 2011-12-19 02:47 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-11-05 04:26 . 2011-12-19 02:46 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-05 02:48 . 2011-12-19 02:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-09-25 02:31 . 2011-09-26 14:31 44 ------w- c:\program files\d345a5c1.tmp
    2011-02-18 15:35 . 2011-02-18 15:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-09 39408]
    "GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-05-14 39816]
    "{E8951905-B0E2-46E3-8881-5C20EAE8B00B}"="c:\windows\system32\msiexec.exe" [2010-11-20 73216]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-02 160328]
    "Akamai NetSession Interface"="c:\users\Brent\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-08-05 4562944]
    "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
    "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
    "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
    "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-09 122880]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-02-06 843776]
    "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-05 495708]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-18 30192]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-02 160328]
    .
    c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
    Yammer.lnk - c:\program files\Yammer\Yammer.exe [2011-10-15 142336]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
    Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-11-25 50688]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
    Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2011-11-15 1126728]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-03 29472]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-18 30192]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
    R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2009-06-15 20480]
    R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-06-03 174720]
    R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
    R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
    R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
    R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-20 32408]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2010-04-05 81920]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
    S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
    S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 LTService;TechGuides Monitoring Service;c:\windows\LTSVC\LTSVC.exe [2011-11-15 8713032]
    S2 LTSvcMon;TechGuides Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [2011-11-15 98120]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:07]
    .
    2012-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:07]
    .
    2012-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003Core.job
    - c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 23:59]
    .
    2012-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003UA.job
    - c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 23:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com/
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421
    uInternet Settings,ProxyServer = http=127.0.0.1:59616
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.1
    DPF: CabCCT - hxxps://ondemand.apptix.net/codebase/ActCtrl_Apptix.cab
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn1.appliedsystems.com/CACHE/stc/1/binaries/vpnweb.cab
    FF - ProfilePath - c:\users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\bwy2t5l6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 59616
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Brent\AppData\Roaming\Move Networks
    FF - Ext: Google Reader Watcher: grwatcher@ajnasz.hu - %profile%\extensions\grwatcher@ajnasz.hu
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,55,7f,b5,ae,96,8c,46,87,6e,d6,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,55,7f,b5,ae,96,8c,46,87,6e,d6,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(528)
    c:\windows\system32\wvauth.DLL
    .
    - - - - - - - > 'Explorer.exe'(3452)
    c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
    c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
    c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
    c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Maxtor\Sync\SyncServices.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\windows\system32\SAgent4.exe
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\DellTPad\Apntex.exe
    c:\program files\Epson Software\Event Manager\EEventManager.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    c:\windows\system32\igfxext.exe
    c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    c:\program files\Citrix\GoToMeeting\457\g2mcomm.exe
    c:\program files\Citrix\GoToMeeting\457\g2mlauncher.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-27 14:03:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-27 19:03
    ComboFix2.txt 2012-01-27 16:03
    .
    Pre-Run: 77,258,399,744 bytes free
    Post-Run: 77,245,448,192 bytes free
    .
    - - End Of File - - 062F2360538DFC767E7D78ECB362461B
     
  14. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    OTL logs

    OTL logfile created on: 1/27/2012 2:05:53 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brent\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.46 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 54.01% Memory free
    6.91 Gb Paging File | 5.28 Gb Available in Paging File | 76.43% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 218.20 Gb Total Space | 72.01 Gb Free Space | 33.00% Space Free | Partition Type: NTFS
    Drive E: | 489.84 Mb Total Space | 321.47 Mb Free Space | 65.63% Space Free | Partition Type: FAT
    Unable to calculate disk information.

    Computer Name: VYNAMIC040 | User Name: Brent | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Windows\LTSvc\LTTray.exe (LabTech Software)
    PRC - C:\Users\Brent\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Users\Brent\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    PRC - C:\Users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    PRC - C:\Windows\LTSvc\LTSvcMon.exe (LabTech Software)
    PRC - C:\Windows\LTSvc\LTSVC.exe (LabTech Software)
    PRC - C:\Program Files\Yammer\Yammer.exe ()
    PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
    PRC - C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
    PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
    PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe (Citrix Online, a division of Citrix Systems, Inc.)
    PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe (Citrix Online, a division of Citrix Systems, Inc.)
    PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
    PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
    PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe (IDT, Inc.)
    PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe (Andrea Electronics Corporation)
    PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
    PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
    PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
    PRC - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
    PRC - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
    PRC - C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE (Dell Inc.)
    PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
    PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
    PRC - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
    PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    PRC - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
    PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
    PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
    PRC - C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
    PRC - c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
    PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    PRC - C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)
    PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
    PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Windows\System32\SAgent4.exe (SEIKO EPSON CORPORATION)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
    MOD - c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll ()
    MOD - C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll ()
    MOD - C:\Program Files\Yammer\Yammer.exe ()
    MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
    MOD - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
    MOD - C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
    MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
    MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
    MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll ()
    MOD - C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll ()
    MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll ()
    MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll ()
    MOD - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
    MOD - C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll ()
    MOD - C:\Windows\System32\wxvault.dll ()
    MOD - C:\Windows\System32\msjetoledb40.dll ()
    MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
    MOD - C:\Windows\System32\Wavx_ESC_Logging.dll ()
    MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
    MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA ()
    MOD - C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
    MOD - C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()
    MOD - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_b427739.dll ()
    SRV - (LTSvcMon) -- C:\Windows\LTSvc\LTSvcMon.exe (LabTech Software)
    SRV - (LTService) -- C:\Windows\LTSVC\LTSVC.exe (LabTech Software)
    SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe (McAfee, Inc.)
    SRV - (LVPrcSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
    SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe (IDT, Inc.)
    SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe (Andrea Electronics Corporation)
    SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
    SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
    SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
    SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    SRV - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
    SRV - (dcpsysmgrsvc) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
    SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
    SRV - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
    SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
    SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
    SRV - (ATService) -- C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
    SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
    SRV - (buttonsvc32) -- c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
    SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
    SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
    SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
    SRV - (StatusAgent4) -- C:\Windows\System32\SAgent4.exe (SEIKO EPSON CORPORATION)


    ========== Driver Services (SafeList) ==========

    DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
    DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
    DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
    DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
    DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
    DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
    DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
    DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
    DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
    DRV - (MfeRKDK) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
    DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
    DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
    DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (WavxDMgr) -- C:\Windows\System32\drivers\WavxDMgr.sys (Wave Systems Corp.)
    DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
    DRV - (rixdpcie) -- C:\Windows\system32\DRIVERS\rixdpe86.sys (REDC)
    DRV - (rimspci) -- C:\Windows\system32\DRIVERS\rimspe86.sys (REDC)
    DRV - (risdpcie) -- C:\Windows\system32\DRIVERS\risdpe86.sys (REDC)
    DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
    DRV - (rismxdp) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
    DRV - (rimsptsk) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
    DRV - (NWUSBCDFIL) -- C:\Windows\System32\drivers\NwUsbCdFil.sys (Novatel Wireless Inc.)
    DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
    DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)
    DRV - (NWUSBPort2) -- C:\Windows\System32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
    DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.)
    DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
    DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
    DRV - (Blfp) -- C:\Windows\System32\drivers\basp.sys (Broadcom Corporation)
    DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
    DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)
    DRV - (PBADRV) -- C:\Windows\system32\DRIVERS\PBADRV.sys (Dell Inc)
    DRV - (MXOPSWD) -- C:\Windows\System32\drivers\mxopswd.sys (Maxtor Corp.)
    DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59616

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?sourceid=navclient&ie=UTF-8"
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: grwatcher@ajnasz.hu:1.4.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 59616
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Brent\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brent\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brent\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/27 13:24:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/27 13:24:25 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Brent\AppData\Roaming\Move Networks [2009/12/17 21:45:34 | 000,000,000 | ---D | M]

    [2010/12/18 10:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brent\AppData\Roaming\mozilla\Extensions
    [2012/01/27 13:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brent\AppData\Roaming\mozilla\Firefox\Profiles\bwy2t5l6.default\extensions
    [2011/06/07 15:13:51 | 000,000,000 | ---D | M] (Google Reader Watcher) -- C:\Users\Brent\AppData\Roaming\mozilla\Firefox\Profiles\bwy2t5l6.default\extensions\grwatcher@ajnasz.hu
    [2012/01/27 13:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/20 12:15:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/14 08:24:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/07/10 15:08:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2009/12/17 21:45:34 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\BRENT\APPDATA\ROAMING\MOVE NETWORKS
    [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2012/01/27 13:51:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
    O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
    O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
    O4 - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
    O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Brent\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - HKCU..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
    O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - Startup: C:\Users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk = C:\Program Files\Yammer\Yammer.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab (DLM Control)
    O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn1.appliedsystems.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://tlr.webex.com/client/T26L/webex/ieatgpc1.cab (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: CabCCT https://ondemand.apptix.net/codebase/ActCtrl_Apptix.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49A738B7-03B3-47B9-9727-51289FA76CED}: DhcpNameServer = 10.232.53.29 10.232.53.30 10.232.53.11 10.232.53.145
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D21D20D7-5BBE-485B-BA3C-2734D8B9A433}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O30 - LSA: Authentication Packages - (wvauth) -C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/27 14:04:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brent\Desktop\OTL.exe
    [2012/01/27 13:51:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/01/27 13:36:39 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/01/27 13:35:52 | 004,389,542 | R--- | C] (Swearware) -- C:\Users\Brent\Desktop\ComboFix.exe
    [2012/01/27 10:48:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/01/27 10:48:02 | 000,000,000 | ---D | C] -- C:\Users\Brent\AppData\Local\temp
    [2012/01/27 10:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2012/01/27 09:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/01/26 21:00:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/26 21:00:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/26 21:00:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/01/26 21:00:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/26 21:00:12 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/26 08:53:11 | 000,000,000 | ---D | C] -- C:\Users\Brent\Desktop\$PLUGINSDIR
    [2012/01/25 14:53:32 | 000,000,000 | ---D | C] -- C:\Users\Brent\AppData\Roaming\Malwarebytes
    [2012/01/25 14:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/25 14:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/01/25 14:52:55 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/01/25 14:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/01/25 14:50:08 | 000,135,781 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.60.0.1800.exe
    [2012/01/22 13:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\C4528
    [2012/01/22 13:46:14 | 000,000,000 | ---D | C] -- C:\Users\Brent\AppData\Roaming\AC6C4
    [2012/01/18 15:27:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
    [2010/11/11 20:19:54 | 021,457,192 | ---- | C] (Dell, Inc.) -- C:\Users\Brent\AppData\Roaming\DRVR_WIN_R267814.EXE
    [2 C:\Users\Brent\AppData\Local\*.tmp files -> C:\Users\Brent\AppData\Local\*.tmp -> ]
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/27 14:06:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003UA.job
    [2012/01/27 14:00:52 | 000,014,256 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/27 14:00:52 | 000,014,256 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/27 13:54:12 | 000,000,931 | ---- | M] () -- C:\Users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk
    [2012/01/27 13:51:14 | 000,000,000 | ---- | M] () -- C:\Users\Brent\AppData\Local\WavXMapDrive.bat
    [2012/01/27 13:51:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/01/27 13:50:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/01/27 13:50:27 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2012/01/27 13:50:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/27 13:50:16 | 2783,313,920 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/27 13:32:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brent\Desktop\OTL.exe
    [2012/01/27 13:28:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/01/27 12:06:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003Core.job
    [2012/01/26 09:33:06 | 004,389,542 | R--- | M] (Swearware) -- C:\Users\Brent\Desktop\ComboFix.exe
    [2012/01/25 14:53:21 | 000,001,097 | ---- | M] () -- C:\Users\Brent\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/01/25 14:53:20 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/25 14:50:09 | 000,135,781 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.60.0.1800.exe
    [2012/01/25 13:03:05 | 483,553,789 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/01/25 10:53:05 | 000,000,679 | ---- | M] () -- C:\Users\Brent\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/23 21:07:51 | 000,002,407 | ---- | M] () -- C:\Users\Brent\Desktop\Google Chrome.lnk
    [2012/01/22 14:10:34 | 000,001,472 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/01/11 15:02:31 | 000,663,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/01/11 15:02:31 | 000,122,058 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/01/02 08:24:24 | 000,001,003 | ---- | M] () -- C:\Users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/01/02 08:24:23 | 000,001,023 | ---- | M] () -- C:\Users\Brent\Desktop\Dropbox.lnk
    [2012/01/02 08:07:26 | 000,431,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2 C:\Users\Brent\AppData\Local\*.tmp files -> C:\Users\Brent\AppData\Local\*.tmp -> ]
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

    [
     
  15. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    More OTL logs

    ========== Files Created - No Company Name ==========

    [2012/01/26 21:00:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/26 21:00:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/26 21:00:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/26 21:00:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/26 21:00:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/26 20:50:55 | 000,000,306 | ---- | C] () -- C:\Windows\myClean.bat
    [2012/01/26 17:36:42 | 000,002,653 | ---- | C] () -- C:\Users\Public\Desktop\TrueKat Show.lnk
    [2012/01/26 17:36:42 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/01/26 17:36:42 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/01/26 17:36:42 | 000,001,248 | ---- | C] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk
    [2012/01/26 17:36:42 | 000,001,237 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce 610 Info Center.lnk
    [2012/01/26 17:36:42 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
    [2012/01/26 17:36:42 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\Yammer.lnk
    [2012/01/26 17:36:41 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Media Impression for Kodak.lnk
    [2012/01/26 17:36:41 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Kodak zi8 Camera.lnk
    [2012/01/26 17:36:41 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Maxtor Manager.lnk
    [2012/01/26 17:36:41 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/01/26 17:36:41 | 000,001,584 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
    [2012/01/26 17:36:41 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\MapPI v4.4.lnk
    [2012/01/26 17:36:40 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
    [2012/01/26 17:36:40 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/26 17:36:40 | 000,001,254 | ---- | C] () -- C:\Users\Public\Desktop\Google Desktop.lnk
    [2012/01/26 17:36:40 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\GPScraper 2011.lnk
    [2012/01/26 17:36:40 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
    [2012/01/26 17:36:40 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\FB Leads Maker.lnk
    [2012/01/26 17:36:40 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
    [2012/01/26 17:36:38 | 000,002,273 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
    [2012/01/26 17:36:38 | 000,001,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
    [2012/01/26 17:36:38 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2012/01/26 17:36:38 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    [2012/01/26 17:36:14 | 000,002,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
    [2012/01/26 17:36:14 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
    [2012/01/26 17:36:14 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2012/01/26 17:36:14 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    [2012/01/26 17:36:14 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/01/26 17:36:14 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    [2012/01/26 17:36:14 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/01/26 17:36:14 | 000,001,260 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VZAccess Manager.lnk
    [2012/01/26 17:36:14 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    [2012/01/26 17:36:14 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [2012/01/26 17:36:14 | 000,001,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xtreme Traffic Arbitrage.lnk
    [2012/01/26 17:36:14 | 000,000,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
    [2012/01/26 17:36:14 | 000,000,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Domain Samurai.lnk
    [2012/01/26 17:36:14 | 000,000,831 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yammer.lnk
    [2012/01/26 17:36:13 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2012/01/26 17:36:13 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
    [2012/01/26 17:36:13 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
    [2012/01/26 17:36:13 | 000,002,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
    [2012/01/26 17:36:13 | 000,000,895 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CherryPicker.lnk
    [2012/01/25 16:48:17 | 000,001,024 | ---- | C] () -- C:\.rnd
    [2012/01/25 14:53:21 | 000,001,097 | ---- | C] () -- C:\Users\Brent\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/01/25 14:53:20 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/25 11:16:50 | 000,001,767 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Monitoring Tray.lnk
    [2012/01/25 10:53:05 | 000,000,679 | ---- | C] () -- C:\Users\Brent\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2011/12/19 09:01:27 | 000,007,601 | ---- | C] () -- C:\Users\Brent\AppData\Local\Resmon.ResmonCfg
    [2011/12/09 09:34:17 | 000,000,000 | ---- | C] () -- C:\Users\Brent\AppData\Local\{2C032905-C0CB-4459-8AA3-F5B10B1B217A}
    [2011/12/01 12:46:48 | 000,000,000 | ---- | C] () -- C:\Users\Brent\AppData\Local\{6172FEA0-F9FC-4AC4-B9C8-185DA1FE33AC}
    [2011/11/27 14:01:28 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
    [2011/11/15 15:26:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/11/15 11:43:44 | 000,200,908 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
    [2010/10/22 08:44:41 | 000,001,472 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/05/14 16:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
    [2010/05/14 16:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
    [2010/05/14 16:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
    [2010/05/14 16:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
    [2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
    [2010/04/28 14:52:08 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/02/01 19:43:50 | 000,000,434 | ---- | C] () -- C:\Windows\SIERRA.INI
    [2010/01/13 15:39:22 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/01/02 16:29:56 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2010/01/02 16:29:56 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2010/01/02 16:29:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2010/01/02 16:29:56 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2010/01/02 16:29:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2010/01/02 16:29:56 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2010/01/02 16:29:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2010/01/02 16:29:56 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2010/01/02 16:29:56 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2010/01/02 16:29:56 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2010/01/02 16:29:56 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2010/01/02 16:29:56 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2010/01/02 16:29:56 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2010/01/02 16:29:56 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2010/01/02 16:29:56 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2010/01/02 16:29:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2010/01/02 16:28:29 | 000,000,089 | ---- | C] () -- C:\Windows\EPWF610.ini
    [2009/12/13 15:00:59 | 000,038,456 | ---- | C] () -- C:\Users\Brent\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2009/12/10 18:49:40 | 000,002,638 | ---- | C] () -- C:\Users\Brent\AppData\Roaming\ACT_23615883.prf
    [2009/12/05 12:16:36 | 000,000,000 | ---- | C] () -- C:\Users\Brent\AppData\Local\WavXMapDrive.bat
    [2009/11/25 19:03:16 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2009/11/25 19:03:16 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
    [2009/11/25 19:03:15 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
    [2009/11/25 19:03:15 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
    [2009/11/25 19:03:14 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2009/11/25 17:23:49 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
    [2009/11/25 17:23:49 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
    [2009/11/25 17:20:20 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
    [2009/11/25 17:18:00 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/07/27 13:15:32 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll
    [2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 23:33:53 | 000,431,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/13 21:05:48 | 000,663,222 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/13 21:05:48 | 000,122,058 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009/06/05 16:41:18 | 000,557,056 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll
    [2009/06/05 16:41:18 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll
    [2009/06/05 16:41:16 | 000,552,960 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll
    [2009/06/05 16:41:16 | 000,552,960 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll
    [2009/06/05 16:41:16 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll
    [2009/06/05 16:41:14 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll
    [2009/06/05 16:41:14 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll
    [2009/06/05 16:41:12 | 000,581,632 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll
    [2009/06/05 16:41:12 | 000,491,520 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll
    [2009/06/05 16:41:12 | 000,491,520 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll
    [2009/06/05 16:41:10 | 000,557,056 | ---- | C] () -- C:\Windows\System32\AmRes_nl.dll
    [2009/06/05 16:41:10 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_cs.dll
    [2009/06/05 16:41:10 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_da.dll
    [2009/06/05 16:41:08 | 000,544,768 | ---- | C] () -- C:\Windows\System32\AmRes_pl.dll
    [2009/06/05 16:41:08 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_sv.dll
    [2009/06/05 16:41:08 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_no.dll
    [2009/06/05 16:41:06 | 000,552,960 | ---- | C] () -- C:\Windows\System32\AmRes_el.dll
    [2009/06/05 16:41:06 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_ar.dll
    [2009/06/05 16:41:04 | 000,548,864 | ---- | C] () -- C:\Windows\System32\AmRes_pt-PT.dll
    [2009/06/05 16:41:04 | 000,544,768 | ---- | C] () -- C:\Windows\System32\AmRes_hu.dll
    [2009/06/05 16:41:04 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_fi.dll
    [2009/06/05 16:41:04 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_he.dll
    [2009/06/05 16:41:02 | 000,548,864 | ---- | C] () -- C:\Windows\System32\AmRes_ro.dll
    [2009/06/05 16:41:00 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_tr.dll
    [2009/06/05 16:31:18 | 000,561,152 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll
    [2009/06/03 14:08:48 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
    [2009/06/03 14:08:46 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
    [2009/06/03 14:08:46 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
    [2009/06/03 14:08:44 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
    [2009/06/03 14:08:42 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
    [2009/06/03 14:08:42 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
    [2009/06/03 14:08:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
    [2009/06/03 14:08:38 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
    [2009/06/03 14:08:36 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
    [2009/06/03 14:08:36 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
    [2009/06/03 14:08:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
    [2009/06/03 14:08:32 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
    [2009/06/03 14:08:32 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
    [2009/06/03 14:08:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
    [2009/06/03 14:08:28 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
    [2009/06/03 14:08:28 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
    [2009/06/03 14:08:26 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
    [2009/06/03 14:08:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
    [2009/06/03 14:08:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
    [2009/06/03 14:08:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
    [2009/06/03 14:08:20 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
    [2009/06/03 14:08:20 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
    [2009/06/03 14:08:16 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
    [2009/06/03 14:08:16 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
    [2009/06/03 13:07:50 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
    [2009/05/05 11:34:22 | 000,839,680 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
    [2008/03/25 10:46:00 | 000,077,536 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
    [2006/06/30 13:58:44 | 000,176,128 | R--- | C] () -- C:\Windows\System32\bioapi_mds300.dll
    [2006/06/30 13:58:44 | 000,126,976 | R--- | C] () -- C:\Windows\System32\bioapi100.dll
    [2004/09/10 14:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
    [2004/09/10 14:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll

    ========== LOP Check ==========

    [2012/01/25 15:14:16 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\AC6C4
    [2010/03/09 12:16:42 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\acccore
    [2011/01/02 20:22:19 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\AnvSoft
    [2011/02/14 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Auto Click Profits
    [2010/10/06 16:08:29 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Blackberry Desktop
    [2009/12/05 12:16:35 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Broadcom
    [2010/07/21 12:41:27 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\CherryPickerLive
    [2012/01/13 12:15:41 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\CoreFTP
    [2010/04/02 11:39:48 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    [2012/01/27 13:54:01 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Dropbox
    [2010/08/24 21:40:40 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Epson
    [2011/09/27 09:00:26 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\FileZilla
    [2011/10/26 10:25:34 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\GPScraper
    [2011/05/13 14:50:34 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\GPScraper.com
    [2011/05/14 11:43:59 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\gtk-2.0
    [2010/01/02 16:51:18 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Leadertech
    [2010/02/22 21:46:59 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    [2011/05/11 22:37:04 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Notepad++
    [2010/03/21 15:37:46 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Nvu
    [2010/10/06 15:55:15 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Research In Motion
    [2011/06/10 15:34:16 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Software Defender
    [2010/03/09 10:07:43 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Trillian
    [2009/12/05 12:16:36 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Wave Systems Corp
    [2010/11/09 14:06:57 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\webex
    [2011/09/07 15:19:06 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Yammer
    [2012/01/27 09:59:46 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >
    [2012/01/25 14:50:09 | 000,135,781 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.60.0.1800.exe


    < MD5 for: EXPLORER.EXE >
    [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
    [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
    [2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
    [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
    [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
    [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
    [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
    [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
    [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
    [2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
    [2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
    [2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
    [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
    [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
    [2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
    [2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
    [2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
    [2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
    [2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

    < %systemroot%\*. /mp /s >

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

    < End of report >
     
  16. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    Extras log

    OTL Extras logfile created on: 1/27/2012 2:05:54 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brent\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.46 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 54.01% Memory free
    6.91 Gb Paging File | 5.28 Gb Available in Paging File | 76.43% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 218.20 Gb Total Space | 72.01 Gb Free Space | 33.00% Space Free | Partition Type: NTFS
    Drive E: | 489.84 Mb Total Space | 321.47 Mb Free Space | 65.63% Space Free | Partition Type: FAT
    Unable to calculate disk information.

    Computer Name: VYNAMIC040 | User Name: Brent | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
    "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
    "{11DB380B-48CF-46EA-8B03-51874E2733C9}" = Dell Control Point
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{195F69A5-A4A0-421C-AC4B-2B2471C34037}" = VZAccess Manager
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
    "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
    "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 26
    "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
    "{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
    "{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
    "{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
    "{2EC50DB6-D8C2-4BBD-833A-942FCE58B71B}_is1" = FB Leads Maker version 1.1
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
    "{3237887D-8AC4-4C27-BDF4-57D7CB0351D6}" = SO32MMWrapper
    "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
    "{38536E0D-4F6F-2856-3237-53D8530A332C}" = Yammer
    "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4850B023-A9C0-4D15-8DE6-326028CAB499}" = Visual C++ 8.0 x86 Runtime Setup Package
    "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
    "{53EB2E32-9248-4001-866A-EA5543195B14}_is1" = Auto Click Profits 1.0.0
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
    "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
    "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
    "{59333B51-EA3C-4D7B-9AFE-96AD51B3C266}" = AuthenTec Fingerprint Software
    "{5E71355B-A8DB-5291-BDF7-872A2109AC6B}" = Market Samurai
    "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6BC271BA-C4ED-4BDA-8D80-437C0919F3E6}" = Verizon Wireless MiFi-2200 Firmware Updates
    "{6CFF5E43-FDDA-CCCE-8D1F-3BA9F4BA6410}" = Domain Samurai
    "{71084075-ABA7-48BC-9733-F56A9ABD184D}" = DCP32MMWrapper
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73526D5A-2468-4C3F-838E-829644A32259}" = NicheSensei
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{742F404D-6C21-41B1-AA94-DFEDA68C53A8}" = GPScraper 2011
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
    "{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
    "{90120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007
    "{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}_VISSTD_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
    "{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTD_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{9143F2FA-BF20-4311-8618-4CCF51B1B80C}" = Dell ControlPoint System Manager
    "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B7CF713-805E-420A-9289-4F2ED155923E}_is1" = Tweet Siphon 1.0
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DF0BE48-16F0-4E36-814D-9B4FDFFAF25F}" = PayPal Plug-In
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
    "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
    "{A69E9A1C-25C7-8B9B-18C0-3BE530BBEE23}" = Xtreme Traffic Arbitrage
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
    "{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
    "{AC76BA86-1033-F400-BA7E-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708
    "{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
    "{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
    "{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
    "{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
    "{C15DFAE3-5B48-48DF-B889-21441333CC22}" = TrueKat Show
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C3FA63E2-AFD3-41FD-B48F-1D942CC71943}" = UPEK TouchChip Fingerprint Reader
    "{C975D391-7BF6-44A0-A4FF-EDF3CFD88F68}" = ArcSoft MediaImpression for Kodak
    "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
    "{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D416328F-D3ED-4DFD-A8E0-C31466E8E039}" = Tube Toolbox
    "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
    "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DA846E79-1C13-4AB0-8DEB-77935469CD9A}" = Mobile Broadband Generic Drivers
    "{DCC8DA46-5386-1941-7065-3FDB3C7BD0F6}" = CherryPicker
    "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
    "{E8951905-B0E2-46E3-8881-5C20EAE8B00B}" = GPScraper 2011
    "{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
    "{ED481F57-C329-46DB-949F-F24811C13904}" = YPScraper
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
    "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
    "{F44F0A3A-2110-4705-B5EC-D5B6371F53C1}" = Visual C++ 8.0 x86 Runtime Setup Package
    "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FA56E1F9-7269-4383-BAE8-A2FF7097C4B5}_is1" = MapPI v4.4 version 4.4
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
    "7-Zip" = 7-Zip 4.65
    "9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
    "ActiveTouchMeetingClient" = WebEx
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "AI RoboForm" = AI RoboForm (All Users)
    "AIM_7" = AIM 7
    "Akamai" = Akamai NetSession Interface Service
    "Any Video Converter_is1" = Any Video Converter 3.1.7
    "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
    "Belarc Advisor" = Belarc Advisor 8.1
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
    "CherryPickerLive" = CherryPicker
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "com.adobe.example.love.C6EC44B5C943A4DDCD781F06D19CDB0574EF4B20.1" = Xtreme Traffic Arbitrage
    "Core FTP LE 2.1" = Core FTP LE 2.1
    "D3F88C3864C8C031A7C5D5E63A76571EC1B047DF" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
    "Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
    "DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Domain Samurai
    "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
    "EPSON Scanner" = EPSON Scan
    "EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
    "Facebook FriendAdder" = Facebook FriendAdder
    "Golf Solitaire_is1" = Golf Solitaire 1.1.0
    "Google Desktop" = Google Desktop
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
    "InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
    "InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
    "InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
    "InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
    "InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
    "InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
    "Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
    "Notepad++" = Notepad++
    "Nvu_is1" = Nvu 1.0PR
    "Picasa 3" = Picasa 3
    "PingPlotter Standard" = PingPlotter Standard 3.30.4s
    "PRJSTD" = Microsoft Office Project Standard 2007
    "PROHYBRIDR" = 2007 Microsoft Office system
    "Quick Search Box" = Google Quick Search Box
    "Sierra Utilities" = Sierra Utilities
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Trillian" = Trillian
    "TVWiz" = Intel(R) TV Wizard
    "Underachiever Secrets_is1" = Underachiever Secrets
    "VISSTD" = Microsoft Office Visio Standard 2007
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "Yammer" = Yammer

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Dropbox" = Dropbox
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "Google Chrome" = Google Chrome
    "GoToMeeting" = GoToMeeting 5.1.0.880
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/27/2012 2:51:29 PM | Computer Name = Vynamic040 | Source = Wave TCG Client Services | ID = 123
    Description = The NTRU TSS is not running, Wave Software is unable to communicate
    to TPM

    [ System Events ]
    Error - 1/27/2012 2:38:10 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7034
    Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 1/27/2012 2:38:14 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 1/27/2012 2:43:59 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 1/27/2012 2:50:27 PM | Computer Name = Vynamic040 | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 1:49:39 PM on ?1/?27/?2012 was unexpected.

    Error - 1/27/2012 2:50:33 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0

    Error - 1/27/2012 2:50:35 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 1/27/2012 2:50:58 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7034
    Description = The SQL Server VSS Writer service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 1/27/2012 2:50:59 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 1/27/2012 2:56:02 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7022
    Description = The Windows Search service hung on starting.

    Error - 1/27/2012 2:56:13 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7024
    Description = The HomeGroup Listener service terminated with service-specific error
    %%-2147023143.


    < End of report >
     
  17. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    Is it looking any better after this last round?

    Hey Bobbye, whenever you check this thread again, just wanted to ask a followup question. In your last reply, you mentioned I had multiple infections that have been here a while and I guess I just not see affects of it until I got the System Check malware infection. How can I chek for these things in the future if I don't see symptoms?

    Thanks for all of your help! I am truly grateful.
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You are welcome - I'm glad to help.We'll talk about having layers of security to help prevent the malware and I will give you suggestions and links. As part of that, I want to check the following:

    Download Security Check by screen317 and save to the desktop
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt please
    • Post the contents of that document.

    I hope to get a better idea of just what McAfee you have. I note you're running McAfee® Security-as-a-Service (SaaS) which was in Beta testing, then in Trial, but no dates for final release were available.appears to be a Beta program. This is * Not compatible with McAfee Firewall Protection* per McAfee. But the Combofix header shows SaaS FW: McAfee® Security-as-a-Service *Enabled. I see you also show McAfee Security Scan Plus installed.
    ========================================
    One of the Services is usually damaged by this infections, so let's check them:

    Please download Farbar Service Scanner
    • Check Include all files option
    • Press the Scan button
    • Log named FSS.txt will be created in the same directory as the tool
    • Please paste the log into your next reply
    =======================================
    I have some script set up for you to run in Combofix also:
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\myClean.bat
    c:\windows\system32\PerfStringBackup.TMP
    c:\users\Brent\AppData\Local\BITCE20.tmp
    c:\users\Brent\AppData\Local\BIT3EC5.tmp
    c:\program files\d345a5c1.tmp
    DDS::
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
    uInternet Settings,ProxyServer = http=127.0.0.1:59616
    mRun: [EasyMessage] c:\program files\easy message\em2.exe
    FileLook::
    c:\windows\system32\lsasrv.dll
    c:\windows\system32\lsass.exe
    Folder::
    c:\users\Default\AppData\Local\temp
    c:\users\Brent\AppData\Local\temp
    c:\program files\C4528
    c:\users\Brent\AppData\Roaming\AC6C4
    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,55,7f,b5,ae,96,8c,46,87,6e,d6, \
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,55,7f,b5,ae,96,8c,46,87,6e,d6, \
    
    Registry::
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Logs in next reply please.
     
  19. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    Next round of logs

    ComboFix 12-01-26.01 - Brent 01/30/2012 20:32:53.3.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.1954 [GMT -5:00]
    Running from: c:\users\Brent\Desktop\ComboFix.exe
    Command switches used :: c:\users\Brent\Desktop\CFScript.txt.txt
    FW: McAfee® Security-as-a-Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    * Created a new restore point
    .
    FILE ::
    "c:\program files\d345a5c1.tmp"
    "c:\users\Brent\AppData\Local\BIT3EC5.tmp"
    "c:\users\Brent\AppData\Local\BITCE20.tmp"
    "c:\windows\myClean.bat"
    "c:\windows\system32\PerfStringBackup.TMP"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\C4528
    c:\program files\C4528\lvvmu.exe
    c:\program files\d345a5c1.tmp
    c:\users\Brent\AppData\Local\BIT3EC5.tmp
    c:\users\Brent\AppData\Local\BITCE20.tmp
    c:\users\Brent\AppData\Local\temp\~DF283728F393B31DF5.TMP
    c:\users\Brent\AppData\Local\temp\~DF3747C31EB465E265.TMP
    c:\users\Brent\AppData\Local\temp\~DFE5759C72A59B6EAC.TMP
    c:\users\Brent\AppData\Local\temp\A9RF8CD.tmp
    c:\users\Brent\AppData\Local\temp\alm.log
    c:\users\Brent\AppData\Local\temp\amt.log
    c:\users\Brent\AppData\Local\temp\catchme.dll
    c:\users\Brent\AppData\Local\temp\citrixlogs\G2MInst.log
    c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\457\G2MIMessenger_g2mlauncher.log
    c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\457\G2MIMessenger_skype.log
    c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\457\G2MOutlookAddin.log
    c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\457\G2MOutlookAddin_util.log
    c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\457\log13FC.tmp\G2MStart.log
    c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\457\log13FC.tmp\GoToMeeting_00.log
    c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\723\G2MIMessenger_g2mlauncher.log
    c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\723\G2MOutlookAddin.log
    c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\723\G2MOutlookAddin_util.log
    c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\723\logF5B2.tmp\G2MStart-running-80c.log
    c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\723\logF5B2.tmp\G2MStart.log
    c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\723\logF5B2.tmp\GoToMeeting_00.log
    c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\880\logE0FA.tmp\G2MStart-running-2210.log
    c:\users\Brent\AppData\Local\temp\citrixlogs\queue.xml
    c:\users\Brent\AppData\Local\temp\ExchangePerflog_8484fa31880a91a4e52d0f01.dat
    c:\users\Brent\AppData\Local\temp\FXSAPIDebugLogFile.txt
    c:\users\Brent\AppData\Local\temp\GoogleQuickSearchBox.log
    c:\users\Brent\AppData\Local\temp\msohtmlclip1\01\clip_colorschememapping.xml
    c:\users\Brent\AppData\Local\temp\msohtmlclip1\01\clip_themedata.thmx
    c:\users\Brent\AppData\Local\temp\qtsingleapp-camera-a689-1-lockfile
    c:\users\Brent\AppData\Local\temp\qtsingleapp-lwsexe-d03c-1-lockfile
    c:\users\Brent\AppData\Roaming\AC6C4
    c:\users\Brent\AppData\Roaming\AC6C4\4528.C6C
    c:\users\Brent\g2mdlhlpx.exe
    c:\users\Default\AppData\Local\temp
    c:\windows\myClean.bat
    c:\windows\system32\PerfStringBackup.TMP
    c:\users\Brent\AppData\Local\temp . . . . Failed to delete
    c:\users\Brent\AppData\Local\temp\LTTray.dat . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-27 15:48 . 2012-01-31 01:47 -------- d-----w- c:\users\Brent\AppData\Local\temp
    2012-01-27 15:47 . 2011-04-25 03:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-01-27 14:25 . 2012-01-27 14:25 -------- d-----w- c:\programdata\McAfee
    2012-01-27 13:53 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2012-01-25 19:53 . 2012-01-25 19:53 -------- d-----w- c:\users\Brent\AppData\Roaming\Malwarebytes
    2012-01-25 19:53 . 2012-01-25 19:53 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-25 19:52 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-25 19:52 . 2012-01-25 19:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-25 19:50 . 2012-01-25 19:50 135781 ----a-w- C:\mbam-setup-1.60.0.1800.exe
    2012-01-17 15:23 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-01-17 15:23 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-01-17 15:23 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-16 15:07 . 2009-08-20 04:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2012-01-16 15:01 . 2012-01-03 13:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-31 01:45 . 2009-12-05 17:16 0 ----a-w- c:\users\Brent\AppData\Local\WavXMapDrive.bat
    2011-12-19 18:46 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-11-24 04:25 . 2011-12-19 02:47 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-11-19 14:01 . 2012-01-11 19:59 67072 ----a-w- c:\windows\system32\packager.dll
    2011-11-17 05:38 . 2012-01-11 19:59 1288472 ----a-w- c:\windows\system32\ntdll.dll
    2011-11-17 05:35 . 2012-01-17 15:23 314880 ----a-w- c:\windows\system32\webio.dll
    2011-11-17 05:34 . 2012-01-17 15:23 100352 ----a-w- c:\windows\system32\sspicli.dll
    2011-11-17 05:34 . 2012-01-17 15:23 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2011-11-17 05:34 . 2012-01-17 15:23 224768 ----a-w- c:\windows\system32\schannel.dll
    2011-11-17 05:34 . 2012-01-17 15:23 22016 ----a-w- c:\windows\system32\secur32.dll
    2011-11-17 05:32 . 2012-01-17 15:23 1038848 ----a-w- c:\windows\system32\lsasrv.dll
    2011-11-17 05:29 . 2012-01-17 15:23 22528 ----a-w- c:\windows\system32\lsass.exe
    2011-11-15 16:53 . 2011-05-15 19:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-05 04:35 . 2011-12-19 02:47 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-11-05 04:26 . 2011-12-19 02:46 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-05 02:48 . 2011-12-19 02:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-02-18 15:35 . 2011-02-18 15:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    --- c:\windows\system32\lsasrv.dll ---
    Company: Microsoft Corporation
    File Description: LSA Server DLL
    File Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Product Name: Microsoft® Windows® Operating System
    Copyright: © Microsoft Corporation. All rights reserved.
    Original Filename: lsasrv.dll.mui
    File size: 1038848
    Created time: 2012-01-17 15:23
    Modified time: 2011-11-17 05:32
    MD5: C95CA687D32DDAB1C91E1122E80D5E16
    SHA1: 112E21A659C80EC12F42CE105D770D366ADDDBBA
    .
    .
    --- c:\windows\system32\lsass.exe ---
    Company: Microsoft Corporation
    File Description: Local Security Authority Process
    File Version: 6.1.7601.17725 (win7sp1_gdr.111116-1503)
    Product Name: Microsoft® Windows® Operating System
    Copyright: © Microsoft Corporation. All rights reserved.
    Original Filename: lsass.exe
    File size: 22528
    Created time: 2012-01-17 15:23
    Modified time: 2011-11-17 05:29
    MD5: 81951F51E318AECC2D68559E47485CC4
    SHA1: D49245356DD4DC5E8F64037E4DC385355882A340
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-09 39408]
    "GoToMeeting"="c:\program files\Citrix\GoToMeeting\723\g2mstart.exe" [2011-05-31 39816]
    "{E8951905-B0E2-46E3-8881-5C20EAE8B00B}"="c:\windows\system32\msiexec.exe" [2010-11-20 73216]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-02 160328]
    "Akamai NetSession Interface"="c:\users\Brent\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-08-05 4562944]
    "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
    "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
    "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
    "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-09 122880]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-02-06 843776]
    "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-05 495708]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-18 30192]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-02 160328]
    .
    c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
    Yammer.lnk - c:\program files\Yammer\Yammer.exe [2011-10-15 142336]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
    Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-11-25 50688]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
    Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2011-11-15 1126728]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-03 29472]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-18 30192]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
    R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2009-06-15 20480]
    R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-06-03 174720]
    R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
    R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
    R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
    R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-20 32408]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2010-04-05 81920]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
    S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
    S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 LTService;TechGuides Monitoring Service;c:\windows\LTSVC\LTSVC.exe [2011-11-15 8713032]
    S2 LTSvcMon;TechGuides Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [2011-11-15 98120]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:07]
    .
    2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:07]
    .
    2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003Core.job
    - c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 23:59]
    .
    2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003UA.job
    - c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 23:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com/
    uInternet Settings,ProxyOverride = 127.0.0.1:9421
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: tgelite.com\labtech
    TCP: DhcpNameServer = 192.168.1.1
    DPF: CabCCT - hxxps://ondemand.apptix.net/codebase/ActCtrl_Apptix.cab
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn1.appliedsystems.com/CACHE/stc/1/binaries/vpnweb.cab
    FF - ProfilePath - c:\users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\bwy2t5l6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 59616
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Brent\AppData\Roaming\Move Networks
    FF - Ext: Google Reader Watcher: grwatcher@ajnasz.hu - %profile%\extensions\grwatcher@ajnasz.hu
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(532)
    c:\windows\system32\wvauth.DLL
    .
    - - - - - - - > 'Explorer.exe'(7992)
    c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
    c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
    c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
    c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Maxtor\Sync\SyncServices.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\windows\system32\SAgent4.exe
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\Epson Software\Event Manager\EEventManager.exe
    c:\program files\DellTPad\Apntex.exe
    c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Citrix\GoToMeeting\723\g2mcomm.exe
    c:\program files\Citrix\GoToMeeting\723\g2mlauncher.exe
    c:\windows\system32\igfxext.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Common Files\Java\Java Update\jucheck.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\windows\system32\RunDll32.exe
    c:\windows\system32\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-30 20:58:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-31 01:58
    ComboFix2.txt 2012-01-27 19:03
    ComboFix3.txt 2012-01-27 16:03
    .
    Pre-Run: 78,427,914,240 bytes free
    Post-Run: 78,379,073,536 bytes free
    .
    - - End Of File - - 05E37F0823EE68513953902EEAC68359
     
  20. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    Farbar Service Scanner Version: 18-01-2012 01
    Ran by Brent (administrator) on 30-01-2012 at 20:26:42
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.


    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============
    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys
    [2012-01-27 10:47] - [2011-04-24 22:24] - 0338944 ____A (Microsoft Corporation) C427F91A748CD342A2B3F9278D9FD6A5

    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****

    Results of screen317's Security Check version 0.99.30
    Windows 7 Service Pack 1 x86 (UAC is disabled!)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    McAfee Security Scan Plus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 26
    Java version out of date!
    Mozilla Firefox (3.6.17) Firefox out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````
     
  21. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    Ready for next round

    Did any of that help? Should I re-install McAfee S-a-a-S or something else?
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    For any of the scan you are instructed to disable the security, you are also told to re-enable it when the scan is finished.

    It would be helpful if you told me what problem have been resolved and what, if any, remain.
    =========================================
    OTL Custom Scan Fixes

    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

      Code:
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59616
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
      FF - prefs.js..extensions.enabledItems: grwatcher@ajnasz.hu:1.4.1
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
      FF - prefs.js..network.proxy.http_port: 59616
      FF - prefs.js..network.proxy.no_proxies_on: "*.local"
      [2010/12/20 12:15:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
      [2011/03/14 08:24:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
      [2011/07/10 15:08:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: CabCCT https://ondemand.apptix.net/codebase/ActCtrl_Apptix.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49A738B7-03B3-47B9-9727-51289FA76CED}: DhcpNameServer = 10.232.53.29
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      [2012/01/26 20:50:55 | 000,000,306 | ---- | C] () -- C:\Windows\myClean.bat
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      helpfile [open] -- Reg Error: Key error.
      regfile [merge] -- Reg Error: Key error.
      txtfile [edit] -- Reg Error: Key error.
      Folder [explore] -- Reg Error: Value error.
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
      "VistaSp1" = Reg Error: Unknown registry data type -- File not found
      
      :Files
      
      :Commands
      [purity]
      [emptyflash]
      [emptyjava]
      [resethosts]
      [CreateRestorePoint]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  23. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    Errors

    I ran this code in OTL but it keeps hanging with this line showing:

    Processing Registry data helpfile [open]--Reg Key error...

    Not sure what to do.

    Thanks,
    Brent
     
  24. bdawkins94

    bdawkins94 TS Rookie Topic Starter Posts: 22

    ComboFix Results

    Something weird popped up "a system check" type window so I killed it using task mgr and it did not come back. I ran ComboFix so I could show you any recent files that have been on my machine a few look concerning.

    I hope this helps. Thanks.

    =======================

    ComboFix 12-01-26.01 - Brent 02/04/2012 18:40:19.4.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.2390 [GMT -5:00]
    Running from: c:\users\Brent\Desktop\ComboFix.exe
    FW: McAfee® Security-as-a-Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    * Created a new restore point
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-04 23:41 . 2012-02-04 23:41 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-04 20:57 . 2012-02-04 20:57 -------- d-----w- C:\_OTL
    2012-02-04 20:23 . 2012-02-04 20:23 323072 ----a-w- c:\users\Brent\AppData\Local\bgogcmym.exe
    2012-02-04 20:23 . 2012-02-04 20:23 323072 ----a-w- c:\users\Brent\AppData\Local\utmcwk.exe
    2012-02-02 00:33 . 2012-02-02 17:19 60304 ----a-w- c:\users\Brent\g2mdlhlpx.exe
    2012-01-27 15:48 . 2012-02-04 23:42 -------- d-----w- c:\users\Brent\AppData\Local\temp
    2012-01-27 15:47 . 2011-04-25 03:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-01-27 14:25 . 2012-01-27 14:25 -------- d-----w- c:\programdata\McAfee
    2012-01-27 13:53 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2012-01-25 19:53 . 2012-01-25 19:53 -------- d-----w- c:\users\Brent\AppData\Roaming\Malwarebytes
    2012-01-25 19:53 . 2012-01-25 19:53 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-25 19:52 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-25 19:52 . 2012-01-25 19:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-25 19:50 . 2012-01-25 19:50 135781 ----a-w- C:\mbam-setup-1.60.0.1800.exe
    2012-01-17 15:23 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
    2012-01-17 15:23 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-01-17 15:23 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-17 15:23 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-01-17 15:23 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-17 15:23 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
    2012-01-17 15:23 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
    2012-01-17 15:23 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
    2012-01-17 15:23 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
    2012-01-17 15:23 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2012-01-16 15:07 . 2009-08-20 04:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2012-01-16 15:01 . 2012-01-03 13:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2012-01-11 19:59 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 19:59 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 19:58 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
    2012-01-11 19:58 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-31 01:45 . 2009-12-05 17:16 0 ----a-w- c:\users\Brent\AppData\Local\WavXMapDrive.bat
    2011-12-19 18:46 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-11-24 04:25 . 2011-12-19 02:47 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-11-15 16:53 . 2011-05-15 19:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-02-18 15:35 . 2011-02-18 15:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-09 39408]
    "GoToMeeting"="c:\program files\Citrix\GoToMeeting\723\g2mstart.exe" [2011-05-31 39816]
    "{E8951905-B0E2-46E3-8881-5C20EAE8B00B}"="c:\windows\system32\msiexec.exe" [2010-11-20 73216]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-02 160328]
    "Akamai NetSession Interface"="c:\users\Brent\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
    "WorkForce 610(Network)"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE" [2009-01-26 199680]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-08-05 4562944]
    "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
    "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
    "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
    "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-09 122880]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-02-06 843776]
    "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-05 495708]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-18 30192]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-02 160328]
    .
    c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
    Yammer.lnk - c:\program files\Yammer\Yammer.exe [2011-10-15 142336]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
    Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-11-25 50688]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
    Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2011-11-15 1126728]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-03 29472]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-18 30192]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
    R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2009-06-15 20480]
    R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-06-03 174720]
    R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
    R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
    R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
    R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-20 32408]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2010-04-05 81920]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
    S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
    S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 LTService;TechGuides Monitoring Service;c:\windows\LTSVC\LTSVC.exe [2011-11-15 8713032]
    S2 LTSvcMon;TechGuides Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [2011-11-15 98120]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:07]
    .
    2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:07]
    .
    2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003Core.job
    - c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 23:59]
    .
    2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003UA.job
    - c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 23:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com/
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: tgelite.com\labtech
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn1.appliedsystems.com/CACHE/stc/1/binaries/vpnweb.cab
    FF - ProfilePath - c:\users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\bwy2t5l6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port -
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Brent\AppData\Roaming\Move Networks
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_e286960.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(532)
    c:\windows\system32\wvauth.DLL
    .
    - - - - - - - > 'Explorer.exe'(336)
    c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
    .
    Completion time: 2012-02-04 18:44:03
    ComboFix-quarantined-files.txt 2012-02-04 23:44
    ComboFix2.txt 2012-01-31 01:58
    ComboFix3.txt 2012-01-27 19:03
    ComboFix4.txt 2012-01-27 16:03
    .
    Pre-Run: 80,890,531,840 bytes free
    Post-Run: 80,738,213,888 bytes free
    .
    - - End Of File - - A7211E20B0CF5DA0A9986BD5E9034FEA
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Combofix ran in Reduced Functionality Mode. Did you get a screen like this when you ran it the last time?
    [​IMG]

    From Microsoft:
    So something must need to be reactivated. There is still malware on the system, but we need to find the activation problem and fix it before trying to run more script in Combofix.

    Please run the MGA Diagnostics tool
    • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
    • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
    • You must choose to Run this tool when prompted.
    • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
    • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
    • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
    • Please return to this thread and Paste the results here for review.
    ------------------------------------------
    This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

    1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
    2. Does it read "OEM Software" or "OEM Product" in black lettering?
    3. Or, does it have the computer manufacturer's name in black lettering?
    4. DO NOT post the Product Key.

    NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...