Inactive Another case of System Check malware

Status
Not open for further replies.

bdawkins94

Posts: 22   +0
Hello,

I was recently affected by the System Check malware and have followed your instructions for steps 1-5.

Here are the log files:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.25.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Brent :: VYNAMIC040 [administrator]

Protection: Enabled

1/25/2012 2:54:49 PM
mbam-log-2012-01-25 (14-54-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217681
Time elapsed: 1 hour(s), 10 minute(s), 33 second(s)

Memory Processes Detected: 1
C:\ProgramData\vjFDrMidYFj.exe (Trojan.FakeAlert) -> 5040 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\AFD (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vjFDrMidYFj.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\vjFDrMidYFj.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\ProgramData\vjFDrMidYFj.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Windows\System32\drivers\afd.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\users\brent\appdata\roaming\ac6c4\777ee.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

(end)
 
Logs too large

============== Running Processes ===============

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
C:\Windows\System32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\LTSVC\LTSVC.exe
C:\Windows\LTSvc\LTSvcMon.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\SAgent4.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\net.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Users\Brent\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Brent\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe
C:\Users\Brent\Desktop\gmer.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uLocal Page = c:\windows\system32\blank.htm
uSearch Page = hxxp://www.google.com
uStart Page = https://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
uInternet Settings,ProxyServer = http=127.0.0.1:59616
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110913132222.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [WorkForce 610(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S10FF.tmp" /EF "HKCU"
uRun: [{E8951905-B0E2-46E3-8881-5C20EAE8B00B}] c:\windows\system32\msiexec.exe /cmdloc "hkcu\software\gpscraper.com aitemp\{E8951905-B0E2-46E3-8881-5C20EAE8B00B}"
uRun: [Google Update] "c:\users\brent\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Akamai NetSession Interface] "c:\users\brent\appdata\local\akamai\netsession_win.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [EasyMessage] c:\program files\easy message\em2.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [ArcSoft MediaImpression Monitor] c:\program files\kodak\mediaimpression\ArcMonitor.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: apptix.net\mail
Trusted Zone: collaborationhost.com\vynamic
Trusted Zone: localima.org\www
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: tgelite.com\labtech
DPF: CabCCT - hxxps://ondemand.apptix.net/codebase/ActCtrl_Apptix.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn1.appliedsystems.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tlr.webex.com/client/T26L/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{49A738B7-03B3-47B9-9727-51289FA76CED} : DhcpNameServer = 10.232.53.29 10.232.53.30 10.232.53.11 10.232.53.145
TCP: Interfaces\{D21D20D7-5BBE-485B-BA3C-2734D8B9A433} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D21D20D7-5BBE-485B-BA3C-2734D8B9A433}\249627B64616C65602055726C69636 : DhcpNameServer = 192.168.3.1
TCP: Interfaces\{D21D20D7-5BBE-485B-BA3C-2734D8B9A433}\D697071627B6 : DhcpNameServer = 192.168.16.2
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt5.0.0.811.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GO36F4~1.DLL
LSA: Authentication Packages = msv1_0 wvauth
SubSystems: Windows = winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

================= FIREFOX ===================

FF - ProfilePath - c:\users\brent\appdata\roaming\mozilla\firefox\profiles\bwy2t5l6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59616
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\brent\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\brent\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor Enterprise: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor Enterprise
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\brent\appdata\roaming\Move Networks
FF - Ext: Google Reader Watcher: grwatcher@ajnasz.hu - %profile%\extensions\grwatcher@ajnasz.hu

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2012-01-25 20:17:13 851 ----a-w- c:\programdata\yibrfaa.tmp
2012-01-25 20:17:07 854 ----a-w- c:\programdata\xibrfaa.tmp
2012-01-25 20:17:02 791 ----a-w- c:\programdata\wibrfaa.tmp
2012-01-25 20:16:57 847 ----a-w- c:\programdata\vibrfaa.tmp
2012-01-25 20:14:13 829 ----a-w- c:\programdata\rekuaaa.tmp
2012-01-25 20:09:18 838 ----a-w- c:\programdata\bdfqaaa.tmp
2012-01-25 20:08:45 818 ----a-w- c:\programdata\cdfqaaa.tmp
2012-01-25 20:08:12 808 ----a-w- c:\programdata\ckjlaaa.tmp
2012-01-25 20:04:12 850 ----a-w- c:\programdata\zcfqaaa.tmp
2012-01-25 20:01:55 839 ----a-w- c:\programdata\bkjlaaa.tmp
2012-01-25 19:53:32 -------- d-----w- c:\users\brent\appdata\roaming\Malwarebytes
2012-01-25 19:53:08 -------- d-----w- c:\programdata\Malwarebytes
2012-01-25 19:52:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-25 19:50:08 135781 ---ha-w- C:\mbam-setup-1.60.0.1800.exe
2012-01-25 19:50:08 135781 ---ha-w- \mbam-setup-1.60.0.1800.exe
2012-01-25 19:50:08 135781 ---ha-w- \mbam-setup-1.60.0.1800.exe
2012-01-25 19:21:36 896 ----a-w- c:\programdata\dkjlaaa.tmp
2012-01-25 19:21:34 829 ----a-w- c:\programdata\adfqaaa.tmp
2012-01-25 19:21:24 831 ----a-w- c:\programdata\ycfqaaa.tmp
2012-01-25 19:21:21 880 ----a-w- c:\programdata\akjlaaa.tmp
2012-01-25 19:20:41 836 ----a-w- c:\programdata\ekjlaaa.tmp
2012-01-25 15:52:48 351992 ---ha-w- c:\programdata\oTEgArsEo7ELIu.exe
2012-01-25 15:27:44 818 ---ha-w- c:\programdata\zqeliaa.tmp
2012-01-25 15:10:19 814 ---ha-w- c:\programdata\breliaa.tmp
2012-01-25 14:48:30 834 ---ha-w- c:\programdata\mdcagaa.tmp
2012-01-25 14:40:13 797 ---ha-w- c:\programdata\kdcagaa.tmp
2012-01-25 14:39:33 819 ---ha-w- c:\programdata\odcagaa.tmp
2012-01-25 14:39:28 826 ---ha-w- c:\programdata\ndcagaa.tmp
2012-01-25 14:39:18 850 ---ha-w- c:\programdata\ldcagaa.tmp
2012-01-25 13:47:27 873 ---ha-w- c:\programdata\yqeliaa.tmp
2012-01-25 13:15:17 807 ---ha-w- c:\programdata\areliaa.tmp
2012-01-25 12:40:33 831 ---ha-w- c:\programdata\kpeikaa.tmp
2012-01-25 12:39:53 849 ---ha-w- c:\programdata\opeikaa.tmp
2012-01-25 12:39:53 831 ---ha-w- c:\programdata\npeikaa.tmp
2012-01-25 12:39:45 849 ---ha-w- c:\programdata\mpeikaa.tmp
2012-01-25 12:39:39 835 ---ha-w- c:\programdata\lpeikaa.tmp
2012-01-25 04:50:52 845 ---ha-w- c:\programdata\creliaa.tmp
2012-01-25 04:05:59 912 ---ha-w- c:\programdata\cvgveaa.tmp
2012-01-25 04:05:54 812 ---ha-w- c:\programdata\bvgveaa.tmp
2012-01-25 04:05:49 824 ---ha-w- c:\programdata\avgveaa.tmp
2012-01-25 04:05:44 848 ---ha-w- c:\programdata\zugveaa.tmp
2012-01-25 03:51:51 802 ---ha-w- c:\programdata\gdcjiaa.tmp
2012-01-25 03:51:46 813 ---ha-w- c:\programdata\fdcjiaa.tmp
2012-01-25 03:51:41 886 ---ha-w- c:\programdata\edcjiaa.tmp
2012-01-25 03:51:36 814 ---ha-w- c:\programdata\ddcjiaa.tmp
2012-01-25 03:26:30 833 ---ha-w- c:\programdata\qobmaaa.tmp
2012-01-25 03:12:16 842 ---ha-w- c:\programdata\tobmaaa.tmp
2012-01-25 02:43:24 865 ---ha-w- c:\programdata\iqgqaaa.tmp
2012-01-25 02:42:44 805 ---ha-w- c:\programdata\mqgqaaa.tmp
2012-01-25 02:42:39 842 ---ha-w- c:\programdata\lqgqaaa.tmp
2012-01-25 02:42:34 843 ---ha-w- c:\programdata\kqgqaaa.tmp
2012-01-25 02:42:31 813 ---ha-w- c:\programdata\uobmaaa.tmp
2012-01-25 02:42:29 852 ---ha-w- c:\programdata\jqgqaaa.tmp
2012-01-25 02:42:21 823 ---ha-w- c:\programdata\sobmaaa.tmp
2012-01-25 02:42:19 865 ---ha-w- c:\programdata\robmaaa.tmp
2012-01-25 02:33:42 817 ---ha-w- c:\programdata\iynlaaa.tmp
2012-01-25 02:33:34 831 ---ha-w- c:\programdata\bwdpaaa.tmp
2012-01-25 02:33:10 831 ---ha-w- c:\programdata\szxzeaa.tmp
2012-01-25 02:32:08 855 ---ha-w- c:\programdata\tzxzeaa.tmp
2012-01-25 02:29:26 829 ---ha-w- c:\programdata\hynlaaa.tmp
2012-01-25 02:22:56 831 ---ha-w- c:\programdata\gynlaaa.tmp
2012-01-25 02:17:25 919 ---ha-w- c:\programdata\dwdpaaa.tmp
2012-01-25 02:10:54 858 ---ha-w- c:\programdata\wzxzeaa.tmp
2012-01-25 01:48:49 831 ---ha-w- c:\programdata\uzxzeaa.tmp
2012-01-25 01:26:10 857 ---ha-w- c:\programdata\eynlaaa.tmp
2012-01-25 00:56:20 837 ---ha-w- c:\programdata\edwbfba.tmp
2012-01-25 00:56:15 850 ---ha-w- c:\programdata\ddwbfba.tmp
2012-01-25 00:52:05 838 ---ha-w- c:\programdata\aopxeba.tmp
2012-01-25 00:51:34 854 ---ha-w- c:\programdata\eopxeba.tmp
2012-01-25 00:51:26 832 ---ha-w- c:\programdata\dopxeba.tmp
2012-01-25 00:51:16 790 ---ha-w- c:\programdata\copxeba.tmp
2012-01-25 00:51:10 835 ---ha-w- c:\programdata\bopxeba.tmp
2012-01-25 00:43:07 830 ---ha-w- c:\programdata\ewdpaaa.tmp
2012-01-24 22:59:23 849 ---ha-w- c:\programdata\qcaozaa.tmp
2012-01-24 22:58:14 829 ---ha-w- c:\programdata\ncaozaa.tmp
2012-01-24 22:51:09 811 ---ha-w- c:\programdata\pcaozaa.tmp
2012-01-24 22:50:54 823 ---ha-w- c:\programdata\mcaozaa.tmp
2012-01-24 22:50:04 833 ---ha-w- c:\programdata\ocaozaa.tmp
2012-01-24 21:23:03 851 ---ha-w- c:\programdata\mwatuaa.tmp
2012-01-24 21:22:23 848 ---ha-w- c:\programdata\qwatuaa.tmp
2012-01-24 21:22:18 839 ---ha-w- c:\programdata\pwatuaa.tmp
2012-01-24 21:22:13 859 ---ha-w- c:\programdata\owatuaa.tmp
2012-01-24 21:22:08 789 ---ha-w- c:\programdata\nwatuaa.tmp
2012-01-24 20:50:28 861 ---ha-w- c:\programdata\snzbpaa.tmp
2012-01-24 20:49:48 876 ---ha-w- c:\programdata\wnzbpaa.tmp
2012-01-24 20:49:43 859 ---ha-w- c:\programdata\vnzbpaa.tmp
2012-01-24 20:49:38 833 ---ha-w- c:\programdata\unzbpaa.tmp
2012-01-24 20:49:33 865 ---ha-w- c:\programdata\tnzbpaa.tmp
2012-01-24 18:49:51 830 ---ha-w- c:\programdata\mwoamaa.tmp
2012-01-24 18:49:15 841 ---ha-w- c:\programdata\qwoamaa.tmp
2012-01-24 18:49:10 830 ---ha-w- c:\programdata\pwoamaa.tmp
2012-01-24 18:49:04 862 ---ha-w- c:\programdata\owoamaa.tmp
2012-01-24 18:48:56 895 ---ha-w- c:\programdata\nwoamaa.tmp
2012-01-24 17:21:39 887 ---ha-w- c:\programdata\fynlaaa.tmp
2012-01-24 16:49:51 804 ---ha-w- c:\programdata\sdywnaa.tmp
2012-01-24 16:49:11 822 ---ha-w- c:\programdata\wdywnaa.tmp
2012-01-24 16:49:06 796 ---ha-w- c:\programdata\vdywnaa.tmp
2012-01-24 16:49:01 841 ---ha-w- c:\programdata\udywnaa.tmp
2012-01-24 16:48:56 849 ---ha-w- c:\programdata\tdywnaa.tmp
2012-01-24 14:50:58 830 ---ha-w- c:\programdata\ecdikaa.tmp
2012-01-24 14:49:37 824 ---ha-w- c:\programdata\acdikaa.tmp
2012-01-24 14:48:52 886 ---ha-w- c:\programdata\dcdikaa.tmp
2012-01-24 14:48:48 894 ---ha-w- c:\programdata\ccdikaa.tmp
2012-01-24 14:48:43 837 ---ha-w- c:\programdata\bcdikaa.tmp
2012-01-24 13:55:46 903 ---ha-w- c:\programdata\awdpaaa.tmp
2012-01-24 13:55:46 842 ---ha-w- c:\programdata\cwdpaaa.tmp
2012-01-24 13:28:56 793 ---ha-w- c:\programdata\fnvlaaa.tmp
2012-01-24 13:28:50 815 ---ha-w- c:\programdata\lqijlba.tmp
2012-01-24 13:28:49 858 ---ha-w- c:\programdata\wzspaaa.tmp
2012-01-24 13:28:46 869 ---ha-w- c:\programdata\kqijlba.tmp
2012-01-24 13:28:40 845 ---ha-w- c:\programdata\jqijlba.tmp
2012-01-24 13:28:17 857 ---ha-w- c:\programdata\dnvlaaa.tmp
2012-01-24 13:28:02 854 ---ha-w- c:\programdata\xzspaaa.tmp
2012-01-24 13:27:57 858 ---ha-w- c:\programdata\zzspaaa.tmp
2012-01-24 13:27:09 811 ---ha-w- c:\programdata\nlizfaa.tmp
2012-01-24 13:23:51 830 ---ha-w- c:\programdata\mqijlba.tmp
2012-01-24 13:22:59 841 ---ha-w- c:\programdata\llizfaa.tmp
2012-01-24 13:22:42 825 ---ha-w- c:\programdata\aatpaaa.tmp
2012-01-24 13:14:27 870 ---ha-w- c:\programdata\iqijlba.tmp
2012-01-24 13:12:26 893 ---ha-w- c:\programdata\gnvlaaa.tmp
2012-01-24 13:10:22 825 ---ha-w- c:\programdata\yzspaaa.tmp
2012-01-24 13:01:56 875 ---ha-w- c:\programdata\klizfaa.tmp
2012-01-24 12:36:15 889 ---ha-w- c:\programdata\envlaaa.tmp
2012-01-24 12:28:36 806 ---ha-w- c:\programdata\obarbba.tmp
2012-01-24 12:28:06 832 ---ha-w- c:\programdata\sbarbba.tmp
2012-01-24 12:28:05 817 ---ha-w- c:\programdata\qbarbba.tmp
2012-01-24 12:28:05 815 ---ha-w- c:\programdata\rbarbba.tmp
2012-01-24 12:27:46 840 ---ha-w- c:\programdata\pbarbba.tmp
2012-01-24 12:22:01 807 ---ha-w- c:\programdata\mlizfaa.tmp
2012-01-24 11:36:59 839 ---ha-w- c:\programdata\ktgepba.tmp
2012-01-24 11:36:09 865 ---ha-w- c:\programdata\mtgepba.tmp
2012-01-24 11:36:05 857 ---ha-w- c:\programdata\ltgepba.tmp
2012-01-24 11:29:29 867 ---ha-w- c:\programdata\wjwnmba.tmp
2012-01-24 11:28:49 836 ---ha-w- c:\programdata\akwnmba.tmp
2012-01-24 11:28:45 858 ---ha-w- c:\programdata\zjwnmba.tmp
2012-01-24 11:28:41 845 ---ha-w- c:\programdata\yjwnmba.tmp
2012-01-24 11:28:34 837 ---ha-w- c:\programdata\xjwnmba.tmp
2012-01-24 11:21:41 806 ---ha-w- c:\programdata\mechrba.tmp
2012-01-24 11:21:35 839 ---ha-w- c:\programdata\lechrba.tmp
2012-01-24 11:21:30 799 ---ha-w- c:\programdata\kechrba.tmp
2012-01-24 11:21:24 827 ---ha-w- c:\programdata\jechrba.tmp
2012-01-24 10:35:37 830 ---ha-w- c:\programdata\itvdqba.tmp
2012-01-24 10:35:32 872 ---ha-w- c:\programdata\htvdqba.tmp
2012-01-24 10:35:28 899 ---ha-w- c:\programdata\gtvdqba.tmp
2012-01-24 10:35:25 847 ---ha-w- c:\programdata\ktvdqba.tmp
2012-01-24 10:34:41 843 ---ha-w- c:\programdata\jtvdqba.tmp
2012-01-24 09:48:54 819 ---ha-w- c:\programdata\excamba.tmp
2012-01-24 09:48:49 842 ---ha-w- c:\programdata\dxcamba.tmp
2012-01-24 09:48:44 875 ---ha-w- c:\programdata\cxcamba.tmp
2012-01-24 09:47:59 863 ---ha-w- c:\programdata\fxcamba.tmp
2012-01-24 09:27:30 834 ---ha-w- c:\programdata\aybydaa.tmp
2012-01-24 09:27:25 876 ---ha-w- c:\programdata\zxbydaa.tmp
2012-01-24 09:27:20 863 ---ha-w- c:\programdata\yxbydaa.tmp
2012-01-24 09:27:15 850 ---ha-w- c:\programdata\xxbydaa.tmp
2012-01-24 07:20:46 887 ---ha-w- c:\programdata\glbdkba.tmp
2012-01-24 07:19:05 848 ---ha-w- c:\programdata\klbdkba.tmp
2012-01-24 07:19:01 819 ---ha-w- c:\programdata\jlbdkba.tmp
2012-01-24 07:18:56 841 ---ha-w- c:\programdata\ilbdkba.tmp
2012-01-24 07:18:50 820 ---ha-w- c:\programdata\hlbdkba.tmp
2012-01-24 05:28:47 802 ---ha-w- c:\programdata\olizfaa.tmp
2012-01-24 04:25:09 815 ---ha-w- c:\programdata\ttkrxaa.tmp
2012-01-24 03:48:56 818 ---ha-w- c:\programdata\igvhlba.tmp
2012-01-24 03:46:15 828 ---ha-w- c:\programdata\mgvhlba.tmp
2012-01-24 03:46:10 820 ---ha-w- c:\programdata\lgvhlba.tmp
2012-01-24 03:46:05 848 ---ha-w- c:\programdata\kgvhlba.tmp
2012-01-24 03:46:00 829 ---ha-w- c:\programdata\jgvhlba.tmp
2012-01-24 01:54:31 825 ---ha-w- c:\programdata\yenajba.tmp
2012-01-24 01:54:20 807 ---ha-w- c:\programdata\wenajba.tmp
2012-01-24 01:47:04 820 ---ha-w- c:\programdata\uenajba.tmp
2012-01-24 01:46:19 863 ---ha-w- c:\programdata\xenajba.tmp
2012-01-23 23:47:53 857 ---ha-w- c:\programdata\whppcba.tmp
2012-01-23 23:47:13 826 ---ha-w- c:\programdata\aippcba.tmp
2012-01-23 23:46:58 845 ---ha-w- c:\programdata\xhppcba.tmp
2012-01-23 23:46:08 854 ---ha-w- c:\programdata\zhppcba.tmp
2012-01-23 23:46:03 832 ---ha-w- c:\programdata\yhppcba.tmp
2012-01-23 21:46:34 844 ---ha-w- c:\programdata\uefavaa.tmp
2012-01-23 21:45:54 838 ---ha-w- c:\programdata\yefavaa.tmp
2012-01-23 21:45:50 844 ---ha-w- c:\programdata\xefavaa.tmp
2012-01-23 21:45:44 847 ---ha-w- c:\programdata\wefavaa.tmp
2012-01-23 21:45:42 815 ---ha-w- c:\programdata\vefavaa.tmp
2012-01-23 20:49:21 851 ---ha-w- c:\programdata\yepnwaa.tmp
2012-01-23 20:49:16 886 ---ha-w- c:\programdata\xepnwaa.tmp
2012-01-23 20:49:11 822 ---ha-w- c:\programdata\wepnwaa.tmp
2012-01-23 20:49:06 837 ---ha-w- c:\programdata\vepnwaa.tmp
2012-01-23 20:48:49 800 ---ha-w- c:\programdata\cnvlaaa.tmp
2012-01-23 19:46:16 840 ---ha-w- c:\programdata\ovgxoaa.tmp
2012-01-23 19:45:36 796 ---ha-w- c:\programdata\svgxoaa.tmp
2012-01-23 19:45:31 834 ---ha-w- c:\programdata\rvgxoaa.tmp
2012-01-23 19:45:26 897 ---ha-w- c:\programdata\qvgxoaa.tmp
2012-01-23 19:45:21 836 ---ha-w- c:\programdata\pvgxoaa.tmp
2012-01-23 17:47:48 821 ---ha-w- c:\programdata\iegjnaa.tmp
2012-01-23 17:45:08 851 ---ha-w- c:\programdata\megjnaa.tmp
2012-01-23 17:45:03 840 ---ha-w- c:\programdata\legjnaa.tmp
2012-01-23 17:44:59 840 ---ha-w- c:\programdata\kegjnaa.tmp
2012-01-23 17:44:54 820 ---ha-w- c:\programdata\jegjnaa.tmp
2012-01-23 15:45:47 837 ---ha-w- c:\programdata\iqqbhaa.tmp
2012-01-23 15:45:07 831 ---ha-w- c:\programdata\mqqbhaa.tmp
2012-01-23 15:45:02 826 ---ha-w- c:\programdata\lqqbhaa.tmp
2012-01-23 15:44:57 838 ---ha-w- c:\programdata\kqqbhaa.tmp
2012-01-23 15:44:52 858 ---ha-w- c:\programdata\jqqbhaa.tmp
2012-01-23 14:10:52 841 ---ha-w- c:\programdata\oxsloaa.tmp
2012-01-23 12:55:47 819 ---ha-w- c:\programdata\jnupaaa.tmp
2012-01-23 12:52:59 892 ---ha-w- c:\programdata\kxsloaa.tmp
2012-01-23 12:52:14 847 ---ha-w- c:\programdata\nxsloaa.tmp
2012-01-23 12:52:09 828 ---ha-w- c:\programdata\mxsloaa.tmp
2012-01-23 12:52:04 858 ---ha-w- c:\programdata\lxsloaa.tmp
2012-01-23 12:45:14 844 ---ha-w- c:\programdata\knupaaa.tmp
2012-01-23 12:38:09 869 ---ha-w- c:\programdata\pepefaa.tmp
2012-01-23 12:35:56 836 ---ha-w- c:\programdata\szrsbba.tmp
2012-01-23 12:35:16 800 ---ha-w- c:\programdata\wzrsbba.tmp
2012-01-23 12:35:11 855 ---ha-w- c:\programdata\vzrsbba.tmp
2012-01-23 12:35:06 817 ---ha-w- c:\programdata\uzrsbba.tmp
2012-01-23 12:35:01 817 ---ha-w- c:\programdata\tzrsbba.tmp
2012-01-23 12:03:14 851 ---ha-w- c:\programdata\gnupaaa.tmp
2012-01-23 11:59:26 839 ---ha-w- c:\programdata\nepefaa.tmp
2012-01-23 10:35:35 824 ---ha-w- c:\programdata\uungaba.tmp
2012-01-23 10:34:55 836 ---ha-w- c:\programdata\yungaba.tmp
2012-01-23 10:34:50 810 ---ha-w- c:\programdata\xungaba.tmp
2012-01-23 10:34:45 838 ---ha-w- c:\programdata\wungaba.tmp
2012-01-23 10:34:40 863 ---ha-w- c:\programdata\vungaba.tmp
2012-01-23 09:51:34 848 ---ha-w- c:\programdata\inupaaa.tmp
2012-01-23 09:49:37 827 ---ha-w- c:\programdata\mepefaa.tmp
2012-01-23 05:10:22 830 ---ha-w- c:\programdata\hnupaaa.tmp
2012-01-23 04:08:59 888 ---ha-w- c:\programdata\onobqaa.tmp
2012-01-23 04:08:19 828 ---ha-w- c:\programdata\snobqaa.tmp
2012-01-23 04:08:14 829 ---ha-w- c:\programdata\rnobqaa.tmp
2012-01-23 04:08:09 790 ---ha-w- c:\programdata\qnobqaa.tmp
2012-01-23 04:08:04 852 ---ha-w- c:\programdata\pnobqaa.tmp
2012-01-23 02:08:22 854 ---ha-w- c:\programdata\medigaa.tmp
2012-01-23 02:07:42 890 ---ha-w- c:\programdata\qedigaa.tmp
2012-01-23 02:07:37 824 ---ha-w- c:\programdata\pedigaa.tmp
2012-01-23 02:07:32 860 ---ha-w- c:\programdata\oedigaa.tmp
2012-01-23 02:07:27 855 ---ha-w- c:\programdata\nedigaa.tmp
2012-01-23 01:09:12 867 ---ha-w- c:\programdata\qepefaa.tmp
2012-01-23 01:09:02 863 ---ha-w- c:\programdata\oepefaa.tmp
2012-01-23 00:55:30 814 ---ha-w- c:\programdata\kdedsaa.tmp
2012-01-23 00:40:59 805 ---ha-w- c:\programdata\jympaaa.tmp
2012-01-23 00:36:12 811 ---ha-w- c:\programdata\iiscvaa.tmp
2012-01-23 00:35:46 858 ---ha-w- c:\programdata\bsjldaa.tmp
2012-01-23 00:35:00 823 ---ha-w- c:\programdata\jmslaaa.tmp
2012-01-23 00:25:41 827 ---ha-w- c:\programdata\asjldaa.tmp
2012-01-23 00:24:54 828 ---ha-w- c:\programdata\mmslaaa.tmp
2012-01-23 00:20:21 866 ---ha-w- c:\programdata\miscvaa.tmp
2012-01-23 00:20:15 875 ---ha-w- c:\programdata\liscvaa.tmp
2012-01-23 00:20:10 846 ---ha-w- c:\programdata\kiscvaa.tmp
2012-01-23 00:20:05 862 ---ha-w- c:\programdata\jiscvaa.tmp
2012-01-23 00:16:54 817 ---ha-w- c:\programdata\iympaaa.tmp
2012-01-23 00:15:30 842 ---ha-w- c:\programdata\imslaaa.tmp
2012-01-22 23:52:48 882 ---ha-w- c:\programdata\esjldaa.tmp
2012-01-22 23:45:00 839 ---ha-w- c:\programdata\csjldaa.tmp
2012-01-22 23:04:10 857 ---ha-w- c:\programdata\mympaaa.tmp
2012-01-22 22:23:10 855 ---ha-w- c:\programdata\eksccaa.tmp
2012-01-22 22:19:30 820 ---ha-w- c:\programdata\iksccaa.tmp
2012-01-22 22:19:25 852 ---ha-w- c:\programdata\hksccaa.tmp
2012-01-22 22:19:20 836 ---ha-w- c:\programdata\gksccaa.tmp
2012-01-22 22:19:15 827 ---ha-w- c:\programdata\fksccaa.tmp
2012-01-22 22:10:50 866 ---ha-w- c:\programdata\lympaaa.tmp
2012-01-22 22:02:21 862 ---ha-w- c:\programdata\kmslaaa.tmp
2012-01-22 20:56:04 831 ---ha-w- c:\programdata\lmslaaa.tmp
2012-01-22 20:30:51 834 ---ha-w- c:\programdata\dsjldaa.tmp
2012-01-22 20:20:51 833 ---ha-w- c:\programdata\opfxcaa.tmp
2012-01-22 20:20:01 851 ---ha-w- c:\programdata\qpfxcaa.tmp
2012-01-22 20:19:56 844 ---ha-w- c:\programdata\ppfxcaa.tmp
2012-01-22 20:19:11 893 ---ha-w- c:\programdata\spfxcaa.tmp
2012-01-22 20:19:06 824 ---ha-w- c:\programdata\rpfxcaa.tmp
2012-01-22 19:14:16 838 ---ha-w- c:\programdata\kympaaa.tmp
2012-01-22 19:08:40 2641408 ---ha-w- c:\windows\winDAFD.tmp
2012-01-22 19:08:35 2641408 ---ha-w- c:\windows\winC75C.tmp
2012-01-22 19:08:30 2641408 ---ha-w- c:\windows\winB16A.tmp
2012-01-22 19:08:24 2641408 ---ha-w- c:\windows\win9DC9.tmp
2012-01-22 19:08:19 2641408 ---ha-w- c:\windows\win85C4.tmp
2012-01-22 19:08:12 2641408 ---ha-w- c:\windows\win6DDF.tmp
2012-01-22 19:08:07 2641408 ---ha-w- c:\windows\win59A2.tmp
2012-01-22 19:07:54 2641408 ---ha-w- c:\windows\win294D.tmp
2012-01-22 19:07:49 2641408 ---ha-w- c:\windows\win15AB.tmp
2012-01-22 19:07:44 2641408 ---ha-w- c:\windows\winFFAA.tmp
2012-01-22 19:07:39 2641408 ---ha-w- c:\windows\winEC09.tmp
2012-01-22 19:07:34 2641408 ---ha-w- c:\windows\winD867.tmp
2012-01-22 19:04:40 2641408 ---ha-w- c:\windows\win30F9.tmp
2012-01-22 19:04:35 2641408 ---ha-w- c:\windows\win1D57.tmp
2012-01-22 19:04:30 2641408 ---ha-w- c:\windows\win997.tmp
2012-01-22 19:04:25 2641408 ---ha-w- c:\windows\winF5A8.tmp
2012-01-22 19:04:20 2641408 ---ha-w- c:\windows\winE1C8.tmp
2012-01-22 19:04:14 2641408 ---ha-w- c:\windows\winCE27.tmp
2012-01-22 19:04:09 2641408 ---ha-w- c:\windows\winB8A2.tmp
2012-01-22 19:04:04 2641408 ---ha-w- c:\windows\winA501.tmp
2012-01-22 19:03:59 2641408 ---ha-w- c:\windows\win9160.tmp
2012-01-22 19:03:54 2641408 ---ha-w- c:\windows\win7DBE.tmp
2012-01-22 19:03:49 2641408 ---ha-w- c:\windows\win6A1D.tmp
2012-01-22 19:03:44 2641408 ---ha-w- c:\windows\win567C.tmp
2012-01-22 19:00:53 2641408 ---ha-w- c:\windows\winBAF1.tmp
2012-01-22 19:00:47 2641408 ---ha-w- c:\windows\winA637.tmp
2012-01-22 19:00:42 2641408 ---ha-w- c:\windows\win8F99.tmp
2012-01-22 19:00:37 2641408 ---ha-w- c:\windows\win7B5C.tmp
2012-01-22 19:00:31 2641408 ---ha-w- c:\windows\win654B.tmp
2012-01-22 19:00:26 2641408 ---ha-w- c:\windows\win50EE.tmp
2012-01-22 19:00:20 2641408 ---ha-w- c:\windows\win3B79.tmp
2012-01-22 19:00:15 2641408 ---ha-w- c:\windows\win2539.tmp
2012-01-22 19:00:09 2641408 ---ha-w- c:\windows\winF66.tmp
2012-01-22 19:00:02 2641408 ---ha-w- c:\windows\winF530.tmp
2012-01-22 18:59:44 2641408 ---ha-w- c:\windows\winAC5C.tmp
2012-01-22 18:59:38 2641408 ---ha-w- c:\windows\win96E7.tmp
2012-01-22 18:59:31 2641408 ---ha-w- c:\windows\win79C4.tmp
2012-01-22 18:59:24 2641408 ---ha-w- c:\windows\win5E94.tmp
2012-01-22 18:59:18 2641408 ---ha-w- c:\windows\win49BB.tmp
2012-01-22 18:59:13 2641408 ---ha-w- c:\windows\win34B3.tmp
2012-01-22 18:58:57 2641408 ---ha-w- c:\windows\winF4B5.tmp
2012-01-22 18:58:51 2641408 ---ha-w- c:\windows\winDDE8.tmp
2012-01-22 18:58:44 2641408 ---ha-w- c:\windows\winC4DB.tmp
2012-01-22 18:58:38 2641408 ---ha-w- c:\windows\winAC1B.tmp
2012-01-22 18:58:29 2641408 ---ha-w- c:\windows\win8799.tmp
2012-01-22 18:58:21 2641408 ---ha-w- c:\windows\win6825.tmp
2012-01-22 18:58:10 2641408 ---ha-w- c:\windows\win3DF8.tmp
2012-01-22 18:57:55 2641408 ---ha-w- c:\windows\win395.tmp
2012-01-22 18:57:38 2641408 ---ha-w- c:\windows\winC01E.tmp
2012-01-22 18:57:24 2641408 ---ha-w- c:\windows\win89DF.tmp
2012-01-22 18:57:14 2641408 ---ha-w- c:\windows\win6415.tmp
2012-01-22 18:57:03 2641408 ---ha-w- c:\windows\win39E8.tmp
2012-01-22 18:55:55 2641408 ---ha-w- c:\windows\win2E5B.tmp
2012-01-22 18:54:54 2641408 ---ha-w- c:\windows\win40DB.tmp
2012-01-22 18:54:49 2641408 ---ha-w- c:\windows\win2D2A.tmp
2012-01-22 18:54:43 2641408 ---ha-w- c:\windows\win17F4.tmp
2012-01-22 18:54:38 2641408 ---ha-w- c:\windows\win3B6.tmp
2012-01-22 18:54:33 2641408 ---ha-w- c:\windows\winEDB5.tmp
2012-01-22 18:54:28 2641408 ---ha-w- c:\windows\winD9A6.tmp
2012-01-22 18:54:22 2641408 ---ha-w- c:\windows\winC338.tmp
2012-01-22 18:54:17 2641408 ---ha-w- c:\windows\winAEBC.tmp
2012-01-22 18:54:11 2641408 ---ha-w- c:\windows\win986C.tmp
2012-01-22 18:54:06 2641408 ---ha-w- c:\windows\win849C.tmp
2012-01-22 18:54:01 2641408 ---ha-w- c:\windows\win709D.tmp
2012-01-22 18:53:55 2641408 ---ha-w- c:\windows\win5A4E.tmp
2012-01-22 18:53:50 2641408 ---ha-w- c:\windows\win4527.tmp
2012-01-22 18:53:44 2641408 ---ha-w- c:\windows\win3108.tmp
2012-01-22 18:53:39 2641408 ---ha-w- c:\windows\win1D29.tmp
2012-01-22 18:53:34 2641408 ---ha-w- c:\windows\win949.tmp
2012-01-22 18:53:29 2641408 ---ha-w- c:\windows\winF52B.tmp
2012-01-22 18:53:24 2641408 ---ha-w- c:\windows\winE12C.tmp
2012-01-22 18:53:19 2641408 ---ha-w- c:\windows\winCD4D.tmp
2012-01-22 18:53:14 2641408 ---ha-w- c:\windows\winB97D.tmp
2012-01-22 18:53:09 2641408 ---ha-w- c:\windows\winA5BC.tmp
2012-01-22 18:53:04 2641408 ---ha-w- c:\windows\win91CD.tmp
2012-01-22 18:52:57 2641408 ---ha-w- c:\windows\win7843.tmp
2012-01-22 18:52:50 2641408 ---ha-w- c:\windows\win5E5B.tmp
2012-01-22 18:52:45 2641408 ---ha-w- c:\windows\win481A.tmp
2012-01-22 18:52:40 2641408 ---ha-w- c:\windows\win340C.tmp
2012-01-22 18:52:34 2641408 ---ha-w- c:\windows\win1DFB.tmp
2012-01-22 18:52:29 2641408 ---ha-w- c:\windows\winA1B.tmp
2012-01-22 18:52:23 2641408 ---ha-w- c:\windows\winF439.tmp
2012-01-22 18:52:18 2641408 ---ha-w- c:\windows\winE059.tmp
2012-01-22 18:52:13 2641408 ---ha-w- c:\windows\winCBBE.tmp
2012-01-22 18:52:08 2641408 ---ha-w- c:\windows\winB7EE.tmp
2012-01-22 18:52:02 2641408 ---ha-w- c:\windows\winA0C4.tmp
2012-01-22 18:51:57 2641408 ---ha-w- c:\windows\win8BC3.tmp
2012-01-22 18:51:51 2641408 ---ha-w- c:\windows\win762E.tmp
2012-01-22 18:51:46 2641408 ---ha-w- c:\windows\win6201.tmp
2012-01-22 18:51:40 2641408 ---ha-w- c:\windows\win49FC.tmp
2012-01-22 18:51:35 2641408 ---ha-w- c:\windows\win363C.tmp
2012-01-22 18:51:30 2641408 ---ha-w- c:\windows\win21EF.tmp
2012-01-22 18:51:24 2641408 ---ha-w- c:\windows\winDF0.tmp
2012-01-22 18:51:19 2641408 ---ha-w- c:\windows\winFA3F.tmp
2012-01-22 18:51:14 2641408 ---ha-w- c:\windows\winE68E.tmp
2012-01-22 18:51:09 2641408 ---ha-w- c:\windows\winD2BE.tmp
2012-01-22 18:50:59 2641408 ---ha-w- c:\windows\winAB3F.tmp
2012-01-22 18:48:51 2641408 ---ha-w- c:\windows\winB5E9.tmp
2012-01-22 18:48:46 2641408 ---ha-w- c:\windows\winA238.tmp
2012-01-22 18:48:36 2641408 ---ha-w- c:\windows\win7B07.tmp
2012-01-22 18:48:31 2641408 ---ha-w- c:\windows\win6766.tmp
2012-01-22 18:48:26 2641408 ---ha-w- c:\windows\win53C4.tmp
2012-01-22 18:48:21 2641408 ---ha-w- c:\windows\win4014.tmp
2012-01-22 18:48:16 2641408 ---ha-w- c:\windows\win2C34.tmp
2012-01-22 18:48:10 2641408 ---ha-w- c:\windows\win1883.tmp
2012-01-22 18:48:05 2641408 ---ha-w- c:\windows\win494.tmp
2012-01-22 18:48:00 2641408 ---ha-w- c:\windows\winEEC1.tmp
2012-01-22 18:47:55 2641408 ---ha-w- c:\windows\winDB20.tmp
2012-01-22 18:47:50 2641408 ---ha-w- c:\windows\winC76F.tmp
2012-01-22 18:47:45 2641408 ---ha-w- c:\windows\winB370.tmp
2012-01-22 18:47:40 2641408 ---ha-w- c:\windows\win9FCF.tmp
2012-01-22 18:47:34 2641408 ---ha-w- c:\windows\win8C0F.tmp
2012-01-22 18:47:29 2641408 ---ha-w- c:\windows\win782F.tmp
2012-01-22 18:47:24 2641408 ---ha-w- c:\windows\win645F.tmp
2012-01-22 18:47:19 2641408 ---ha-w- c:\windows\win509E.tmp
2012-01-22 18:47:14 2641408 ---ha-w- c:\windows\win3CDE.tmp
2012-01-22 18:47:09 2641408 ---ha-w- c:\windows\win291E.tmp
2012-01-22 18:47:04 2641408 ---ha-w- c:\windows\win156D.tmp
2012-01-22 18:46:59 2641408 ---ha-w- c:\windows\win19D.tmp
2012-01-22 18:46:54 2641408 ---ha-w- c:\windows\winED9E.tmp
2012-01-22 18:46:49 2641408 ---ha-w- c:\windows\winD9ED.tmp
2012-01-22 18:46:47 -------- d--h--w- c:\program files\C4528
2012-01-22 18:46:14 -------- d--h--w- c:\users\brent\appdata\roaming\AC6C4
2012-01-22 18:46:03 -------- d--h--w- c:\program files\LP
2012-01-16 15:01:39 103864 ---ha-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

==================== Find3M ====================

2012-01-25 19:50:09 135781 ---ha-w- \mbam-setup-1.60.0.1800.exe
2012-01-25 19:50:09 135781 ---ha-w- \mbam-setup-1.60.0.1800.exe
2012-01-24 23:48:58 60304 ---ha-w- c:\users\brent\g2mdlhlpx.exe
2012-01-22 18:55:50 2641408 ---ha-w- c:\windows\win14E0.tmp
2012-01-22 18:55:43 2641408 ---ha-w- c:\windows\winF1.tmp
2012-01-22 18:55:38 2641408 ---ha-w- c:\windows\winEC37.tmp
2012-01-22 18:55:36 831 ---ha-w- c:\programdata\btbswka.tmp
2012-01-22 18:55:33 2641408 ---ha-w- c:\windows\winD72F.tmp
2012-01-22 18:55:30 814 ---ha-w- c:\programdata\atbswka.tmp
2012-01-22 18:55:27 2641408 ---ha-w- c:\windows\winC2C3.tmp
2012-01-22 18:55:25 836 ---ha-w- c:\programdata\zsbswka.tmp
2012-01-22 18:55:22 2641408 ---ha-w- c:\windows\winAEF3.tmp
2012-01-22 18:55:17 2641408 ---ha-w- c:\windows\win9AE5.tmp
2012-01-22 18:55:12 2641408 ---ha-w- c:\windows\win813B.tmp
2012-01-22 18:55:05 2641408 ---ha-w- c:\windows\win6C04.tmp
2012-01-22 18:55:00 2641408 ---ha-w- c:\windows\win57B7.tmp
2011-09-25 02:31:52 44 ---h--w- c:\program files\d345a5c1.tmp

============= FINISH: 17:18:37.78 ===============
 
More logs

Attach.txt


==== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
7-Zip 4.65
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 9.5.0 - CPSID_83708
Adobe AIR
Adobe Flash Player 11 ActiveX
AI RoboForm (All Users)
AIM 7
Akamai NetSession Interface
Akamai NetSession Interface Service
All Day Battery Life Configuration
Any Video Converter 3.1.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression for Kodak
AuthenTec Fingerprint Software
Auto Click Profits 1.0.0
Belarc Advisor 8.1
BioAPI Framework
BlackBerry Desktop Software 6.0
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
CameraHelperMsi
CherryPicker
Cisco AnyConnect VPN Client
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HDA D330 MDC V.92 Modem
Core FTP LE 2.1
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW(R) Graphics Suite X5
DCP32MMWrapper
Dell Control Point
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Driver Download Manager
Dell Edoc Viewer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
Dell Wireless WLAN Card Utility
Digital Line Detect
Document Manager Lite
Domain Samurai
Download Updater (AOL LLC)
Dropbox
EMBASSY Security Center
EMBASSY Security Setup
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 610 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup
erLT
ESC Home Page Plugin
Facebook FriendAdder
FB Leads Maker version 1.1
FreeMind
Gemalto
GIMP 2.6.11
Golf Solitaire 1.1.0
Google Chrome
Google Desktop
Google Quick Search Box
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.1.0.880
GPScraper 2011
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Jing
Junk Mail filter update
Logitech Webcam Software
LWS Facebook
LWS Help_main
LWS VideoEffects
LWS Webcam Software
Malwarebytes Anti-Malware version 1.60.0.1800
MapPI v4.4 version 4.4
Market Samurai
Maxtor Manager
McAfee Browser Protection Service
McAfee Firewall Protection Service
McAfee Security Scan Plus
McAfee SiteAdvisor Enterprise Plus
McAfee Virus and Spyware Protection Service
MFCLOC
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Mobile Broadband Generic Drivers
Move Media Player
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NicheSensei
Notepad++
NTRU TCG Software Stack
Nvu 1.0PR
OGA Notifier 2.0.0048.0
PayPal Plug-In
Picasa 3
PingPlotter Standard 3.30.4s
PowerDVD DX
Preboot Manager
Private Information Manager
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2553010)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Wizards
Sierra Utilities
Skype™ 5.5
SO32MMWrapper
Trillian
TrueKat Show
Trusted Drive Manager
Tube Toolbox
Tweet Siphon 1.0
Underachiever Secrets
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
UPEK TouchChip Fingerprint Reader
Verizon Wireless MiFi-2200 Firmware Updates
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
Visual C++ 8.0 x86 Runtime Setup Package
VZAccess Manager
Wave Infrastructure Installer
Wave Support Software
WebEx
WIDCOMM Bluetooth Software
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Xtreme Traffic Arbitrage
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yammer
YPScraper

==== End Of File =========================
 
GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-26 17:16:01
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1
Running: gmer.exe; Driver: C:\Users\Brent\AppData\Local\Temp\fxliqfow.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\701a041e8bee
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\701a041e8bee (not active ControlSet)

---- Files - GMER 1.0.15 ----

F
---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[596] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[4124] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00070FEF
.text C:\Windows\system32\lsass.exe[612] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00090000
.text C:\Windows\System32\svchost.exe[2008] msvcrt.dll!_open 762B7E48 5 Bytes JMP 001E0FE3
.text C:\Windows\system32\svchost.exe[848] msvcrt.dll!_open 762B7E48 5 Bytes JMP 002E0FEF
.text C:\Windows\system32\svchost.exe[632] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00310FEF
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00330000
.text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!_open 762B7E48 5 Bytes JMP 003B0000
.text C:\Windows\system32\svchost.exe[748] msvcrt.dll!_open 762B7E48 5 Bytes JMP 003C0FEF
.text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00580FEF
.text C:\Windows\System32\svchost.exe[556] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00860000
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_open 762B7E48 5 Bytes JMP 008C0FE3
.text C:\Windows\system32\svchost.exe[2328] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00900FEF
.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_open 762B7E48 5 Bytes JMP 00BC0FEF
.text C:\Windows\Explorer.EXE[3644] msvcrt.dll!_open 762B7E48 5 Bytes JMP 02F30000
.text C:\Windows\system32\services.exe[596] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 00070031
.text C:\Windows\system32\svchost.exe[4124] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 00070FA3
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 00070FD4
.text C:\Windows\system32\lsass.exe[612] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 0009005A
.text C:\Windows\System32\svchost.exe[2008] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 001E0042
.text C:\Windows\system32\svchost.exe[848] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 002E0FC3
.text C:\Windows\system32\svchost.exe[632] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 00310F7A
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 0033004E
.text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 003B006E
.text C:\Windows\system32\svchost.exe[748] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 003C0044
.text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 0058005D
.text C:\Windows\System32\svchost.exe[556] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 00860FB4
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 008C0038
.text C:\Windows\system32\svchost.exe[2328] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 00900F97
.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 00BC0FCD
.text C:\Windows\Explorer.EXE[3644] msvcrt.dll!_wsystem 762EB04F 5 Bytes JMP 02F30042
.text C:\Windows\system32\svchost.exe[4124] msvcrt.dll!system 762EB16F 5 Bytes JMP 00070038
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!system 762EB16F 5 Bytes JMP 0007005F
.text C:\Windows\system32\services.exe[596] msvcrt.dll!system 762EB16F 5 Bytes JMP 00070FA6
.text C:\Windows\system32\lsass.exe[612] msvcrt.dll!system 762EB16F 5 Bytes JMP 0009003F
.text C:\Windows\System32\svchost.exe[2008] msvcrt.dll!system 762EB16F 5 Bytes JMP 001E0027
.text C:\Windows\system32\svchost.exe[848] msvcrt.dll!system 762EB16F 5 Bytes JMP 002E0044
.text C:\Windows\system32\svchost.exe[632] msvcrt.dll!system 762EB16F 5 Bytes JMP 00310F95
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!system 762EB16F 5 Bytes JMP 00330FCD
.text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!system 762EB16F 5 Bytes JMP 003B005D
.text C:\Windows\system32\svchost.exe[748] msvcrt.dll!system 762EB16F 5 Bytes JMP 003C0033
.text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!system 762EB16F 5 Bytes JMP 00580042
.text C:\Windows\System32\svchost.exe[556] msvcrt.dll!system 762EB16F 5 Bytes JMP 00860049
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!system 762EB16F 5 Bytes JMP 008C0027
.text C:\Windows\system32\svchost.exe[2328] msvcrt.dll!system 762EB16F 5 Bytes JMP 00900FB2
.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!system 762EB16F 5 Bytes JMP 00BC0FDE
.text C:\Windows\Explorer.EXE[3644] msvcrt.dll!system 762EB16F 5 Bytes JMP 02F30027
.text C:\Windows\system32\services.exe[596] msvcrt.dll!_creat 762EED29 5 Bytes JMP 0007000C
.text C:\Windows\system32\svchost.exe[4124] msvcrt.dll!_creat 762EED29 5 Bytes JMP 0007000C
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_creat 762EED29 5 Bytes JMP 00070033
.text C:\Windows\system32\lsass.exe[612] msvcrt.dll!_creat 762EED29 5 Bytes JMP 0009002E
.text C:\Windows\System32\svchost.exe[2008] msvcrt.dll!_creat 762EED29 5 Bytes JMP 001E0FC1
.text C:\Windows\system32\svchost.exe[848] msvcrt.dll!_creat 762EED29 5 Bytes JMP 002E0FD4
.text C:\Windows\system32\svchost.exe[632] msvcrt.dll!_creat 762EED29 5 Bytes JMP 00310FC1
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_creat 762EED29 5 Bytes JMP 00330022
.text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!_creat 762EED29 5 Bytes JMP 003B001D
.text C:\Windows\system32\svchost.exe[748] msvcrt.dll!_creat 762EED29 5 Bytes JMP 003C0FCD
.text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!_creat 762EED29 5 Bytes JMP 00580FD2
.text C:\Windows\System32\svchost.exe[556] msvcrt.dll!_creat 762EED29 5 Bytes JMP 0086002E
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_creat 762EED29 5 Bytes JMP 008C0FB7
.text C:\Windows\system32\svchost.exe[2328] msvcrt.dll!_creat 762EED29 5 Bytes JMP 00900018
.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_creat 762EED29 5 Bytes JMP 00BC0029
.text C:\Windows\Explorer.EXE[3644] msvcrt.dll!_creat 762EED29 5 Bytes JMP 02F30FD2
.text C:\Windows\system32\svchost.exe[4124] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 0007001D
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 0007004E
.text C:\Windows\system32\services.exe[596] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 00070FB7
.text C:\Windows\system32\lsass.exe[612] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 00090FCF
.text C:\Windows\System32\svchost.exe[2008] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 001E0016
.text C:\Windows\system32\svchost.exe[848] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 002E0029
.text C:\Windows\system32\svchost.exe[632] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 00310FA6
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 0033003D
.text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 003B0042
.text C:\Windows\system32\svchost.exe[748] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 003C0022
.text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 00580027
.text C:\Windows\System32\svchost.exe[556] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 00860FD9
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 008C000C
.text C:\Windows\system32\svchost.exe[2328] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 00900FC3
.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 00BC004E
.text C:\Windows\Explorer.EXE[3644] msvcrt.dll!_wcreat 762F038E 5 Bytes JMP 02F30FB7
.text C:\Windows\system32\svchost.exe[1540] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 00070018
.text C:\Windows\system32\svchost.exe[4124] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 00070FD2
.text C:\Windows\system32\services.exe[596] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 00070FDE
.text C:\Windows\system32\lsass.exe[612] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 0009001D
.text C:\Windows\System32\svchost.exe[2008] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 001E0FD2
.text C:\Windows\system32\svchost.exe[848] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 002E000C
.text C:\Windows\system32\svchost.exe[632] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 00310FDE
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 00330011
.text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 003B0FE3
.text C:\Windows\system32\svchost.exe[748] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 003C0FDE
.text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 0058000C
.text C:\Windows\System32\svchost.exe[556] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 0086001D
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 008C0FD2
.text C:\Windows\system32\svchost.exe[2328] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 00900FDE
.text C:\Windows\System32\svchost.exe[964] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 00BC0018
.text C:\Windows\Explorer.EXE[3644] msvcrt.dll!_wopen 762F0570 5 Bytes JMP 02F30FEF

---- Files - GMER 1.0.15 ----
 
More GMER.log

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\lsass.exe[612] WININET.dll!InternetOpenW 76719197 5 Bytes JMP 000A0025
.text C:\Windows\System32\svchost.exe[2008] WININET.dll!InternetOpenW 76719197 5 Bytes JMP 001F0FD4
.text C:\Windows\Explorer.EXE[3644] WININET.dll!InternetOpenW 76719197 5 Bytes JMP 02F4001B
.text C:\Windows\system32\lsass.exe[612] WININET.dll!InternetOpenA 7671F18E 5 Bytes JMP 000A000A
.text C:\Windows\System32\svchost.exe[2008] WININET.dll!InternetOpenA 7671F18E 5 Bytes JMP 001F0FE5
.text C:\Windows\Explorer.EXE[3644] WININET.dll!InternetOpenA 7671F18E 5 Bytes JMP 02F40000
.text C:\Windows\system32\lsass.exe[612] WININET.dll!InternetOpenUrlA 767330E9 5 Bytes JMP 000A0040
.text C:\Windows\System32\svchost.exe[2008] WININET.dll!InternetOpenUrlA 767330E9 5 Bytes JMP 001F000A
.text C:\Windows\Explorer.EXE[3644] WININET.dll!InternetOpenUrlA 767330E9 5 Bytes JMP 02F4002C
.text C:\Windows\system32\lsass.exe[612] WININET.dll!InternetOpenUrlW 7676BF94 5 Bytes JMP 000A005B
.text C:\Windows\System32\svchost.exe[2008] WININET.dll!InternetOpenUrlW 7676BF94 5 Bytes JMP 001F0FB9
.text C:\Windows\Explorer.EXE[3644] WININET.dll!InternetOpenUrlW 7676BF94 5 Bytes JMP 02F40FDB
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00080000
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 0009000A
.text C:\Windows\system32\svchost.exe[4124] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00190000
.text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00190FEF
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 0034000A
.text C:\Windows\System32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00340FEF
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 003F0FE5
.text C:\Windows\system32\svchost.exe[632] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00400FEF
.text C:\Windows\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00460000
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00590000
.text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00690000
.text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00870000
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 008D0000
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00BD000A
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 00BD0FEF
.text C:\Windows\Explorer.EXE[3644] ADVAPI32.dll!RegOpenKeyA 769FCC15 5 Bytes JMP 02F5000A
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00080FC3
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00090058
.text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00190040
.text C:\Windows\system32\svchost.exe[4124] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00190FC0
.text C:\Windows\System32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 0034001E
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 0034002F
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 003F0025
.text C:\Windows\system32\svchost.exe[632] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00400FB2
.text C:\Windows\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00460FC0
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00590FC3
.text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00690036
.text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00870047
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 008D0FD1
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00BD005B
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 00BD0F9E
.text C:\Windows\Explorer.EXE[3644] ADVAPI32.dll!RegCreateKeyA 769FCD01 5 Bytes JMP 02F50051
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00080F94
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00090073
.text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 0019006C
.text C:\Windows\system32\svchost.exe[4124] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00190F94
.text C:\Windows\System32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00340F7C
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00340F8D
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 003F0036
.text C:\Windows\system32\svchost.exe[632] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00400043
.text C:\Windows\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00460F94
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00590FB2
.text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00690065
.text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00870FA5
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 008D0FAF
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00BD0076
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 00BD0F72
.text C:\Windows\Explorer.EXE[3644] ADVAPI32.dll!RegCreateKeyExA 76A01469 5 Bytes JMP 02F50FC3
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00080040
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00090FC7
.text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00190051
.text C:\Windows\system32\svchost.exe[4124] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00190FA5
.text C:\Windows\System32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00340F97
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00340FA8
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 003F0F94
.text C:\Windows\system32\svchost.exe[632] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00400FA1
.text C:\Windows\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00460FAF
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 0059004A
.text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00690FB9
.text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00870FB6
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 008D0FC0
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00BD0F8D
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 00BD0FD4
.text C:\Windows\Explorer.EXE[3644] ADVAPI32.dll!RegCreateKeyW 76A01514 5 Bytes JMP 02F50FD4
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00080FEF
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 0009001B
.text C:\Windows\system32\svchost.exe[4124] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00190011
.text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00190FDE
.text C:\Windows\System32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00340FD4
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00340FEF
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 003F0FD4
.text C:\Windows\system32\svchost.exe[632] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 0040000A
.text C:\Windows\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00460FEF
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00590FE5
.text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00690011
.text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00870011
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 008D0011
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00BD001B
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 00BD0FD4
.text C:\Windows\Explorer.EXE[3644] ADVAPI32.dll!RegOpenKeyW 76A02459 5 Bytes JMP 02F50FEF
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00080F83
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00090084
.text C:\Windows\system32\svchost.exe[4124] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00190F83
.text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00190FB9
.text C:\Windows\System32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00340039
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 0034004A
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 003F0047
.text C:\Windows\system32\svchost.exe[632] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 0040005E
.text C:\Windows\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00460F83
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 0059006F
.text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00690076
.text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00870062
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 008D0F9E
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00BD002F
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 00BD009B
.text C:\Windows\Explorer.EXE[3644] ADVAPI32.dll!RegCreateKeyExW 76A040FE 5 Bytes JMP 02F50FA8
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00080025
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 0009003D
.text C:\Windows\system32\svchost.exe[4124] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00190022
.text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 0019002F
.text C:\Windows\System32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00340FA8
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00340FC3
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 003F0FB9
.text C:\Windows\system32\svchost.exe[632] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00400FC3
.text C:\Windows\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 0046002C
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00590FD4
.text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00690FCA
.text C:\Windows\System32\svchost.exe[556] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 0087002C
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 008D003D
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00BD004A
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 00BD0FC3
.text C:\Windows\Explorer.EXE[3644] ADVAPI32.dll!RegOpenKeyExW 76A0468D 5 Bytes JMP 02F50040
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!RegOpenKeyExA 76A04907 5 Bytes JMP 00080FD4
.text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExA 76A04907 5 Bytes JMP 0009002C
.text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!RegOpenKeyExA 76A04907 5 Bytes JMP 0019001E
.text C:\Windows\system32\svchost.exe[4124] ADVAPI32.dll!RegOpenKeyExA 76A04907 5 Bytes JMP 00190FDB
.text C:\Windows\System32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyExA
 
More GMER.log

---- Files - GMER 1.0.15 ----


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8323C5C5 5 Bytes JMP 8CBA1258 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwSaveKey + 13D1 8324E369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83287D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Files - GMER 1.0.15 ----


---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!NtMapViewOfSection 83457452 7 Bytes JMP 8CBA126C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 8346BA7D 5 Bytes JMP 8CBA1296 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 834756FA 5 Bytes JMP 8CBA1282 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Files - GMER 1.0.15 ----


---- Kernel code sections - GMER 1.0.15 ----

PAGE peauth.sys 92F07BEC 111 Bytes [AE, EA, A7, BE, 8A, 33, 63, ...]

---- Files - GMER 1.0.15 ----


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\mfevtps.exe[2140] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0013A510] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74995600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749956BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749A4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749A4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749A506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749A5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [749A6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749A826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749A8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749A87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [749A901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749AE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749B2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [749B24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2512] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75BCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2512] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75BCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2512] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75BCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2512] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75BCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2512] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75BCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2512] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75BCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:720] C5B2EBD0

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000005e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8CBA1268]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8CBA1292]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8CBA127E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8CBA1254]

---- Files - GMER 1.0.15 ----


File C:\Windows\$NtUninstallKB46542$\3480255166 0 bytes
File C:\Windows\$NtUninstallKB46542$\3480255166\@ 2048 bytes
File C:\Windows\$NtUninstallKB46542$\3480255166\bckfg.tmp 845 bytes
File C:\Windows\$NtUninstallKB46542$\3480255166\cfg.ini 200 bytes
File C:\Windows\$NtUninstallKB46542$\3480255166\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB46542$\3480255166\keywords 722 bytes
File C:\Windows\$NtUninstallKB46542$\3480255166\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB46542$\3480255166\L 0 bytes
File C:\Windows\$NtUninstallKB46542$\3480255166\L\xadqgnnk 338944 bytes
File C:\Windows\$NtUninstallKB46542$\3480255166\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB46542$\3480255166\U 0 bytes
File C:\Windows\$NtUninstallKB46542$\3480255166\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB46542$\3480255166\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB46542$\3480255166\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB46542$\3480255166\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB46542$\3480255166\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB46542$\3480255166\U\80000032.@ 77312 bytes
File C:\Windows\$NtUninstallKB46542$\483184839
 
I've deleted your duplicate thread. Sometimes it takes a few minutes for a post to show. Please keep all logs and comments for this problem on this thread.

There are headers missing from the top of the DDS.txt log and the Attach.txt logs. They give me information about your system. Please find them in you system and post only the top header for each log. Please paste in next reply first, then go on with the scans

Please read scan instructions carefully. You missed the Warning in GMER saying don't click show all.

I have no system information due to the headers missing. I see a McAfee in GMER- is that you AV?
--------------------------------------------
You have diagnosed System Check malware, but you have not given me any information about the problems you're having: for instance:
If you are infected with System Check it is important that you do not delete any files from your Temp folder or use any temp file cleaners
  • System Check is a fake (Rogue) computer analysis and optimization program.
  • The 'alerts' ??? tell you the problems have lead to corrupt and missing data
  • It will display false error messages and security warnings.???
  • It "hides" Icons, desktop, programs??? and files so that they appear to be missing and some programs can't be run
  • This can be installed through hacked sites that exploit vulnerabilities on the system or through fake online scanner pages
  • The malware is configured to automatically start when you logon to Windows.
  • It can also be started if you click on any of these alerts.
=====================================
Go you have internet access?
Can you get into Normal Mode?? Safe Mode with Networking?
=====================================
I'd like you to go ahead and run Combofix. It should find and remove the malware entries for 1/24-1/25. If you have AVG, you will need to uninstall it temporarily to run Combofix, Use the AppRemover first if it applies:
I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

Download AppRemover and save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    image_preview
  5. Click on Next after choice has been made
  6. Check the AVG program you want to uninstall
  7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=========================================

My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.

If I haven't replied back to you within 48 hours, you can send a PMwith your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
Threads are closed after 5 days if there is no reply.
 
A Question

I ran GMER and it never wanred me or asked me to click anything, it just ran so I never saw that message - should i run it again? It took 7 hours to run today (obviously i did something wrong).

I went back and checked and there were no headers in the DDS or Attach logs - should I rerun those to get the header information?

"I have no system information due to the headers missing. I see a McAfee in GMER- is that you AV?
--------------------------------------------
You have diagnosed System Check malware, but you have not given me any information about the problems you're having: for instance:"

My symptoms are:

I got the System Check icon in the system tray and a popup claiming I had bad RAM, disk, virus, etc. but I knew it was fake since the alerts were in the systerm tray and I had never seen that program before. It made my icons disappear, made the background turn black, launched about 20 bogus error "alerts" that kept coming back if I tried to cles them and hid all of my files on the hard drive. I used the cmd.exe to check it had really deleted them and saw that everything was still there. I had internet access until I rebooted and then it started blocking me from getting an IP address from my wireless router. So I am using a second clean computer to copy all of the files in the 5 steps over using a thumb drive.

I have been afraid to cleanup anything until I get some advice from you since you have seen this thing before.

I now have control back, I ran all 5 steps plus unhide.exe but nothing else.

I have not rebooted since running the 5 steps and have re-activated McAfee S-a-a-S which is my only AV. I do not have internet access.

=====================================
Do you have internet access? No
Can you get into Normal Mode?? Yes
Safe Mode with Networking? Have not tried
=====================================
 
Current Progress

Just wanted to say thanks again for your help with this! It is very much appreciated.

I see what you mean with GMER, sorry about that, I completely missed the checkbox on "Show All". I must have clicked it and did not realize.

And the DDS had to be re-downloaded and run again to get the headers to get into the log file. Not sure why.

I ran Combofix 4 times before it actually worked and completed. But it did and here are the logs. I currently have most everything restored back to norman so I am cautiously optimistic but not feeling 100% yet.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-27 11:09:06
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1
Running: tycu4fyo.exe; Driver: C:\Users\Brent\AppData\Local\Temp\fxliqfow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
 
More log info

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Brent at 11:12:35 on 2012-01-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.1763 [GMT -5:00]
.
FW: McAfee® Security-as-a-Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\LTSVC\LTSVC.exe
C:\Windows\LTSvc\LTSvcMon.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\SAgent4.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\LTSVC\LTTray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Windows\system32\conhost.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Brent\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Brent\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Yammer\Yammer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
uInternet Settings,ProxyServer = http=127.0.0.1:59616
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [{E8951905-B0E2-46E3-8881-5C20EAE8B00B}] c:\windows\system32\msiexec.exe /cmdloc "hkcu\software\gpscraper.com aitemp\{E8951905-B0E2-46E3-8881-5C20EAE8B00B}"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Akamai NetSession Interface] "c:\users\brent\appdata\local\akamai\netsession_win.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [EasyMessage] c:\program files\easy message\em2.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [ArcSoft MediaImpression Monitor] c:\program files\kodak\mediaimpression\ArcMonitor.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\users\brent\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\brent\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\brent\appdata\roaming\micros~1\windows\startm~1\programs\startup\yammer.lnk - c:\program files\yammer\Yammer.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\networ~1.lnk - c:\windows\ltsvc\LTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: apptix.net\mail
Trusted Zone: collaborationhost.com\vynamic
Trusted Zone: localima.org\www
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: tgelite.com\labtech
DPF: CabCCT - hxxps://ondemand.apptix.net/codebase/ActCtrl_Apptix.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn1.appliedsystems.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tlr.webex.com/client/T26L/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{49A738B7-03B3-47B9-9727-51289FA76CED} : DhcpNameServer = 10.232.53.29 10.232.53.30 10.232.53.11 10.232.53.145
TCP: Interfaces\{D21D20D7-5BBE-485B-BA3C-2734D8B9A433} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D21D20D7-5BBE-485B-BA3C-2734D8B9A433}\249627B64616C65602055726C69636 : DhcpNameServer = 192.168.3.1
TCP: Interfaces\{D21D20D7-5BBE-485B-BA3C-2734D8B9A433}\D697071627B6 : DhcpNameServer = 192.168.16.2
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brent\appdata\roaming\mozilla\firefox\profiles\bwy2t5l6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59616
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\brent\appdata\roaming\Move Networks
FF - Ext: Google Reader Watcher: grwatcher@ajnasz.hu - %profile%\extensions\grwatcher@ajnasz.hu
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe [2010-11-11 81920]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 382752]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 LTService;TechGuides Monitoring Service;c:\windows\ltsvc\LTSVC.exe [2011-11-15 8713032]
R2 LTSvcMon;TechGuides Monitoring Service CheckUp Util;c:\windows\ltsvc\LTSvcMon.exe [2011-11-15 98120]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-25 652872]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-10-9 493248]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-11-25 260648]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-11-25 122368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-25 20464]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-11-25 29472]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-2-18 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2009-12-13 34248]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-6-15 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-6-3 174720]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-11-25 47104]
S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2009-11-25 49152]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-11-25 38400]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-15 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]
.
=============== Created Last 30 ================
.
2012-01-27 15:50:32 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-27 15:48:02 -------- d-----w- c:\users\brent\appdata\local\temp
2012-01-27 15:47:52 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-27 13:53:03 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-27 13:51:36 -------- d-----w- C:\ComboFix
2012-01-27 02:00:29 98816 ----a-w- c:\windows\sed.exe
2012-01-27 02:00:29 518144 ----a-w- c:\windows\SWREG.exe
2012-01-27 02:00:29 256000 ----a-w- c:\windows\PEV.exe
2012-01-27 02:00:29 208896 ----a-w- c:\windows\MBR.exe
2012-01-27 01:50:55 306 ----a-w- c:\windows\myClean.bat
2012-01-26 13:54:15 800234 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-01-25 19:53:32 -------- d-----w- c:\users\brent\appdata\roaming\Malwarebytes
2012-01-25 19:53:08 -------- d-----w- c:\programdata\Malwarebytes
2012-01-25 19:52:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-25 19:52:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-25 19:50:08 135781 ----a-w- C:\mbam-setup-1.60.0.1800.exe
2012-01-22 18:46:47 -------- d-----w- c:\program files\C4528
2012-01-22 18:46:14 -------- d-----w- c:\users\brent\appdata\roaming\AC6C4
2012-01-18 20:27:45 -------- d-----w- c:\windows\system32\appmgmt
2012-01-17 15:23:58 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-17 15:23:55 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-17 15:23:52 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-17 15:23:51 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-17 15:23:49 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-17 15:23:48 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-17 15:23:47 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-17 15:23:45 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-17 15:23:44 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-17 15:23:43 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-16 15:07:19 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-01-16 15:01:39 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-11 19:59:25 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 19:59:18 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 19:58:37 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 19:58:36 514560 ----a-w- c:\windows\system32\qdvd.dll
.
==================== Find3M ====================
.
2011-12-19 18:46:41 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 16:53:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-25 02:31:52 44 ------w- c:\program files\d345a5c1.tmp
.
============= FINISH: 11:13:06.99 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/5/2009 12:15:36 PM
System Uptime: 1/27/2012 10:48:44 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0D693C
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 2001/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 72.229 GiB free.
D: is CDROM ()
Z: is NetworkDisk (FAT) - 0 GiB total, 0 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP202: 1/5/2012 6:05:39 PM - Windows Update
RP203: 1/11/2012 2:30:21 PM - Windows Update
RP204: 1/12/2012 1:20:53 PM - Windows Update
RP205: 1/17/2012 1:23:47 PM - Windows Update
RP206: 1/18/2012 3:21:11 PM - Removed Skype Click to Call
RP208: 1/18/2012 3:28:13 PM - Removed PayPal Plug-In
RP209: 1/26/2012 9:00:45 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
7-Zip 4.65
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 9.5.0 - CPSID_83708
Adobe AIR
Adobe Flash Player 11 ActiveX
AI RoboForm (All Users)
AIM 7
Akamai NetSession Interface
Akamai NetSession Interface Service
All Day Battery Life Configuration
Any Video Converter 3.1.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression for Kodak
AuthenTec Fingerprint Software
Auto Click Profits 1.0.0
Belarc Advisor 8.1
BioAPI Framework
BlackBerry Desktop Software 6.0
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
CameraHelperMsi
CherryPicker
Cisco AnyConnect VPN Client
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HDA D330 MDC V.92 Modem
Core FTP LE 2.1
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW(R) Graphics Suite X5
DCP32MMWrapper
Dell Control Point
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Driver Download Manager
Dell Edoc Viewer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
Dell Wireless WLAN Card Utility
Digital Line Detect
Document Manager Lite
Domain Samurai
Download Updater (AOL LLC)
Dropbox
EMBASSY Security Center
EMBASSY Security Setup
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 610 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup
erLT
ESC Home Page Plugin
Facebook FriendAdder
FB Leads Maker version 1.1
FreeMind
Gemalto
GIMP 2.6.11
Golf Solitaire 1.1.0
Google Chrome
Google Desktop
Google Quick Search Box
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.1.0.880
GPScraper 2011
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Jing
Junk Mail filter update
Logitech Webcam Software
LWS Facebook
LWS Help_main
LWS VideoEffects
LWS Webcam Software
Malwarebytes Anti-Malware version 1.60.0.1800
MapPI v4.4 version 4.4
Market Samurai
Maxtor Manager
McAfee Security Scan Plus
MFCLOC
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Mobile Broadband Generic Drivers
Move Media Player
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NicheSensei
Notepad++
NTRU TCG Software Stack
Nvu 1.0PR
OGA Notifier 2.0.0048.0
PayPal Plug-In
Picasa 3
PingPlotter Standard 3.30.4s
PowerDVD DX
Preboot Manager
Private Information Manager
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2553010)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Wizards
Sierra Utilities
Skype™ 5.5
SO32MMWrapper
Trillian
TrueKat Show
Trusted Drive Manager
Tube Toolbox
Tweet Siphon 1.0
Underachiever Secrets
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
UPEK TouchChip Fingerprint Reader
Verizon Wireless MiFi-2200 Firmware Updates
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
Visual C++ 8.0 x86 Runtime Setup Package
VZAccess Manager
Wave Infrastructure Installer
Wave Support Software
WebEx
WIDCOMM Bluetooth Software
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Xtreme Traffic Arbitrage
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yammer
YPScraper
.
==== Event Viewer Messages From Past Week ========
.
1/27/2012 10:55:40 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
.
==== End Of File ===========================
 
Combofix successful

ComboFix 12-01-26.01 - Brent 01/27/2012 10:03:14.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.2753 [GMT -5:00]
Running from: c:\users\Brent\Desktop\ComboFix.exe
FW: McAfee® Security-as-a-Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\EE5A\1312.tmp
c:\program files\LP\EE5A\20ED.tmp
c:\program files\LP\EE5A\4B0D.exe
c:\program files\LP\EE5A\4B0D.tmp
c:\program files\LP\EE5A\5247.tmp
c:\program files\LP\EE5A\554A.exe
c:\program files\LP\EE5A\554A.tmp
c:\program files\LP\EE5A\A7A9.tmp
c:\program files\LP\EE5A\B4F2.exe
c:\program files\LP\EE5A\B4F2.tmp
c:\program files\LP\EE5A\B679.tmp
c:\program files\LP\EE5A\bl82412052_64.bat
c:\program files\LP\EE5A\bl82449242_64.bat
c:\program files\LP\EE5A\bl82469288_64.bat
c:\program files\LP\EE5A\C200.tmp
c:\program files\LP\EE5A\CAA6.exe
c:\program files\LP\EE5A\CAA6.tmp
c:\program files\LP\EE5A\DD34.tmp
c:\program files\LP\EE5A\DEC2.exe
c:\program files\LP\EE5A\DEC2.tmp
c:\program files\LP\EE5A\E105.exe
c:\program files\LP\EE5A\E105.tmp
c:\program files\LP\EE5A\E2D8.tmp
c:\programdata\aatpaaa.tmp
c:\programdata\acdikaa.tmp
c:\programdata\adfqaaa.tmp
c:\programdata\aippcba.tmp
c:\programdata\akjlaaa.tmp
c:\programdata\akwnmba.tmp
c:\programdata\aopxeba.tmp
c:\programdata\areliaa.tmp
c:\programdata\asjldaa.tmp
c:\programdata\atbswka.tmp
c:\programdata\avgveaa.tmp
c:\programdata\awdpaaa.tmp
c:\programdata\aybydaa.tmp
c:\programdata\bcdikaa.tmp
c:\programdata\bdfqaaa.tmp
c:\programdata\bkjlaaa.tmp
c:\programdata\bopxeba.tmp
c:\programdata\breliaa.tmp
c:\programdata\bsjldaa.tmp
c:\programdata\btbswka.tmp
c:\programdata\bvgveaa.tmp
c:\programdata\bwdpaaa.tmp
c:\programdata\ccdikaa.tmp
c:\programdata\cdfqaaa.tmp
c:\programdata\ckjlaaa.tmp
c:\programdata\cnvlaaa.tmp
c:\programdata\copxeba.tmp
c:\programdata\creliaa.tmp
c:\programdata\csjldaa.tmp
c:\programdata\ctbswka.tmp
c:\programdata\cvgveaa.tmp
c:\programdata\cwdpaaa.tmp
c:\programdata\cxcamba.tmp
c:\programdata\dcdikaa.tmp
c:\programdata\ddcjiaa.tmp
c:\programdata\ddwbfba.tmp
c:\programdata\dkjlaaa.tmp
c:\programdata\dnvlaaa.tmp
c:\programdata\dopxeba.tmp
c:\programdata\dsjldaa.tmp
c:\programdata\dwdpaaa.tmp
c:\programdata\dxcamba.tmp
c:\programdata\ecdikaa.tmp
c:\programdata\edcjiaa.tmp
c:\programdata\edwbfba.tmp
c:\programdata\ekjlaaa.tmp
c:\programdata\eksccaa.tmp
c:\programdata\envlaaa.tmp
c:\programdata\eopxeba.tmp
c:\programdata\esjldaa.tmp
c:\programdata\ewdpaaa.tmp
c:\programdata\excamba.tmp
c:\programdata\eynlaaa.tmp
c:\programdata\fdcjiaa.tmp
c:\programdata\fksccaa.tmp
c:\programdata\fnvlaaa.tmp
c:\programdata\fxcamba.tmp
c:\programdata\fynlaaa.tmp
c:\programdata\gdcjiaa.tmp
c:\programdata\gksccaa.tmp
c:\programdata\glbdkba.tmp
c:\programdata\gnupaaa.tmp
c:\programdata\gnvlaaa.tmp
c:\programdata\gtvdqba.tmp
c:\programdata\gynlaaa.tmp
c:\programdata\hksccaa.tmp
c:\programdata\hlbdkba.tmp
c:\programdata\hnupaaa.tmp
c:\programdata\htvdqba.tmp
c:\programdata\hynlaaa.tmp
c:\programdata\iegjnaa.tmp
c:\programdata\igvhlba.tmp
c:\programdata\iiscvaa.tmp
c:\programdata\iksccaa.tmp
c:\programdata\ilbdkba.tmp
c:\programdata\imslaaa.tmp
c:\programdata\inupaaa.tmp
c:\programdata\iqgqaaa.tmp
c:\programdata\iqijlba.tmp
c:\programdata\iqqbhaa.tmp
c:\programdata\itvdqba.tmp
c:\programdata\iympaaa.tmp
c:\programdata\iynlaaa.tmp
c:\programdata\jechrba.tmp
c:\programdata\jegjnaa.tmp
c:\programdata\jgvhlba.tmp
c:\programdata\jiscvaa.tmp
c:\programdata\jlbdkba.tmp
c:\programdata\jmslaaa.tmp
c:\programdata\jnupaaa.tmp
c:\programdata\jqgqaaa.tmp
c:\programdata\jqijlba.tmp
c:\programdata\jqqbhaa.tmp
c:\programdata\jtvdqba.tmp
c:\programdata\jympaaa.tmp
c:\programdata\kdcagaa.tmp
c:\programdata\kdedsaa.tmp
c:\programdata\kechrba.tmp
c:\programdata\kegjnaa.tmp
c:\programdata\kgvhlba.tmp
c:\programdata\kiscvaa.tmp
c:\programdata\klbdkba.tmp
c:\programdata\klizfaa.tmp
c:\programdata\kmslaaa.tmp
c:\programdata\knupaaa.tmp
c:\programdata\kpeikaa.tmp
c:\programdata\kqgqaaa.tmp
c:\programdata\kqijlba.tmp
c:\programdata\kqqbhaa.tmp
c:\programdata\ktgepba.tmp
c:\programdata\ktvdqba.tmp
c:\programdata\kxsloaa.tmp
c:\programdata\kympaaa.tmp
c:\programdata\ldcagaa.tmp
c:\programdata\lechrba.tmp
c:\programdata\legjnaa.tmp
c:\programdata\lgvhlba.tmp
c:\programdata\liscvaa.tmp
c:\programdata\llizfaa.tmp
c:\programdata\lmslaaa.tmp
c:\programdata\lpeikaa.tmp
c:\programdata\lqgqaaa.tmp
c:\programdata\lqijlba.tmp
c:\programdata\lqqbhaa.tmp
c:\programdata\ltgepba.tmp
c:\programdata\lxsloaa.tmp
c:\programdata\lympaaa.tmp
c:\programdata\mcaozaa.tmp
c:\programdata\mdcagaa.tmp
c:\programdata\mechrba.tmp
c:\programdata\medigaa.tmp
c:\programdata\megjnaa.tmp
c:\programdata\mepefaa.tmp
c:\programdata\mgvhlba.tmp
c:\programdata\miscvaa.tmp
c:\programdata\mlizfaa.tmp
c:\programdata\mmslaaa.tmp
c:\programdata\mpeikaa.tmp
c:\programdata\mqgqaaa.tmp
c:\programdata\mqijlba.tmp
c:\programdata\mqqbhaa.tmp
c:\programdata\mtgepba.tmp
c:\programdata\mwatuaa.tmp
c:\programdata\mwoamaa.tmp
c:\programdata\mxsloaa.tmp
c:\programdata\mympaaa.tmp
c:\programdata\ncaozaa.tmp
c:\programdata\ndcagaa.tmp
c:\programdata\nedigaa.tmp
c:\programdata\nepefaa.tmp
c:\programdata\nlizfaa.tmp
c:\programdata\npeikaa.tmp
c:\programdata\nwatuaa.tmp
c:\programdata\nwoamaa.tmp
c:\programdata\nxsloaa.tmp
c:\programdata\obarbba.tmp
c:\programdata\ocaozaa.tmp
c:\programdata\odcagaa.tmp
c:\programdata\oedigaa.tmp
c:\programdata\oepefaa.tmp
c:\programdata\olizfaa.tmp
c:\programdata\onobqaa.tmp
c:\programdata\opeikaa.tmp
c:\programdata\opfxcaa.tmp
c:\programdata\oTEgArsEo7ELIu.exe
c:\programdata\ovgxoaa.tmp
c:\programdata\owatuaa.tmp
c:\programdata\owoamaa.tmp
c:\programdata\oxsloaa.tmp
c:\programdata\pbarbba.tmp
c:\programdata\pcaozaa.tmp
c:\programdata\pedigaa.tmp
c:\programdata\pepefaa.tmp
c:\programdata\pnobqaa.tmp
c:\programdata\ppfxcaa.tmp
c:\programdata\pvgxoaa.tmp
c:\programdata\pwatuaa.tmp
c:\programdata\pwoamaa.tmp
c:\programdata\qbarbba.tmp
c:\programdata\qcaozaa.tmp
c:\programdata\qedigaa.tmp
c:\programdata\qepefaa.tmp
c:\programdata\qnobqaa.tmp
c:\programdata\qobmaaa.tmp
c:\programdata\qpfxcaa.tmp
c:\programdata\qvgxoaa.tmp
c:\programdata\qwatuaa.tmp
c:\programdata\qwoamaa.tmp
c:\programdata\rbarbba.tmp
c:\programdata\rekuaaa.tmp
c:\programdata\rnobqaa.tmp
c:\programdata\robmaaa.tmp
c:\programdata\rpfxcaa.tmp
c:\programdata\rvgxoaa.tmp
c:\programdata\sbarbba.tmp
c:\programdata\sdywnaa.tmp
c:\programdata\snobqaa.tmp
c:\programdata\snzbpaa.tmp
c:\programdata\sobmaaa.tmp
c:\programdata\spfxcaa.tmp
c:\programdata\svgxoaa.tmp
c:\programdata\szrsbba.tmp
c:\programdata\szxzeaa.tmp
c:\programdata\tdywnaa.tmp
c:\programdata\tnzbpaa.tmp
c:\programdata\tobmaaa.tmp
c:\programdata\ttkrxaa.tmp
c:\programdata\tzrsbba.tmp
c:\programdata\tzxzeaa.tmp
c:\programdata\udywnaa.tmp
c:\programdata\uefavaa.tmp
c:\programdata\uenajba.tmp
c:\programdata\unzbpaa.tmp
c:\programdata\uobmaaa.tmp
c:\programdata\uungaba.tmp
c:\programdata\uzrsbba.tmp
c:\programdata\uzxzeaa.tmp
c:\programdata\vdywnaa.tmp
c:\programdata\vefavaa.tmp
c:\programdata\vepnwaa.tmp
c:\programdata\vibrfaa.tmp
c:\programdata\vnzbpaa.tmp
c:\programdata\vungaba.tmp
c:\programdata\vzrsbba.tmp
c:\programdata\wdywnaa.tmp
c:\programdata\wefavaa.tmp
c:\programdata\wenajba.tmp
c:\programdata\wepnwaa.tmp
c:\programdata\whppcba.tmp
c:\programdata\wibrfaa.tmp
c:\programdata\wjwnmba.tmp
c:\programdata\wnzbpaa.tmp
c:\programdata\wungaba.tmp
c:\programdata\wzrsbba.tmp
c:\programdata\wzspaaa.tmp
c:\programdata\wzxzeaa.tmp
c:\programdata\xefavaa.tmp
c:\programdata\xenajba.tmp
c:\programdata\xepnwaa.tmp
c:\programdata\xhppcba.tmp
c:\programdata\xibrfaa.tmp
c:\programdata\xjwnmba.tmp
c:\programdata\xungaba.tmp
c:\programdata\xxbydaa.tmp
c:\programdata\xzspaaa.tmp
c:\programdata\ycfqaaa.tmp
c:\programdata\yefavaa.tmp
c:\programdata\yenajba.tmp
c:\programdata\yepnwaa.tmp
c:\programdata\yhppcba.tmp
c:\programdata\yibrfaa.tmp
c:\programdata\yjwnmba.tmp
c:\programdata\yqeliaa.tmp
c:\programdata\ysbswka.tmp
c:\programdata\yungaba.tmp
c:\programdata\yxbydaa.tmp
c:\programdata\yzspaaa.tmp
c:\programdata\Z@!-4ad37df4-42e8-4cb4-8e93-d345e3a0bdac.tmp
c:\programdata\zcfqaaa.tmp
c:\programdata\zhppcba.tmp
c:\programdata\zjwnmba.tmp
c:\programdata\zqeliaa.tmp
c:\programdata\zsbswka.tmp
c:\programdata\zugveaa.tmp
c:\programdata\zxbydaa.tmp
c:\programdata\zzspaaa.tmp
c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Brent\Desktop\System Check.lnk
c:\users\Brent\Documents\sol.exe
c:\users\Brent\Documents\spider.exe
c:\users\Brent\g2mdlhlpx.exe
c:\windows\$NtUninstallKB46542$
c:\windows\$NtUninstallKB46542$\3480255166\L\xadqgnnk
c:\windows\$NtUninstallKB46542$\3480255166\lsflt7.ver
c:\windows\$NtUninstallKB46542$\3480255166\U\00000001.@
c:\windows\$NtUninstallKB46542$\3480255166\U\00000002.@
c:\windows\$NtUninstallKB46542$\3480255166\U\00000004.@
c:\windows\$NtUninstallKB46542$\3480255166\U\80000000.@
c:\windows\$NtUninstallKB46542$\3480255166\U\80000004.@
c:\windows\$NtUninstallKB46542$\3480255166\U\80000032.@
c:\windows\expl.dat
c:\windows\system32\svch.dat
c:\windows\system32\winl.dat
c:\windows\win1048.tmp
c:\windows\win10F9.tmp
c:\windows\win128E.tmp
c:\windows\win13F.tmp
c:\windows\win14E0.tmp
c:\windows\win156D.tmp
c:\windows\win15AB.tmp
c:\windows\win1666.tmp
c:\windows\win17E5.tmp
c:\windows\win17F4.tmp
c:\windows\win1883.tmp
c:\windows\win18B0.tmp
c:\windows\win18B9.tmp
c:\windows\win1911.tmp
c:\windows\win19D.tmp
c:\windows\win1AEA.tmp
c:\windows\win1B61.tmp
c:\windows\win1BD7.tmp
c:\windows\win1D29.tmp
c:\windows\win1D43.tmp
c:\windows\win1D57.tmp
c:\windows\win1DC1.tmp
c:\windows\win1DFB.tmp
c:\windows\win1E87.tmp
c:\windows\win200E.tmp
c:\windows\win21EF.tmp
c:\windows\win2249.tmp
c:\windows\win22FD.tmp
c:\windows\win2396.tmp
c:\windows\win2408.tmp
c:\windows\win2539.tmp
c:\windows\win25B3.tmp
c:\windows\win265E.tmp
c:\windows\win291E.tmp
c:\windows\win294D.tmp
c:\windows\win2AA3.tmp
c:\windows\win2B96.tmp
c:\windows\win2C34.tmp
c:\windows\win2C52.tmp
c:\windows\win2C5A.tmp
c:\windows\win2CB2.tmp
c:\windows\win2D2A.tmp
c:\windows\win2E5B.tmp
c:\windows\win2E9A.tmp
c:\windows\win2F12.tmp
c:\windows\win2F2.tmp
c:\windows\win30E4.tmp
c:\windows\win30F9.tmp
c:\windows\win3108.tmp
c:\windows\win310D.tmp
c:\windows\win315D.tmp
c:\windows\win31CF.tmp
c:\windows\win32F3.tmp
c:\windows\win33EE.tmp
c:\windows\win340C.tmp
c:\windows\win34B3.tmp
c:\windows\win3619.tmp
c:\windows\win363C.tmp
c:\windows\win3737.tmp
c:\windows\win37C9.tmp
c:\windows\win395.tmp
c:\windows\win3963.tmp
c:\windows\win39E8.tmp
c:\windows\win3A0F.tmp
c:\windows\win3B6.tmp
c:\windows\win3B79.tmp
c:\windows\win3CDE.tmp
c:\windows\win3DF8.tmp
c:\windows\win3E83.tmp
c:\windows\win3F56.tmp
c:\windows\win3FF3.tmp
c:\windows\win4014.tmp
c:\windows\win401A.tmp
c:\windows\win4063.tmp
c:\windows\win40DB.tmp
c:\windows\win425B.tmp
c:\windows\win4327.tmp
c:\windows\win434.tmp
c:\windows\win4485.tmp
c:\windows\win44DD.tmp
c:\windows\win4527.tmp
c:\windows\win46C3.tmp
c:\windows\win47CD.tmp
c:\windows\win4805.tmp
c:\windows\win481A.tmp
c:\windows\win494.tmp
c:\windows\win49BB.tmp
c:\windows\win49E9.tmp
c:\windows\win49FC.tmp
c:\windows\win4AD8.tmp
c:\windows\win4B6A.tmp
c:\windows\win4D43.tmp
c:\windows\win4DFE.tmp
c:\windows\win4FF.tmp
c:\windows\win509E.tmp
c:\windows\win50EE.tmp
c:\windows\win5262.tmp
c:\windows\win5317.tmp
c:\windows\win53B3.tmp
c:\windows\win53BC.tmp
c:\windows\win53C4.tmp
c:\windows\win5404.tmp
c:\windows\win560.tmp
c:\windows\win560C.tmp
c:\windows\win5672.tmp
c:\windows\win567C.tmp
c:\windows\win5707.tmp
c:\windows\win57B7.tmp
c:\windows\win5817.tmp
c:\windows\win588E.tmp
c:\windows\win58AD.tmp
c:\windows\win592F.tmp
c:\windows\win59A2.tmp
c:\windows\win5A4E.tmp
c:\windows\win5B8D.tmp
c:\windows\win5B8E.tmp
c:\windows\win5D9A.tmp
c:\windows\win5DA9.tmp
c:\windows\win5E5B.tmp
c:\windows\win5E7A.tmp
c:\windows\win5E94.tmp
c:\windows\win5F1B.tmp
c:\windows\win6113.tmp
c:\windows\win61AF.tmp
c:\windows\win6201.tmp
c:\windows\win6415.tmp
c:\windows\win645F.tmp
c:\windows\win654B.tmp
c:\windows\win6661.tmp
c:\windows\win66E7.tmp
c:\windows\win6754.tmp
c:\windows\win675D.tmp
c:\windows\win6766.tmp
c:\windows\win67C5.tmp
c:\windows\win6825.tmp
c:\windows\win69EB.tmp
c:\windows\win6A1D.tmp
c:\windows\win6A42.tmp
c:\windows\win6B15.tmp
c:\windows\win6C04.tmp
c:\windows\win6C5E.tmp
c:\windows\win6C73.tmp
c:\windows\win6DDF.tmp
c:\windows\win6F5D.tmp
c:\windows\win7019.tmp
c:\windows\win709D.tmp
c:\windows\win7189.tmp
c:\windows\win721B.tmp
c:\windows\win72BC.tmp
c:\windows\win738B.tmp
c:\windows\win739.tmp
c:\windows\win74E3.tmp
c:\windows\win75EC.tmp
c:\windows\win762E.tmp
c:\windows\win782F.tmp
c:\windows\win7843.tmp
c:\windows\win79C4.tmp
c:\windows\win7A51.tmp
c:\windows\win7AF6.tmp
c:\windows\win7B0.tmp
c:\windows\win7B07.tmp
c:\windows\win7B0E.tmp
c:\windows\win7B5C.tmp
c:\windows\win7B66.tmp
c:\windows\win7DAC.tmp
c:\windows\win7DBE.tmp
c:\windows\win7E02.tmp
c:\windows\win7EB6.tmp
c:\windows\win803B.tmp
c:\windows\win809E.tmp
c:\windows\win810E.tmp
c:\windows\win813B.tmp
c:\windows\win816.tmp
c:\windows\win83F8.tmp
c:\windows\win83F9.tmp
c:\windows\win849C.tmp
c:\windows\win852A.tmp
c:\windows\win85BC.tmp
c:\windows\win85C4.tmp
c:\windows\win867C.tmp
c:\windows\win8799.tmp
c:\windows\win87B9.tmp
c:\windows\win88D2.tmp
c:\windows\win899D.tmp
c:\windows\win89DF.tmp
c:\windows\win8BC3.tmp
c:\windows\win8C0F.tmp
c:\windows\win8E01.tmp
c:\windows\win8E37.tmp
c:\windows\win8EA7.tmp
c:\windows\win8EED.tmp
c:\windows\win8F99.tmp
c:\windows\win8FB3.tmp
c:\windows\win915D.tmp
c:\windows\win9160.tmp
c:\windows\win91CD.tmp
c:\windows\win91E2.tmp
c:\windows\win926.tmp
c:\windows\win92E4.tmp
c:\windows\win944.tmp
c:\windows\win949.tmp
c:\windows\win94C7.tmp
c:\windows\win96E7.tmp
c:\windows\win97A9.tmp
c:\windows\win97E7.tmp
c:\windows\win986C.tmp
c:\windows\win9929.tmp
c:\windows\win996D.tmp
c:\windows\win997.tmp
c:\windows\win9A1E.tmp
c:\windows\win9AE5.tmp
c:\windows\win9C73.tmp
c:\windows\win9CD1.tmp
c:\windows\win9D4E.tmp
c:\windows\win9DC9.tmp
c:\windows\win9E31.tmp
c:\windows\win9FCF.tmp
c:\windows\winA0C4.tmp
c:\windows\winA1B.tmp
c:\windows\winA1F7.tmp
c:\windows\winA210.tmp
c:\windows\winA238.tmp
c:\windows\winA286.tmp
c:\windows\winA2CD.tmp
c:\windows\winA41F.tmp
c:\windows\winA501.tmp
c:\windows\winA52D.tmp
c:\windows\winA5A2.tmp
c:\windows\winA5BC.tmp
c:\windows\winA637.tmp
c:\windows\winA685.tmp
c:\windows\winA77C.tmp
c:\windows\winA8A6.tmp
c:\windows\winAB3F.tmp
c:\windows\winAB6A.tmp
c:\windows\winABC6.tmp
c:\windows\winAC1B.tmp
c:\windows\winAC5C.tmp
c:\windows\winAD0E.tmp
c:\windows\winAD47.tmp
c:\windows\winADBF.tmp
c:\windows\winAE6.tmp
c:\windows\winAEBC.tmp
c:\windows\winAEF3.tmp
c:\windows\winB0B1.tmp
c:\windows\winB0FF.tmp
c:\windows\winB16A.tmp
c:\windows\winB370.tmp
c:\windows\winB41A.tmp
c:\windows\winB551.tmp
c:\windows\winB5B7.tmp
c:\windows\winB5E9.tmp
c:\windows\winB656.tmp
c:\windows\winB68D.tmp
c:\windows\winB7EE.tmp
c:\windows\winB8A2.tmp
c:\windows\winB8C9.tmp
c:\windows\winB8CE.tmp
c:\windows\winB963.tmp
c:\windows\winB97D.tmp
c:\windows\winBA65.tmp
c:\windows\winBAF1.tmp
c:\windows\winBB3C.tmp
c:\windows\winBB6E.tmp
c:\windows\winBC1.tmp
c:\windows\winBF3A.tmp
c:\windows\winBFA6.tmp
c:\windows\winC01E.tmp
c:\windows\winC0A0.tmp
c:\windows\winC0F8.tmp
c:\windows\winC160.tmp
c:\windows\winC2C3.tmp
c:\windows\winC338.tmp
c:\windows\winC4A0.tmp
c:\windows\winC4BF.tmp
c:\windows\winC4DB.tmp
c:\windows\winC717.tmp
c:\windows\winC75C.tmp
c:\windows\winC76F.tmp
c:\windows\winC896.tmp
c:\windows\winC912.tmp
c:\windows\winC988.tmp
c:\windows\winCA07.tmp
c:\windows\winCA3E.tmp
c:\windows\winCBBE.tmp
c:\windows\winCC9E.tmp
c:\windows\winCD14.tmp
c:\windows\winCD4D.tmp
c:\windows\winCDE1.tmp
c:\windows\winCE16.tmp
c:\windows\winCE27.tmp
c:\windows\winCEFC.tmp
c:\windows\winD2BE.tmp
c:\windows\winD357.tmp
c:\windows\winD4A9.tmp
c:\windows\winD4AE.tmp
c:\windows\winD501.tmp
c:\windows\winD72F.tmp
c:\windows\winD78.tmp
c:\windows\winD841.tmp
c:\windows\winD867.tmp
c:\windows\winD9A6.tmp
c:\windows\winD9AE.tmp
c:\windows\winD9ED.tmp
c:\windows\winDA82.tmp
c:\windows\winDAFD.tmp
c:\windows\winDB20.tmp
c:\windows\winDCB3.tmp
c:\windows\winDD48.tmp
c:\windows\winDDA8.tmp
c:\windows\winDDE8.tmp
c:\windows\winDDEF.tmp
c:\windows\winDE3A.tmp
c:\windows\winDF0.tmp
c:\windows\winE03F.tmp
c:\windows\winE059.tmp
c:\windows\winE0C4.tmp
c:\windows\winE12C.tmp
c:\windows\winE1C8.tmp
c:\windows\winE1E6.tmp
c:\windows\winE23D.tmp
c:\windows\winE2BD.tmp
c:\windows\winE367.tmp
c:\windows\winE68E.tmp
c:\windows\winE708.tmp
c:\windows\winE8A3.tmp
c:\windows\winE8B7.tmp
c:\windows\winE90B.tmp
c:\windows\winE98.tmp
c:\windows\winEAAF.tmp
c:\windows\winEAFD.tmp
c:\windows\winEBF2.tmp
c:\windows\winEC09.tmp
c:\windows\winEC37.tmp
c:\windows\winED6F.tmp
c:\windows\winED9E.tmp
c:\windows\winEDB5.tmp
c:\windows\winEE23.tmp
c:\windows\winEEC1.tmp
c:\windows\winF074.tmp
c:\windows\winF0E9.tmp
c:\windows\winF1.tmp
c:\windows\winF149.tmp
c:\windows\winF1BF.tmp
c:\windows\winF3CE.tmp
c:\windows\winF40F.tmp
c:\windows\winF439.tmp
c:\windows\winF475.tmp
c:\windows\winF4B5.tmp
c:\windows\winF52B.tmp
c:\windows\winF530.tmp
c:\windows\winF5A8.tmp
c:\windows\winF65E.tmp
c:\windows\winF66.tmp
c:\windows\winF6F8.tmp
c:\windows\winFA3F.tmp
c:\windows\winFAB9.tmp
c:\windows\winFC53.tmp
c:\windows\winFC97.tmp
c:\windows\winFCCB.tmp
c:\windows\winFECD.tmp
c:\windows\winFF5.tmp
c:\windows\winFFAA.tmp
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy6_!Windows!explorer.exe
.
Infected copy of c:\windows\System32\svchost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
Infected copy of c:\windows\System32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
.
c:\windows\system32\drivers\afd.sys was missing
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy6_!Windows!explorer.exe
Infected copy of c:\windows\System32\svchost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
Infected copy of c:\windows\System32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
.
((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))
.
.
2012-01-27 15:48 . 2012-01-27 15:52 -------- d-----w- c:\users\Brent\AppData\Local\temp
2012-01-27 15:48 . 2012-01-27 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-27 15:47 . 2011-04-25 03:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-27 14:25 . 2012-01-27 14:25 -------- d-----w- c:\programdata\McAfee
2012-01-27 13:53 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-27 01:50 . 2009-07-23 05:13 306 ----a-w- c:\windows\myClean.bat
2012-01-25 19:53 . 2012-01-25 19:53 -------- d-----w- c:\users\Brent\AppData\Roaming\Malwarebytes
2012-01-25 19:53 . 2012-01-25 19:53 -------- d-----w- c:\programdata\Malwarebytes
2012-01-25 19:52 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-25 19:52 . 2012-01-25 19:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-25 19:50 . 2012-01-25 19:50 135781 ----a-w- C:\mbam-setup-1.60.0.1800.exe
2012-01-22 18:46 . 2012-01-25 20:46 -------- d-----w- c:\program files\C4528
2012-01-22 18:46 . 2012-01-25 20:14 -------- d-----w- c:\users\Brent\AppData\Roaming\AC6C4
2012-01-17 15:23 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-17 15:23 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-17 15:23 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-16 15:07 . 2009-08-20 04:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-01-16 15:01 . 2012-01-03 13:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 15:50 . 2009-12-05 17:16 0 ----a-w- c:\users\Brent\AppData\Local\WavXMapDrive.bat
2012-01-26 13:54 . 2012-01-26 13:54 800234 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-12-19 18:46 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-12-09 14:34 . 2011-12-09 14:34 0 ----a-w- c:\users\Brent\AppData\Local\BITCE20.tmp
2011-12-01 17:47 . 2011-12-01 17:47 0 ----a-w- c:\users\Brent\AppData\Local\BIT3EC5.tmp
2011-11-24 04:25 . 2011-12-19 02:47 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:01 . 2012-01-11 19:59 67072 ----a-w- c:\windows\system32\packager.dll
2011-11-17 05:38 . 2012-01-11 19:59 1288472 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:35 . 2012-01-17 15:23 314880 ----a-w- c:\windows\system32\webio.dll
2011-11-17 05:34 . 2012-01-17 15:23 100352 ----a-w- c:\windows\system32\sspicli.dll
2011-11-17 05:34 . 2012-01-17 15:23 15872 ----a-w- c:\windows\system32\sspisrv.dll
2011-11-17 05:34 . 2012-01-17 15:23 224768 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 05:34 . 2012-01-17 15:23 22016 ----a-w- c:\windows\system32\secur32.dll
2011-11-17 05:32 . 2012-01-17 15:23 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-17 05:29 . 2012-01-17 15:23 22528 ----a-w- c:\windows\system32\lsass.exe
2011-11-15 16:53 . 2011-05-15 19:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 04:35 . 2011-12-19 02:47 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26 . 2011-12-19 02:46 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48 . 2011-12-19 02:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-25 02:31 . 2011-09-26 14:31 44 ------w- c:\program files\d345a5c1.tmp
2011-02-18 15:35 . 2011-02-18 15:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-09 39408]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-05-14 39816]
"{E8951905-B0E2-46E3-8881-5C20EAE8B00B}"="c:\windows\system32\msiexec.exe" [2010-11-20 73216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-02 160328]
"Akamai NetSession Interface"="c:\users\Brent\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-08-05 4562944]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-09 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-02-06 843776]
"EasyMessage"="c:\program files\Easy Message\em2.exe" [2004-06-27 538624]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-05 495708]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-18 30192]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-02 160328]
.
c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
Yammer.lnk - c:\program files\Yammer\Yammer.exe [2011-10-15 142336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-11-25 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2011-11-15 1126728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-03 29472]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-18 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2009-06-15 20480]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-06-03 174720]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-20 32408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2010-04-05 81920]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 LTService;TechGuides Monitoring Service;c:\windows\LTSVC\LTSVC.exe [2011-11-15 8713032]
S2 LTSvcMon;TechGuides Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [2011-11-15 98120]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:07]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:07]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003Core.job
- c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 23:59]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003UA.job
- c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 23:59]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
uInternet Settings,ProxyServer = http=127.0.0.1:59616
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: apptix.net\mail
Trusted Zone: collaborationhost.com\vynamic
Trusted Zone: localima.org\www
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: tgelite.com\labtech
TCP: DhcpNameServer = 192.168.1.1
DPF: CabCCT - hxxps://ondemand.apptix.net/codebase/ActCtrl_Apptix.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn1.appliedsystems.com/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\bwy2t5l6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59616
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Brent\AppData\Roaming\Move Networks
FF - Ext: Google Reader Watcher: grwatcher@ajnasz.hu - %profile%\extensions\grwatcher@ajnasz.hu
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,55,7f,b5,ae,96,8c,46,87,6e,d6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,55,7f,b5,ae,96,8c,46,87,6e,d6,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(520)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(4992)
c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\SAgent4.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Epson Software\Event Manager\EEventManager.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Citrix\GoToMeeting\457\g2mcomm.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Citrix\GoToMeeting\457\g2mlauncher.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\conhost.exe
c:\windows\system32\cscript.exe
c:\windows\system32\igfxext.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-01-27 11:03:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-27 16:03
.
Pre-Run: 76,990,345,216 bytes free
Post-Run: 77,314,449,408 bytes free
.
- - End Of File - - 9701FCA25CB15068E518D6EB05238F7A
 
It appears that you may have multiple infections amd that they have been on the system for a while.
Reset your browser proxies
  • For Firefox:
    o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
    o Click on the "Network" tab, and then on the "Settings" button.
    o Please make sure that the "No Proxy" option is selected.
  • For Internet Explorer:
    o Open Internet Explorer.
    o Click on "Tools" and then select "Internet Options".
    o Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
    o Uncheck "Use a Proxy server for your LAN".
    o Click Ok to close the Local Area Network (LAN) Settings window.
    o Click Ok to close the Internet Options window.
=================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it: Be sure you copy all of the text.
Code:
File::
KillAll::
c:\users\Brent\AppData\Local\BITCE20.tmp
c:\users\Brent\AppData\Local\BIT3EC5.tmp
c:\windows\system32\PerfStringBackup.TMP
c:\program files\d345a5c1.tmp
DDS::
Trusted Zone: apptix.net\mail
Trusted Zone: collaborationhost.com\vynamic
Trusted Zone: localima.org\www
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: tgelite.com\labtech
mRun: [EasyMessage] c:\program files\easy message\em2.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
SubSystems: Windows = winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
Clearjavacache::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
=====================================
Can you identify any of the following?
2012-01-25 20:46 -------- d-----w-c:\program files\C4528
2012-01-25 20:14 -------- d-----w- c:\users\Brent\AppData\Roaming\AC6C4
2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-07-23 05:13 306 ----a-w- c:\windows\myClean.bat
=====================================
Because of the extent of the infection, I'd like you to run the following:
  • Download OTL from one of the links below and save it to your desktop.
    OTL.exe
    OTL.com
    OTL.scr
    You just need one. Sometimes the file extension gets blocked.

    Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
  • Double click the OTL icon to run it.
    OTL_icon.gif
  • The opened console will resemble this:
    OTLv3.1.5.0.gif
  • Set Output at the top to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Copy the entries in the Codebox below> Paste in the Custom Scan box.
    Code:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    Make sure all other windows are closed and to let it run uninterrupted.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
==================================
 
Next steps complete

Thanks, finished doing exactly the steps you requested:

As for those 6 entries, I do not recognoze any of them.

ComboFix 12-01-26.01 - Brent 01/27/2012 13:38:42.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.1656 [GMT -5:00]
Running from: c:\users\Brent\Desktop\ComboFix.exe
Command switches used :: c:\users\Brent\Desktop\CFScript.txt
FW: McAfee® Security-as-a-Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\easy message\em2.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))
.
.
2012-01-27 18:49 . 2012-01-27 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-27 15:48 . 2012-01-27 18:52 -------- d-----w- c:\users\Brent\AppData\Local\temp
2012-01-27 15:47 . 2011-04-25 03:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-27 14:25 . 2012-01-27 14:25 -------- d-----w- c:\programdata\McAfee
2012-01-27 13:53 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-27 01:50 . 2009-07-23 05:13 306 ----a-w- c:\windows\myClean.bat
2012-01-25 19:53 . 2012-01-25 19:53 -------- d-----w- c:\users\Brent\AppData\Roaming\Malwarebytes
2012-01-25 19:53 . 2012-01-25 19:53 -------- d-----w- c:\programdata\Malwarebytes
2012-01-25 19:52 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-25 19:52 . 2012-01-25 19:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-25 19:50 . 2012-01-25 19:50 135781 ----a-w- C:\mbam-setup-1.60.0.1800.exe
2012-01-22 18:46 . 2012-01-25 20:46 -------- d-----w- c:\program files\C4528
2012-01-22 18:46 . 2012-01-25 20:14 -------- d-----w- c:\users\Brent\AppData\Roaming\AC6C4
2012-01-17 15:23 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-17 15:23 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-17 15:23 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-17 15:23 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-17 15:23 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-16 15:07 . 2009-08-20 04:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-01-16 15:01 . 2012-01-03 13:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-11 19:59 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 18:51 . 2009-12-05 17:16 0 ----a-w- c:\users\Brent\AppData\Local\WavXMapDrive.bat
2012-01-26 13:54 . 2012-01-26 13:54 800234 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-12-19 18:46 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-12-09 14:34 . 2011-12-09 14:34 0 ----a-w- c:\users\Brent\AppData\Local\BITCE20.tmp
2011-12-01 17:47 . 2011-12-01 17:47 0 ----a-w- c:\users\Brent\AppData\Local\BIT3EC5.tmp
2011-11-24 04:25 . 2011-12-19 02:47 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:01 . 2012-01-11 19:59 67072 ----a-w- c:\windows\system32\packager.dll
2011-11-17 05:35 . 2012-01-17 15:23 314880 ----a-w- c:\windows\system32\webio.dll
2011-11-17 05:34 . 2012-01-17 15:23 100352 ----a-w- c:\windows\system32\sspicli.dll
2011-11-17 05:34 . 2012-01-17 15:23 15872 ----a-w- c:\windows\system32\sspisrv.dll
2011-11-17 05:34 . 2012-01-17 15:23 224768 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 05:34 . 2012-01-17 15:23 22016 ----a-w- c:\windows\system32\secur32.dll
2011-11-15 16:53 . 2011-05-15 19:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 04:35 . 2011-12-19 02:47 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26 . 2011-12-19 02:46 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48 . 2011-12-19 02:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-25 02:31 . 2011-09-26 14:31 44 ------w- c:\program files\d345a5c1.tmp
2011-02-18 15:35 . 2011-02-18 15:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-09 39408]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-05-14 39816]
"{E8951905-B0E2-46E3-8881-5C20EAE8B00B}"="c:\windows\system32\msiexec.exe" [2010-11-20 73216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-02 160328]
"Akamai NetSession Interface"="c:\users\Brent\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-08-05 4562944]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-09 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-02-06 843776]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-05 495708]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-18 30192]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-02 160328]
.
c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
Yammer.lnk - c:\program files\Yammer\Yammer.exe [2011-10-15 142336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-11-25 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2011-11-15 1126728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-03 29472]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-18 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2009-06-15 20480]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-06-03 174720]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-20 32408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2010-04-05 81920]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 LTService;TechGuides Monitoring Service;c:\windows\LTSVC\LTSVC.exe [2011-11-15 8713032]
S2 LTSvcMon;TechGuides Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [2011-11-15 98120]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:07]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:07]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003Core.job
- c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 23:59]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003UA.job
- c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 23:59]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421
uInternet Settings,ProxyServer = http=127.0.0.1:59616
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: CabCCT - hxxps://ondemand.apptix.net/codebase/ActCtrl_Apptix.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn1.appliedsystems.com/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\bwy2t5l6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59616
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Brent\AppData\Roaming\Move Networks
FF - Ext: Google Reader Watcher: grwatcher@ajnasz.hu - %profile%\extensions\grwatcher@ajnasz.hu
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,55,7f,b5,ae,96,8c,46,87,6e,d6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,55,7f,b5,ae,96,8c,46,87,6e,d6,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(528)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(3452)
c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\SAgent4.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Epson Software\Event Manager\EEventManager.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\igfxext.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Citrix\GoToMeeting\457\g2mcomm.exe
c:\program files\Citrix\GoToMeeting\457\g2mlauncher.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-01-27 14:03:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-27 19:03
ComboFix2.txt 2012-01-27 16:03
.
Pre-Run: 77,258,399,744 bytes free
Post-Run: 77,245,448,192 bytes free
.
- - End Of File - - 062F2360538DFC767E7D78ECB362461B
 
OTL logs

OTL logfile created on: 1/27/2012 2:05:53 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brent\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 54.01% Memory free
6.91 Gb Paging File | 5.28 Gb Available in Paging File | 76.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 72.01 Gb Free Space | 33.00% Space Free | Partition Type: NTFS
Drive E: | 489.84 Mb Total Space | 321.47 Mb Free Space | 65.63% Space Free | Partition Type: FAT
Unable to calculate disk information.

Computer Name: VYNAMIC040 | User Name: Brent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\LTSvc\LTTray.exe (LabTech Software)
PRC - C:\Users\Brent\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\Brent\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\LTSvc\LTSvcMon.exe (LabTech Software)
PRC - C:\Windows\LTSvc\LTSVC.exe (LabTech Software)
PRC - C:\Program Files\Yammer\Yammer.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
PRC - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
PRC - C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
PRC - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
PRC - C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
PRC - c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\SAgent4.exe (SEIKO EPSON CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll ()
MOD - C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll ()
MOD - C:\Program Files\Yammer\Yammer.exe ()
MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll ()
MOD - C:\Windows\System32\wxvault.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\System32\Wavx_ESC_Logging.dll ()
MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA ()
MOD - C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()
MOD - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_b427739.dll ()
SRV - (LTSvcMon) -- C:\Windows\LTSvc\LTSvcMon.exe (LabTech Software)
SRV - (LTService) -- C:\Windows\LTSVC\LTSVC.exe (LabTech Software)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe (McAfee, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV - (dcpsysmgrsvc) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (ATService) -- C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (buttonsvc32) -- c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
SRV - (StatusAgent4) -- C:\Windows\System32\SAgent4.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MfeRKDK) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (WavxDMgr) -- C:\Windows\System32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (rixdpcie) -- C:\Windows\system32\DRIVERS\rixdpe86.sys (REDC)
DRV - (rimspci) -- C:\Windows\system32\DRIVERS\rimspe86.sys (REDC)
DRV - (risdpcie) -- C:\Windows\system32\DRIVERS\risdpe86.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (NWUSBCDFIL) -- C:\Windows\System32\drivers\NwUsbCdFil.sys (Novatel Wireless Inc.)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2) -- C:\Windows\System32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (Blfp) -- C:\Windows\System32\drivers\basp.sys (Broadcom Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)
DRV - (PBADRV) -- C:\Windows\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (MXOPSWD) -- C:\Windows\System32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59616

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?sourceid=navclient&ie=UTF-8"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: grwatcher@ajnasz.hu:1.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 59616
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Brent\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brent\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brent\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/27 13:24:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/27 13:24:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Brent\AppData\Roaming\Move Networks [2009/12/17 21:45:34 | 000,000,000 | ---D | M]

[2010/12/18 10:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brent\AppData\Roaming\mozilla\Extensions
[2012/01/27 13:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brent\AppData\Roaming\mozilla\Firefox\Profiles\bwy2t5l6.default\extensions
[2011/06/07 15:13:51 | 000,000,000 | ---D | M] (Google Reader Watcher) -- C:\Users\Brent\AppData\Roaming\mozilla\Firefox\Profiles\bwy2t5l6.default\extensions\grwatcher@ajnasz.hu
[2012/01/27 13:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/20 12:15:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/14 08:24:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/10 15:08:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/12/17 21:45:34 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\BRENT\APPDATA\ROAMING\MOVE NETWORKS
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/01/27 13:51:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Brent\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk = C:\Program Files\Yammer\Yammer.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab (DLM Control)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn1.appliedsystems.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://tlr.webex.com/client/T26L/webex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabCCT https://ondemand.apptix.net/codebase/ActCtrl_Apptix.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49A738B7-03B3-47B9-9727-51289FA76CED}: DhcpNameServer = 10.232.53.29 10.232.53.30 10.232.53.11 10.232.53.145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D21D20D7-5BBE-485B-BA3C-2734D8B9A433}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O30 - LSA: Authentication Packages - (wvauth) -C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/27 14:04:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brent\Desktop\OTL.exe
[2012/01/27 13:51:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/27 13:36:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/27 13:35:52 | 004,389,542 | R--- | C] (Swearware) -- C:\Users\Brent\Desktop\ComboFix.exe
[2012/01/27 10:48:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/27 10:48:02 | 000,000,000 | ---D | C] -- C:\Users\Brent\AppData\Local\temp
[2012/01/27 10:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/01/27 09:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/01/26 21:00:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/26 21:00:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/26 21:00:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/26 21:00:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/26 21:00:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/26 08:53:11 | 000,000,000 | ---D | C] -- C:\Users\Brent\Desktop\$PLUGINSDIR
[2012/01/25 14:53:32 | 000,000,000 | ---D | C] -- C:\Users\Brent\AppData\Roaming\Malwarebytes
[2012/01/25 14:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/25 14:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/25 14:52:55 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/25 14:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/25 14:50:08 | 000,135,781 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.60.0.1800.exe
[2012/01/22 13:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\C4528
[2012/01/22 13:46:14 | 000,000,000 | ---D | C] -- C:\Users\Brent\AppData\Roaming\AC6C4
[2012/01/18 15:27:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/11/11 20:19:54 | 021,457,192 | ---- | C] (Dell, Inc.) -- C:\Users\Brent\AppData\Roaming\DRVR_WIN_R267814.EXE
[2 C:\Users\Brent\AppData\Local\*.tmp files -> C:\Users\Brent\AppData\Local\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/27 14:06:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003UA.job
[2012/01/27 14:00:52 | 000,014,256 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 14:00:52 | 000,014,256 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 13:54:12 | 000,000,931 | ---- | M] () -- C:\Users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk
[2012/01/27 13:51:14 | 000,000,000 | ---- | M] () -- C:\Users\Brent\AppData\Local\WavXMapDrive.bat
[2012/01/27 13:51:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/27 13:50:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/27 13:50:27 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/01/27 13:50:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/27 13:50:16 | 2783,313,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/27 13:32:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brent\Desktop\OTL.exe
[2012/01/27 13:28:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/27 12:06:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003Core.job
[2012/01/26 09:33:06 | 004,389,542 | R--- | M] (Swearware) -- C:\Users\Brent\Desktop\ComboFix.exe
[2012/01/25 14:53:21 | 000,001,097 | ---- | M] () -- C:\Users\Brent\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/25 14:53:20 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/25 14:50:09 | 000,135,781 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.60.0.1800.exe
[2012/01/25 13:03:05 | 483,553,789 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/25 10:53:05 | 000,000,679 | ---- | M] () -- C:\Users\Brent\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/23 21:07:51 | 000,002,407 | ---- | M] () -- C:\Users\Brent\Desktop\Google Chrome.lnk
[2012/01/22 14:10:34 | 000,001,472 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/01/11 15:02:31 | 000,663,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/11 15:02:31 | 000,122,058 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/02 08:24:24 | 000,001,003 | ---- | M] () -- C:\Users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/01/02 08:24:23 | 000,001,023 | ---- | M] () -- C:\Users\Brent\Desktop\Dropbox.lnk
[2012/01/02 08:07:26 | 000,431,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Users\Brent\AppData\Local\*.tmp files -> C:\Users\Brent\AppData\Local\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[
 
More OTL logs

========== Files Created - No Company Name ==========

[2012/01/26 21:00:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/26 21:00:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/26 21:00:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/26 21:00:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/26 21:00:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/26 20:50:55 | 000,000,306 | ---- | C] () -- C:\Windows\myClean.bat
[2012/01/26 17:36:42 | 000,002,653 | ---- | C] () -- C:\Users\Public\Desktop\TrueKat Show.lnk
[2012/01/26 17:36:42 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/26 17:36:42 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/26 17:36:42 | 000,001,248 | ---- | C] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk
[2012/01/26 17:36:42 | 000,001,237 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce 610 Info Center.lnk
[2012/01/26 17:36:42 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/01/26 17:36:42 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\Yammer.lnk
[2012/01/26 17:36:41 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Media Impression for Kodak.lnk
[2012/01/26 17:36:41 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Kodak zi8 Camera.lnk
[2012/01/26 17:36:41 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Maxtor Manager.lnk
[2012/01/26 17:36:41 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/26 17:36:41 | 000,001,584 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2012/01/26 17:36:41 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\MapPI v4.4.lnk
[2012/01/26 17:36:40 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2012/01/26 17:36:40 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/26 17:36:40 | 000,001,254 | ---- | C] () -- C:\Users\Public\Desktop\Google Desktop.lnk
[2012/01/26 17:36:40 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\GPScraper 2011.lnk
[2012/01/26 17:36:40 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012/01/26 17:36:40 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\FB Leads Maker.lnk
[2012/01/26 17:36:40 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/01/26 17:36:38 | 000,002,273 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
[2012/01/26 17:36:38 | 000,001,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/01/26 17:36:38 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/01/26 17:36:38 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/01/26 17:36:14 | 000,002,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
[2012/01/26 17:36:14 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/01/26 17:36:14 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/26 17:36:14 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/01/26 17:36:14 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/26 17:36:14 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/01/26 17:36:14 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/26 17:36:14 | 000,001,260 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VZAccess Manager.lnk
[2012/01/26 17:36:14 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/01/26 17:36:14 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/01/26 17:36:14 | 000,001,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xtreme Traffic Arbitrage.lnk
[2012/01/26 17:36:14 | 000,000,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2012/01/26 17:36:14 | 000,000,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Domain Samurai.lnk
[2012/01/26 17:36:14 | 000,000,831 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yammer.lnk
[2012/01/26 17:36:13 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/26 17:36:13 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
[2012/01/26 17:36:13 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
[2012/01/26 17:36:13 | 000,002,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2012/01/26 17:36:13 | 000,000,895 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CherryPicker.lnk
[2012/01/25 16:48:17 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/01/25 14:53:21 | 000,001,097 | ---- | C] () -- C:\Users\Brent\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/25 14:53:20 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/25 11:16:50 | 000,001,767 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Monitoring Tray.lnk
[2012/01/25 10:53:05 | 000,000,679 | ---- | C] () -- C:\Users\Brent\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/19 09:01:27 | 000,007,601 | ---- | C] () -- C:\Users\Brent\AppData\Local\Resmon.ResmonCfg
[2011/12/09 09:34:17 | 000,000,000 | ---- | C] () -- C:\Users\Brent\AppData\Local\{2C032905-C0CB-4459-8AA3-F5B10B1B217A}
[2011/12/01 12:46:48 | 000,000,000 | ---- | C] () -- C:\Users\Brent\AppData\Local\{6172FEA0-F9FC-4AC4-B9C8-185DA1FE33AC}
[2011/11/27 14:01:28 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/11/15 15:26:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/11/15 11:43:44 | 000,200,908 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/10/22 08:44:41 | 000,001,472 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/14 16:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/05/14 16:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/05/14 16:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/05/14 16:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/04/28 14:52:08 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/01 19:43:50 | 000,000,434 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/01/13 15:39:22 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/02 16:29:56 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/01/02 16:29:56 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/01/02 16:29:56 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/01/02 16:29:56 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/01/02 16:29:56 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/01/02 16:29:56 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/01/02 16:29:56 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/01/02 16:29:56 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/01/02 16:29:56 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/01/02 16:29:56 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/01/02 16:29:56 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/01/02 16:29:56 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/01/02 16:29:56 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/01/02 16:29:56 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/01/02 16:29:56 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/01/02 16:29:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/01/02 16:28:29 | 000,000,089 | ---- | C] () -- C:\Windows\EPWF610.ini
[2009/12/13 15:00:59 | 000,038,456 | ---- | C] () -- C:\Users\Brent\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/12/10 18:49:40 | 000,002,638 | ---- | C] () -- C:\Users\Brent\AppData\Roaming\ACT_23615883.prf
[2009/12/05 12:16:36 | 000,000,000 | ---- | C] () -- C:\Users\Brent\AppData\Local\WavXMapDrive.bat
[2009/11/25 19:03:16 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/11/25 19:03:16 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/11/25 19:03:15 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/11/25 19:03:15 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/11/25 19:03:14 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/11/25 17:23:49 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/11/25 17:23:49 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/11/25 17:20:20 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2009/11/25 17:18:00 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/27 13:15:32 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,431,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,663,222 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,122,058 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/05 16:41:18 | 000,557,056 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll
[2009/06/05 16:41:18 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll
[2009/06/05 16:41:16 | 000,552,960 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll
[2009/06/05 16:41:16 | 000,552,960 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll
[2009/06/05 16:41:16 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll
[2009/06/05 16:41:14 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll
[2009/06/05 16:41:14 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll
[2009/06/05 16:41:12 | 000,581,632 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll
[2009/06/05 16:41:12 | 000,491,520 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll
[2009/06/05 16:41:12 | 000,491,520 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll
[2009/06/05 16:41:10 | 000,557,056 | ---- | C] () -- C:\Windows\System32\AmRes_nl.dll
[2009/06/05 16:41:10 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_cs.dll
[2009/06/05 16:41:10 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_da.dll
[2009/06/05 16:41:08 | 000,544,768 | ---- | C] () -- C:\Windows\System32\AmRes_pl.dll
[2009/06/05 16:41:08 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_sv.dll
[2009/06/05 16:41:08 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_no.dll
[2009/06/05 16:41:06 | 000,552,960 | ---- | C] () -- C:\Windows\System32\AmRes_el.dll
[2009/06/05 16:41:06 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_ar.dll
[2009/06/05 16:41:04 | 000,548,864 | ---- | C] () -- C:\Windows\System32\AmRes_pt-PT.dll
[2009/06/05 16:41:04 | 000,544,768 | ---- | C] () -- C:\Windows\System32\AmRes_hu.dll
[2009/06/05 16:41:04 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_fi.dll
[2009/06/05 16:41:04 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_he.dll
[2009/06/05 16:41:02 | 000,548,864 | ---- | C] () -- C:\Windows\System32\AmRes_ro.dll
[2009/06/05 16:41:00 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_tr.dll
[2009/06/05 16:31:18 | 000,561,152 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll
[2009/06/03 14:08:48 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2009/06/03 14:08:46 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2009/06/03 14:08:46 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2009/06/03 14:08:44 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2009/06/03 14:08:42 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2009/06/03 14:08:42 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2009/06/03 14:08:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2009/06/03 14:08:38 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2009/06/03 14:08:36 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2009/06/03 14:08:36 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2009/06/03 14:08:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2009/06/03 14:08:32 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2009/06/03 14:08:32 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2009/06/03 14:08:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2009/06/03 14:08:28 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2009/06/03 14:08:28 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2009/06/03 14:08:26 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2009/06/03 14:08:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2009/06/03 14:08:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2009/06/03 14:08:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2009/06/03 14:08:20 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2009/06/03 14:08:20 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2009/06/03 14:08:16 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2009/06/03 14:08:16 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2009/06/03 13:07:50 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2009/05/05 11:34:22 | 000,839,680 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2008/03/25 10:46:00 | 000,077,536 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2006/06/30 13:58:44 | 000,176,128 | R--- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2006/06/30 13:58:44 | 000,126,976 | R--- | C] () -- C:\Windows\System32\bioapi100.dll
[2004/09/10 14:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2004/09/10 14:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll

========== LOP Check ==========

[2012/01/25 15:14:16 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\AC6C4
[2010/03/09 12:16:42 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\acccore
[2011/01/02 20:22:19 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\AnvSoft
[2011/02/14 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Auto Click Profits
[2010/10/06 16:08:29 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Blackberry Desktop
[2009/12/05 12:16:35 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Broadcom
[2010/07/21 12:41:27 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\CherryPickerLive
[2012/01/13 12:15:41 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\CoreFTP
[2010/04/02 11:39:48 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012/01/27 13:54:01 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Dropbox
[2010/08/24 21:40:40 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Epson
[2011/09/27 09:00:26 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\FileZilla
[2011/10/26 10:25:34 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\GPScraper
[2011/05/13 14:50:34 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\GPScraper.com
[2011/05/14 11:43:59 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\gtk-2.0
[2010/01/02 16:51:18 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Leadertech
[2010/02/22 21:46:59 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/05/11 22:37:04 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Notepad++
[2010/03/21 15:37:46 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Nvu
[2010/10/06 15:55:15 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Research In Motion
[2011/06/10 15:34:16 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Software Defender
[2010/03/09 10:07:43 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Trillian
[2009/12/05 12:16:36 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Wave Systems Corp
[2010/11/09 14:06:57 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\webex
[2011/09/07 15:19:06 | 000,000,000 | ---D | M] -- C:\Users\Brent\AppData\Roaming\Yammer
[2012/01/27 09:59:46 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2012/01/25 14:50:09 | 000,135,781 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.60.0.1800.exe


< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /mp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

< End of report >
 
Extras log

OTL Extras logfile created on: 1/27/2012 2:05:54 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brent\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 54.01% Memory free
6.91 Gb Paging File | 5.28 Gb Available in Paging File | 76.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 72.01 Gb Free Space | 33.00% Space Free | Partition Type: NTFS
Drive E: | 489.84 Mb Total Space | 321.47 Mb Free Space | 65.63% Space Free | Partition Type: FAT
Unable to calculate disk information.

Computer Name: VYNAMIC040 | User Name: Brent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{11DB380B-48CF-46EA-8B03-51874E2733C9}" = Dell Control Point
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{195F69A5-A4A0-421C-AC4B-2B2471C34037}" = VZAccess Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 26
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{2EC50DB6-D8C2-4BBD-833A-942FCE58B71B}_is1" = FB Leads Maker version 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3237887D-8AC4-4C27-BDF4-57D7CB0351D6}" = SO32MMWrapper
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{38536E0D-4F6F-2856-3237-53D8530A332C}" = Yammer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4850B023-A9C0-4D15-8DE6-326028CAB499}" = Visual C++ 8.0 x86 Runtime Setup Package
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53EB2E32-9248-4001-866A-EA5543195B14}_is1" = Auto Click Profits 1.0.0
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{59333B51-EA3C-4D7B-9AFE-96AD51B3C266}" = AuthenTec Fingerprint Software
"{5E71355B-A8DB-5291-BDF7-872A2109AC6B}" = Market Samurai
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BC271BA-C4ED-4BDA-8D80-437C0919F3E6}" = Verizon Wireless MiFi-2200 Firmware Updates
"{6CFF5E43-FDDA-CCCE-8D1F-3BA9F4BA6410}" = Domain Samurai
"{71084075-ABA7-48BC-9733-F56A9ABD184D}" = DCP32MMWrapper
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73526D5A-2468-4C3F-838E-829644A32259}" = NicheSensei
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{742F404D-6C21-41B1-AA94-DFEDA68C53A8}" = GPScraper 2011
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007
"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISSTD_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTD_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9143F2FA-BF20-4311-8618-4CCF51B1B80C}" = Dell ControlPoint System Manager
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B7CF713-805E-420A-9289-4F2ED155923E}_is1" = Tweet Siphon 1.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0BE48-16F0-4E36-814D-9B4FDFFAF25F}" = PayPal Plug-In
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A69E9A1C-25C7-8B9B-18C0-3BE530BBEE23}" = Xtreme Traffic Arbitrage
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C15DFAE3-5B48-48DF-B889-21441333CC22}" = TrueKat Show
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3FA63E2-AFD3-41FD-B48F-1D942CC71943}" = UPEK TouchChip Fingerprint Reader
"{C975D391-7BF6-44A0-A4FF-EDF3CFD88F68}" = ArcSoft MediaImpression for Kodak
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D416328F-D3ED-4DFD-A8E0-C31466E8E039}" = Tube Toolbox
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA846E79-1C13-4AB0-8DEB-77935469CD9A}" = Mobile Broadband Generic Drivers
"{DCC8DA46-5386-1941-7065-3FDB3C7BD0F6}" = CherryPicker
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E8951905-B0E2-46E3-8881-5C20EAE8B00B}" = GPScraper 2011
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED481F57-C329-46DB-949F-F24811C13904}" = YPScraper
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F44F0A3A-2110-4705-B5EC-D5B6371F53C1}" = Visual C++ 8.0 x86 Runtime Setup Package
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA56E1F9-7269-4383-BAE8-A2FF7097C4B5}_is1" = MapPI v4.4 version 4.4
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"7-Zip" = 7-Zip 4.65
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AI RoboForm" = AI RoboForm (All Users)
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface Service
"Any Video Converter_is1" = Any Video Converter 3.1.7
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Belarc Advisor" = Belarc Advisor 8.1
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CherryPickerLive" = CherryPicker
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.example.love.C6EC44B5C943A4DDCD781F06D19CDB0574EF4B20.1" = Xtreme Traffic Arbitrage
"Core FTP LE 2.1" = Core FTP LE 2.1
"D3F88C3864C8C031A7C5D5E63A76571EC1B047DF" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Domain Samurai
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"Facebook FriendAdder" = Facebook FriendAdder
"Golf Solitaire_is1" = Golf Solitaire 1.1.0
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Notepad++" = Notepad++
"Nvu_is1" = Nvu 1.0PR
"Picasa 3" = Picasa 3
"PingPlotter Standard" = PingPlotter Standard 3.30.4s
"PRJSTD" = Microsoft Office Project Standard 2007
"PROHYBRIDR" = 2007 Microsoft Office system
"Quick Search Box" = Google Quick Search Box
"Sierra Utilities" = Sierra Utilities
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Trillian" = Trillian
"TVWiz" = Intel(R) TV Wizard
"Underachiever Secrets_is1" = Underachiever Secrets
"VISSTD" = Microsoft Office Visio Standard 2007
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Yammer" = Yammer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/27/2012 2:51:29 PM | Computer Name = Vynamic040 | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

[ System Events ]
Error - 1/27/2012 2:38:10 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/27/2012 2:38:14 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/27/2012 2:43:59 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/27/2012 2:50:27 PM | Computer Name = Vynamic040 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:49:39 PM on ?1/?27/?2012 was unexpected.

Error - 1/27/2012 2:50:33 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 1/27/2012 2:50:35 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 1/27/2012 2:50:58 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).

Error - 1/27/2012 2:50:59 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 1/27/2012 2:56:02 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7022
Description = The Windows Search service hung on starting.

Error - 1/27/2012 2:56:13 PM | Computer Name = Vynamic040 | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.


< End of report >
 
Is it looking any better after this last round?

Hey Bobbye, whenever you check this thread again, just wanted to ask a followup question. In your last reply, you mentioned I had multiple infections that have been here a while and I guess I just not see affects of it until I got the System Check malware infection. How can I chek for these things in the future if I don't see symptoms?

Thanks for all of your help! I am truly grateful.
 
You are welcome - I'm glad to help.We'll talk about having layers of security to help prevent the malware and I will give you suggestions and links. As part of that, I want to check the following:

Download Security Check by screen317 and save to the desktop
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt please
  • Post the contents of that document.

I hope to get a better idea of just what McAfee you have. I note you're running McAfee® Security-as-a-Service (SaaS) which was in Beta testing, then in Trial, but no dates for final release were available.appears to be a Beta program. This is * Not compatible with McAfee Firewall Protection* per McAfee. But the Combofix header shows SaaS FW: McAfee® Security-as-a-Service *Enabled. I see you also show McAfee Security Scan Plus installed.
========================================
One of the Services is usually damaged by this infections, so let's check them:

Please download Farbar Service Scanner
  • Check Include all files option
  • Press the Scan button
  • Log named FSS.txt will be created in the same directory as the tool
  • Please paste the log into your next reply
=======================================
I have some script set up for you to run in Combofix also:
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
File::
c:\windows\myClean.bat
c:\windows\system32\PerfStringBackup.TMP
c:\users\Brent\AppData\Local\BITCE20.tmp
c:\users\Brent\AppData\Local\BIT3EC5.tmp
c:\program files\d345a5c1.tmp
DDS::
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
uInternet Settings,ProxyServer = http=127.0.0.1:59616
mRun: [EasyMessage] c:\program files\easy message\em2.exe
FileLook::
c:\windows\system32\lsasrv.dll
c:\windows\system32\lsass.exe
Folder::
c:\users\Default\AppData\Local\temp
c:\users\Brent\AppData\Local\temp
c:\program files\C4528
c:\users\Brent\AppData\Roaming\AC6C4
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,55,7f,b5,ae,96,8c,46,87,6e,d6, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,55,7f,b5,ae,96,8c,46,87,6e,d6, \

Registry::
Clearjavacache::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Logs in next reply please.
 
Next round of logs

ComboFix 12-01-26.01 - Brent 01/30/2012 20:32:53.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.1954 [GMT -5:00]
Running from: c:\users\Brent\Desktop\ComboFix.exe
Command switches used :: c:\users\Brent\Desktop\CFScript.txt.txt
FW: McAfee® Security-as-a-Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
* Created a new restore point
.
FILE ::
"c:\program files\d345a5c1.tmp"
"c:\users\Brent\AppData\Local\BIT3EC5.tmp"
"c:\users\Brent\AppData\Local\BITCE20.tmp"
"c:\windows\myClean.bat"
"c:\windows\system32\PerfStringBackup.TMP"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\C4528
c:\program files\C4528\lvvmu.exe
c:\program files\d345a5c1.tmp
c:\users\Brent\AppData\Local\BIT3EC5.tmp
c:\users\Brent\AppData\Local\BITCE20.tmp
c:\users\Brent\AppData\Local\temp\~DF283728F393B31DF5.TMP
c:\users\Brent\AppData\Local\temp\~DF3747C31EB465E265.TMP
c:\users\Brent\AppData\Local\temp\~DFE5759C72A59B6EAC.TMP
c:\users\Brent\AppData\Local\temp\A9RF8CD.tmp
c:\users\Brent\AppData\Local\temp\alm.log
c:\users\Brent\AppData\Local\temp\amt.log
c:\users\Brent\AppData\Local\temp\catchme.dll
c:\users\Brent\AppData\Local\temp\citrixlogs\G2MInst.log
c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\457\G2MIMessenger_g2mlauncher.log
c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\457\G2MIMessenger_skype.log
c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\457\G2MOutlookAddin.log
c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\457\G2MOutlookAddin_util.log
c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\457\log13FC.tmp\G2MStart.log
c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\457\log13FC.tmp\GoToMeeting_00.log
c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\723\G2MIMessenger_g2mlauncher.log
c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\723\G2MOutlookAddin.log
c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\723\G2MOutlookAddin_util.log
c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\723\logF5B2.tmp\G2MStart-running-80c.log
c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\723\logF5B2.tmp\G2MStart.log
c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\723\logF5B2.tmp\GoToMeeting_00.log
c:\users\Brent\AppData\Local\temp\citrixlogs\gotomeeting\880\logE0FA.tmp\G2MStart-running-2210.log
c:\users\Brent\AppData\Local\temp\citrixlogs\queue.xml
c:\users\Brent\AppData\Local\temp\ExchangePerflog_8484fa31880a91a4e52d0f01.dat
c:\users\Brent\AppData\Local\temp\FXSAPIDebugLogFile.txt
c:\users\Brent\AppData\Local\temp\GoogleQuickSearchBox.log
c:\users\Brent\AppData\Local\temp\msohtmlclip1\01\clip_colorschememapping.xml
c:\users\Brent\AppData\Local\temp\msohtmlclip1\01\clip_themedata.thmx
c:\users\Brent\AppData\Local\temp\qtsingleapp-camera-a689-1-lockfile
c:\users\Brent\AppData\Local\temp\qtsingleapp-lwsexe-d03c-1-lockfile
c:\users\Brent\AppData\Roaming\AC6C4
c:\users\Brent\AppData\Roaming\AC6C4\4528.C6C
c:\users\Brent\g2mdlhlpx.exe
c:\users\Default\AppData\Local\temp
c:\windows\myClean.bat
c:\windows\system32\PerfStringBackup.TMP
c:\users\Brent\AppData\Local\temp . . . . Failed to delete
c:\users\Brent\AppData\Local\temp\LTTray.dat . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-27 15:48 . 2012-01-31 01:47 -------- d-----w- c:\users\Brent\AppData\Local\temp
2012-01-27 15:47 . 2011-04-25 03:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-27 14:25 . 2012-01-27 14:25 -------- d-----w- c:\programdata\McAfee
2012-01-27 13:53 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-25 19:53 . 2012-01-25 19:53 -------- d-----w- c:\users\Brent\AppData\Roaming\Malwarebytes
2012-01-25 19:53 . 2012-01-25 19:53 -------- d-----w- c:\programdata\Malwarebytes
2012-01-25 19:52 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-25 19:52 . 2012-01-25 19:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-25 19:50 . 2012-01-25 19:50 135781 ----a-w- C:\mbam-setup-1.60.0.1800.exe
2012-01-17 15:23 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-17 15:23 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-17 15:23 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-16 15:07 . 2009-08-20 04:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-01-16 15:01 . 2012-01-03 13:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 01:45 . 2009-12-05 17:16 0 ----a-w- c:\users\Brent\AppData\Local\WavXMapDrive.bat
2011-12-19 18:46 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-24 04:25 . 2011-12-19 02:47 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:01 . 2012-01-11 19:59 67072 ----a-w- c:\windows\system32\packager.dll
2011-11-17 05:38 . 2012-01-11 19:59 1288472 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:35 . 2012-01-17 15:23 314880 ----a-w- c:\windows\system32\webio.dll
2011-11-17 05:34 . 2012-01-17 15:23 100352 ----a-w- c:\windows\system32\sspicli.dll
2011-11-17 05:34 . 2012-01-17 15:23 15872 ----a-w- c:\windows\system32\sspisrv.dll
2011-11-17 05:34 . 2012-01-17 15:23 224768 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 05:34 . 2012-01-17 15:23 22016 ----a-w- c:\windows\system32\secur32.dll
2011-11-17 05:32 . 2012-01-17 15:23 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-17 05:29 . 2012-01-17 15:23 22528 ----a-w- c:\windows\system32\lsass.exe
2011-11-15 16:53 . 2011-05-15 19:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 04:35 . 2011-12-19 02:47 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26 . 2011-12-19 02:46 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48 . 2011-12-19 02:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-18 15:35 . 2011-02-18 15:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\lsasrv.dll ---
Company: Microsoft Corporation
File Description: LSA Server DLL
File Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: lsasrv.dll.mui
File size: 1038848
Created time: 2012-01-17 15:23
Modified time: 2011-11-17 05:32
MD5: C95CA687D32DDAB1C91E1122E80D5E16
SHA1: 112E21A659C80EC12F42CE105D770D366ADDDBBA
.
.
--- c:\windows\system32\lsass.exe ---
Company: Microsoft Corporation
File Description: Local Security Authority Process
File Version: 6.1.7601.17725 (win7sp1_gdr.111116-1503)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: lsass.exe
File size: 22528
Created time: 2012-01-17 15:23
Modified time: 2011-11-17 05:29
MD5: 81951F51E318AECC2D68559E47485CC4
SHA1: D49245356DD4DC5E8F64037E4DC385355882A340
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-09 39408]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\723\g2mstart.exe" [2011-05-31 39816]
"{E8951905-B0E2-46E3-8881-5C20EAE8B00B}"="c:\windows\system32\msiexec.exe" [2010-11-20 73216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-02 160328]
"Akamai NetSession Interface"="c:\users\Brent\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-08-05 4562944]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-09 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-02-06 843776]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-05 495708]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-18 30192]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-02 160328]
.
c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
Yammer.lnk - c:\program files\Yammer\Yammer.exe [2011-10-15 142336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-11-25 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2011-11-15 1126728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-03 29472]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-18 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2009-06-15 20480]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-06-03 174720]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-20 32408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2010-04-05 81920]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 LTService;TechGuides Monitoring Service;c:\windows\LTSVC\LTSVC.exe [2011-11-15 8713032]
S2 LTSvcMon;TechGuides Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [2011-11-15 98120]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:07]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:07]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003Core.job
- c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 23:59]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003UA.job
- c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 23:59]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: tgelite.com\labtech
TCP: DhcpNameServer = 192.168.1.1
DPF: CabCCT - hxxps://ondemand.apptix.net/codebase/ActCtrl_Apptix.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn1.appliedsystems.com/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\bwy2t5l6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59616
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Brent\AppData\Roaming\Move Networks
FF - Ext: Google Reader Watcher: grwatcher@ajnasz.hu - %profile%\extensions\grwatcher@ajnasz.hu
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(532)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(7992)
c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\SAgent4.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\Epson Software\Event Manager\EEventManager.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Citrix\GoToMeeting\723\g2mcomm.exe
c:\program files\Citrix\GoToMeeting\723\g2mlauncher.exe
c:\windows\system32\igfxext.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2012-01-30 20:58:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-31 01:58
ComboFix2.txt 2012-01-27 19:03
ComboFix3.txt 2012-01-27 16:03
.
Pre-Run: 78,427,914,240 bytes free
Post-Run: 78,379,073,536 bytes free
.
- - End Of File - - 05E37F0823EE68513953902EEAC68359
 
Farbar Service Scanner Version: 18-01-2012 01
Ran by Brent (administrator) on 30-01-2012 at 20:26:42
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2012-01-27 10:47] - [2011-04-24 22:24] - 0338944 ____A (Microsoft Corporation) C427F91A748CD342A2B3F9278D9FD6A5

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Results of screen317's Security Check version 0.99.30
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

McAfee Security Scan Plus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 26
Java version out of date!
Mozilla Firefox (3.6.17) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
 
For any of the scan you are instructed to disable the security, you are also told to re-enable it when the scan is finished.

It would be helpful if you told me what problem have been resolved and what, if any, remain.
=========================================
OTL Custom Scan Fixes

  • Run OTL
  • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

    Code:
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59616
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: grwatcher@ajnasz.hu:1.4.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..network.proxy.http_port: 59616
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    [2010/12/20 12:15:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/14 08:24:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/07/10 15:08:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: CabCCT https://ondemand.apptix.net/codebase/ActCtrl_Apptix.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49A738B7-03B3-47B9-9727-51289FA76CED}: DhcpNameServer = 10.232.53.29
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    [2012/01/26 20:50:55 | 000,000,306 | ---- | C] () -- C:\Windows\myClean.bat
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    helpfile [open] -- Reg Error: Key error.
    regfile [merge] -- Reg Error: Key error.
    txtfile [edit] -- Reg Error: Key error.
    Folder [explore] -- Reg Error: Value error.
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    
    :Files
    
    :Commands
    [purity]
    [emptyflash]
    [emptyjava]
    [resethosts]
    [CreateRestorePoint]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run uninterrupted, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
 
Errors

I ran this code in OTL but it keeps hanging with this line showing:

Processing Registry data helpfile [open]--Reg Key error...

Not sure what to do.

Thanks,
Brent
 
ComboFix Results

Something weird popped up "a system check" type window so I killed it using task mgr and it did not come back. I ran ComboFix so I could show you any recent files that have been on my machine a few look concerning.

I hope this helps. Thanks.

=======================

ComboFix 12-01-26.01 - Brent 02/04/2012 18:40:19.4.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.2390 [GMT -5:00]
Running from: c:\users\Brent\Desktop\ComboFix.exe
FW: McAfee® Security-as-a-Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))
.
.
2012-02-04 23:41 . 2012-02-04 23:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-04 20:57 . 2012-02-04 20:57 -------- d-----w- C:\_OTL
2012-02-04 20:23 . 2012-02-04 20:23 323072 ----a-w- c:\users\Brent\AppData\Local\bgogcmym.exe
2012-02-04 20:23 . 2012-02-04 20:23 323072 ----a-w- c:\users\Brent\AppData\Local\utmcwk.exe
2012-02-02 00:33 . 2012-02-02 17:19 60304 ----a-w- c:\users\Brent\g2mdlhlpx.exe
2012-01-27 15:48 . 2012-02-04 23:42 -------- d-----w- c:\users\Brent\AppData\Local\temp
2012-01-27 15:47 . 2011-04-25 03:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-27 14:25 . 2012-01-27 14:25 -------- d-----w- c:\programdata\McAfee
2012-01-27 13:53 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-25 19:53 . 2012-01-25 19:53 -------- d-----w- c:\users\Brent\AppData\Roaming\Malwarebytes
2012-01-25 19:53 . 2012-01-25 19:53 -------- d-----w- c:\programdata\Malwarebytes
2012-01-25 19:52 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-25 19:52 . 2012-01-25 19:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-25 19:50 . 2012-01-25 19:50 135781 ----a-w- C:\mbam-setup-1.60.0.1800.exe
2012-01-17 15:23 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-17 15:23 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-17 15:23 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-17 15:23 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-17 15:23 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-17 15:23 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-17 15:23 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-17 15:23 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-17 15:23 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-17 15:23 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-16 15:07 . 2009-08-20 04:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-01-16 15:01 . 2012-01-03 13:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-11 19:59 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 19:59 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 19:58 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 19:58 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 01:45 . 2009-12-05 17:16 0 ----a-w- c:\users\Brent\AppData\Local\WavXMapDrive.bat
2011-12-19 18:46 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-24 04:25 . 2011-12-19 02:47 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 16:53 . 2011-05-15 19:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-02-18 15:35 . 2011-02-18 15:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-09 39408]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\723\g2mstart.exe" [2011-05-31 39816]
"{E8951905-B0E2-46E3-8881-5C20EAE8B00B}"="c:\windows\system32\msiexec.exe" [2010-11-20 73216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-02 160328]
"Akamai NetSession Interface"="c:\users\Brent\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
"WorkForce 610(Network)"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE" [2009-01-26 199680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-08-05 4562944]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-09 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-02-06 843776]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-05 495708]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-18 30192]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-02 160328]
.
c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Brent\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
Yammer.lnk - c:\program files\Yammer\Yammer.exe [2011-10-15 142336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-11-25 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2011-11-15 1126728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-03 29472]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-18 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2009-06-15 20480]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-06-03 174720]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-20 32408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2010-04-05 81920]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 LTService;TechGuides Monitoring Service;c:\windows\LTSVC\LTSVC.exe [2011-11-15 8713032]
S2 LTSvcMon;TechGuides Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [2011-11-15 98120]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:07]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 15:07]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003Core.job
- c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 23:59]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3248735208-1846752271-3406580854-1003UA.job
- c:\users\Brent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-18 23:59]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: tgelite.com\labtech
TCP: DhcpNameServer = 192.168.1.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn1.appliedsystems.com/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Brent\AppData\Roaming\Mozilla\Firefox\Profiles\bwy2t5l6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Brent\AppData\Roaming\Move Networks
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_e286960.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(532)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(336)
c:\users\Brent\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-02-04 18:44:03
ComboFix-quarantined-files.txt 2012-02-04 23:44
ComboFix2.txt 2012-01-31 01:58
ComboFix3.txt 2012-01-27 19:03
ComboFix4.txt 2012-01-27 16:03
.
Pre-Run: 80,890,531,840 bytes free
Post-Run: 80,738,213,888 bytes free
.
- - End Of File - - A7211E20B0CF5DA0A9986BD5E9034FEA
 
Combofix ran in Reduced Functionality Mode. Did you get a screen like this when you ran it the last time?
activation1.jpg


From Microsoft:
Reduced Functionality Mode> Win 7
Once activated, a client must reactivate every six months. Despite what you may have read elsewhere, there's no reduced functionality mode in Windows 7. If the activation key expires, the desktop background simply goes black and a notification balloon states that the operating system isn't genuine.

So something must need to be reactivated. There is still malware on the system, but we need to find the activation problem and fix it before trying to run more script in Combofix.

Please run the MGA Diagnostics tool
  • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
  • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
  • You must choose to Run this tool when prompted.
  • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
  • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
  • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
  • Please return to this thread and Paste the results here for review.
------------------------------------------
This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
2. Does it read "OEM Software" or "OEM Product" in black lettering?
3. Or, does it have the computer manufacturer's name in black lettering?
4. DO NOT post the Product Key.

NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
 
Status
Not open for further replies.
Back