Inactive Cisco issue: The vpn client was unable to setup IP filtering

Status
Not open for further replies.
C

carlyk

This error just started happening and I believe it's due to some malware I picked up the other day. I thought I properly removed it. Here are my logs:

Malware
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8404

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/20/2011 1:06:14 PM
mbam-log-2011-12-20 (13-06-14).txt

Scan type: Quick scan
Objects scanned: 199185
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\carly.kaufman\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

GMER
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-20 13:57:27
Windows 6.1.7601 Service Pack 1
Running: yuekg61g.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002268e4a24d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c60768b2c95
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002268e4a24d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c60768b2c95 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\temp\7e06d6e2-37fb-467d-9228-9b8fb85d7f9a.tmp 0 bytes
File C:\Windows\temp\5f42564b-8969-4a38-91ac-590a7e7f9189.tmp 0 bytes
File C:\Windows\temp\b209c5bf-f6d1-41eb-9aa9-5920f9d05324.tmp 0 bytes

---- EOF - GMER 1.0.15 ----

DDS
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by carly.kaufman at 13:57:46 on 2011-12-20
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8088.5394 [GMT -7:00]
.
AV: AVG Anti-Virus Network Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Network Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Windows\system32\dleecoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lxedcoms.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
C:\Windows\system32\conhost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
C:\Program Files (x86)\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\MozyPro\mozyprostat.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://mail.google.com/mail/u/0/?hl=en&shva=1#inbox
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [DBISQL9] "C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload
uRun: [SybaseCentral43] "C:\Program Files (x86)\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Cisco Unified Personal Communicator] "C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\CUPC.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [MSCRM] "C:\Program Files (x86)\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" /uninstallpst /uninstallabp /deactivateaddin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\CARLY~1.KAU\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\CARLY~1.KAU\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\CARLY~1.KAU\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Yammer.lnk - C:\Program Files (x86)\Yammer\Yammer.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYPR~1.LNK - C:\Program Files (x86)\MozyPro\mozyprostat.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: C&all - C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-call.htm
IE: Call with &Edit... - C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-edit-and-call.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: google.com\mail
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {0FACC666-E038-43FF-B1A5-064FFB536934} - hxxp://tenrox.parivedasolutions.com/TEnterprise/Download/Upload.CAB
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://tenrox.parivedasolutions.com/TEnterprise/download/ScriptX.cab
DPF: {3E059DAB-6894-435C-B758-2977F014D734} - hxxp://tenrox.parivedasolutions.com/TEnterprise/download/TClientProc.CAB
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://parivedasolutions1.crm.dynamics.com/Reserved.ReportViewerWebControl.axd?ReportSession=xpe1eyvg1jfezaq0itsw4l55&ControlID=acbad67086914735b69b25b12c58522b&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {9CF0560E-8FDC-45DB-8FBB-E7C9AE50BCE9} - hxxp://tenrox.parivedasolutions.com/TEnterprise/Download/TWorkflowMapX.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68}\051627B614675623 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68}\361627C69716E64627F69646 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68}\47964716E69657D6 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68}\775656E69637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AB1BB9B7-1BEE-407B-8ADD-A6EB1BB3E60D} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\0716274616C6 : DhcpNameServer = 192.168.100.150 10.10.19.41
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\2375942554133353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\255637964656E63656F594E6E6 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\261687475627D646 : DhcpNameServer = 4.2.2.3 4.2.2.5 4.2.2.1
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\47964716E69657D6 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\E4F414D4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\F46756274627966756D2931314 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\GOOGLE\GOOGLE~1\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO-X64: Lync add-on BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [MSCRM] "C:\Program Files (x86)\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" /uninstallpst /uninstallabp /deactivateaddin
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\PROGRA~2\GOOGLE\GOOGLE~1\GO36F4~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Carly.Kaufman\AppData\Roaming\Mozilla\Firefox\Profiles\cgdwdqir.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&t=0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Carly.Kaufman\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Carly.Kaufman\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
FF - plugin: C:\Users\Carly.Kaufman\AppData\Roaming\Mozilla\Firefox\Profiles\cgdwdqir.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\Carly.Kaufman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Carly.Kaufman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?]
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 iaNvStor;Intel(R) Turbo Memory Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys --> C:\Windows\system32\DRIVERS\iaNvStor.sys [?]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R1 mozyproFilter;mozyproFilter;C:\Windows\system32\DRIVERS\mozypro.sys --> C:\Windows\system32\DRIVERS\mozypro.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2011-3-28 308136]
R2 cpextender;Check Point SSL Network Extender;C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [2009-11-2 353672]
R2 dlee_device;dlee_device;C:\Windows\system32\dleecoms.exe -service --> C:\Windows\system32\dleecoms.exe -service [?]
R2 lxed_device;lxed_device;C:\Windows\system32\lxedcoms.exe -service --> C:\Windows\system32\lxedcoms.exe -service [?]
R2 mozyprobackup;MozyPro Backup Service;C:\Program Files\MozyPro\mozyprobackup.exe [2009-5-4 79672]
R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-9-22 210792]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-8-17 2024864]
R2 MSSQL$CRM;SQL Server (CRM);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-2-10 29178224]
R2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;C:\Windows\system32\DRIVERS\ndiscdp.sys --> C:\Windows\system32\DRIVERS\ndiscdp.sys [?]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-9-22 2084712]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-8-16 592120]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
R3 VNA;Check Point Virtual Network Adapter;C:\Windows\system32\DRIVERS\vna.sys --> C:\Windows\system32\DRIVERS\vna.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dleeCATSCustConnectService;dleeCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleeserv.exe [2010-10-7 33448]
S2 lxedCATSCustConnectService;lxedCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxedserv.exe [2010-12-24 45736]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-8-12 164200]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-8-31 30192]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-8-12 75112]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv90;Performance Tools Driver 9.0;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-9-4 71024]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== Created Last 30 ================
.
2011-12-20 19:42:14 -------- d-----w- C:\MGlogs
2011-12-20 19:37:03 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-20 18:57:20 -------- d-----w- C:\MGtools
2011-12-20 18:27:26 98816 ----a-w- C:\Windows\sed.exe
2011-12-20 18:27:26 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-20 18:27:26 256000 ----a-w- C:\Windows\PEV.exe
2011-12-20 18:27:26 208896 ----a-w- C:\Windows\MBR.exe
2011-12-20 18:19:43 2442533 ----a-w- C:\MGtools.exe
2011-12-20 18:00:30 -------- d-----w- C:\Program Files (x86)\Cisco
2011-12-19 23:06:07 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-12-19 23:06:01 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-12-19 23:05:57 -------- d-----w- C:\Program Files\Oracle
2011-12-19 21:55:54 -------- d-----w- C:\Users\Carly.Kaufman\VirtualBox VMs
2011-12-19 21:48:08 -------- d-----w- C:\Users\Carly.Kaufman\.VirtualBox
2011-12-16 23:17:16 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-16 22:07:12 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Roaming\SUPERAntiSpyware.com
2011-12-16 22:07:12 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-16 22:06:20 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Roaming\Malwarebytes
2011-12-16 22:05:59 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-16 22:05:55 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-16 22:05:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-15 22:25:26 -------- d-----w- C:\ProgramData\Xerox
2011-12-15 03:26:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 03:15:36 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 03:15:34 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 03:15:34 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 03:15:21 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 03:15:21 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-13 18:19:42 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Roaming\C2PublicFoldersSyncAddin
2011-12-13 18:16:56 -------- d-----w- C:\Program Files (x86)\CodeTwo
2011-12-12 21:11:05 -------- d-----w- C:\Users\Carly.Kaufman\Lync Recordings
2011-12-12 21:03:39 -------- d-----w- C:\Program Files\Microsoft Lync
2011-12-12 21:03:35 -------- d-----w- C:\Program Files (x86)\Microsoft Lync
2011-12-12 21:02:57 -------- d-----w- C:\Users\Carly.Kaufman\Tracing
2011-12-12 21:02:57 -------- d-----w- C:\Program Files (x86)\OCSetup
2011-12-07 19:38:30 -------- d-----w- C:\Program Files (x86)\Common Files\Cisco Systems
2011-12-07 19:19:02 58432 ----a-r- C:\Windows\System32\CdpNotify.dll
2011-12-07 19:19:02 29248 ----a-r- C:\Windows\System32\drivers\Ndiscdp.sys
2011-12-07 18:07:40 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Roaming\Cisco
2011-12-07 18:00:25 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Local\Downloaded Installations
2011-12-07 17:51:00 -------- d-----w- C:\Program Files (x86)\Yammer
2011-12-05 00:11:33 -------- d-----w- C:\ProgramData\VS
2011-12-04 23:39:45 -------- d-----w- C:\Windows\System32\SPReview
2011-12-04 23:38:34 -------- d-----w- C:\Windows\System32\EventProviders
2011-12-04 23:35:16 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2011-12-04 23:35:16 109416 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2011-12-04 23:31:00 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQLSERVER-sqlctr10.3.5500.0.dll
2011-12-04 23:31:00 109416 ----a-w- C:\Windows\System32\perf-MSSQLSERVER-sqlctr10.3.5500.0.dll
.
==================== Find3M ====================
.
2011-12-20 18:45:45 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-12-20 18:10:40 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-05 07:45:30 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-12-05 07:45:29 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-11-04 19:37:00 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-11-04 19:37:00 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-11-04 19:36:58 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-23 04:07:34 105832 ----a-w- C:\Windows\System32\SQSRVRES.DLL
2011-09-23 04:06:04 3171176 ----a-w- C:\Windows\System32\sqlncli10.dll
2011-09-23 04:01:54 312168 ----a-w- C:\Windows\System32\drivers\RsFx0104.sys
2011-09-23 04:01:54 311144 ----a-w- C:\Windows\System32\drivers\RsFx0105.sys
2011-09-23 03:09:36 42344 ----a-w- C:\Windows\System32\DTSPipelinePerf100.dll
2011-09-23 00:18:58 2570088 ----a-w- C:\Windows\SysWow64\sqlncli10.dll
2011-09-22 22:42:48 32616 ----a-w- C:\Windows\SysWow64\DTSPipelinePerf100.dll
2006-02-05 03:46:06 679936 ----a-w- C:\Program Files (x86)\Crm Trace Log Viewer.exe
.
============= FINISH: 13:58:41.89 ===============
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

Attach.txt part of DDS is missing so post that.

Then....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2010 1:02:57 PM
System Uptime: 12/20/2011 1:07:12 PM (0 hours ago)
.
Motherboard: LENOVO | | 406235U
Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz | None | 2128/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 148 GiB total, 15.347 GiB free.
D: is FIXED (NTFS) - 1 GiB total, 0.957 GiB free.
E: is FIXED (NTFS) - 112 GiB total, 51.142 GiB free.
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_20C917AA&REV_11\4&1E9DBD12&0&03F0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_20C917AA&REV_11\4&1E9DBD12&0&03F0
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0002
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0002
Service: vpnva
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\6&B88B683&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\6&B88B683&0&2
Service: BthPan
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Hands-free Audio
Device ID: BTHENUM\{24DF01A9-3E4F-4C9F-9F66-5AA8AB14F8F4}_LOCALMFG&0000\7&63DB509&0&000000000000_00000000
Manufacturer: Broadcom
Name: Bluetooth Hands-free Audio
PNP Device ID: BTHENUM\{24DF01A9-3E4F-4C9F-9F66-5AA8AB14F8F4}_LOCALMFG&0000\7&63DB509&0&000000000000_00000000
Service: btwaudio
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_20CA17AA&REV_11\4&1E9DBD12&0&04F0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_20CA17AA&REV_11\4&1E9DBD12&0&04F0
Service:
.
Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Description: Bluetooth L2CAP Interface
Device ID: BTHENUM\{6E0C8F4C-D928-4852-B6B2-F0F0E0D126FA}_LOCALMFG&0000\7&63DB509&0&000000000000_00000000
Manufacturer: Broadcom Corp.
Name: Bluetooth L2CAP Interface
PNP Device ID: BTHENUM\{6E0C8F4C-D928-4852-B6B2-F0F0E0D126FA}_LOCALMFG&0000\7&63DB509&0&000000000000_00000000
Service: btwl2cap
.
Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Description: Bluetooth Remote Control
Device ID: BTHENUM\{84A1E9B8-12BA-4A9C-8AB0-A43784E0D149}_LOCALMFG&0000\7&63DB509&0&000000000000_00000000
Manufacturer: Broadcom
Name: Bluetooth Remote Control
PNP Device ID: BTHENUM\{84A1E9B8-12BA-4A9C-8AB0-A43784E0D149}_LOCALMFG&0000\7&63DB509&0&000000000000_00000000
Service: btwrchid
.
==== System Restore Points ===================
.
RP272: 12/20/2011 11:00:18 AM - Installed Cisco AnyConnect VPN Client
RP273: 12/20/2011 11:07:40 AM - Removed Java(TM) 6 Update 22
RP274: 12/20/2011 11:10:24 AM - Installed Java(TM) 6 Update 30
RP275: 12/20/2011 11:13:47 AM - Removed harmon.ie for SharePoint
RP276: 12/20/2011 11:14:36 AM - Removed EasyTether
RP277: 12/20/2011 11:15:12 AM - Removed Picaboo X
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
AnkhSVN 2.1.8420.8
Apple Application Support
Apple Software Update
AVG 9.0
Balsamiq Mockups For Desktop
BI Documenter
BIDS Helper 2008 1.4.3.0
Check Point SSL Network Extender
Cisco AnyConnect VPN Client
Cisco Unified Personal Communicator
CodeTwo FolderSync Addin
Crystal Reports Basic for Visual Studio 2008
Crystal Reports for Visual Studio
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Doro 1.35
Dotfuscator Software Services - Community Edition
Dropbox
eReg
FHTM.RSPro.Reports.Template
Google Desktop
Google Talk (remove only)
Google Talk Plugin
GoToMeeting 4.8.0.723
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2522890)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB2538241)
Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB971092)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
Java Auto Updater
Java(TM) 6 Update 30
JGoodies JDiskReport 1.3.2
K-Lite Codec Pack 4.0.0 (Full)
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Document Explorer 2008
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Project Professional 2010
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (CRM)
Microsoft SQL Server 2008 Books Online (English)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Policies
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio 2008 Team Explorer - ENU
Microsoft Visual Studio 2008 Team Explorer - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio Macro Tools
Microsoft Visual Studio Team System 2008 Development Edition - ENU
Microsoft Visual Studio Team System 2008 Development Edition - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
Move Media Player
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
No-IP DUC
Notepad++
NotesLink
Pandora
Picasa 3
QuickTime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2553010)
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB2251487)
Security Update for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB972222)
Skype™ 5.0
SQL Anywhere Studio 9, Documentation
SQL Anywhere Studio 9, Software
SQL Pretty Printer for SQL Server Management Studio
Sybase InfoMaker 10.5
ThinkPad Power Manager
Trillian
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office Project 2007 Help (KB957248)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB957251)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Microsoft Visual Studio 2008 Team Explorer - ENU (KB974558)
Update for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB974558)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
VBoxHeadlessTray
VC Runtimes MSI
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - v9.0.30729.4148
Visual C++ 2008 x86 Runtime - v9.0.30729.6161
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
WCF RIA Services V1.0 SP1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Wisdom-soft Set up ScreenHunter 5.1 Free
XML Notepad 2007
Yammer
Your Uninstaller! 2010
.
==== Event Viewer Messages From Past Week ========
.
12/20/2011 12:38:48 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
12/20/2011 11:43:41 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/20/2011 11:41:00 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/20/2011 10:47:23 AM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
12/20/2011 10:47:23 AM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2011 10:36:10 AM, Error: Service Control Manager [7030] - The Cisco AnyConnect VPN Agent service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/20/2011 1:15:45 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
12/20/2011 1:12:34 PM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
12/20/2011 1:12:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
12/20/2011 1:11:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/20/2011 1:10:46 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
12/20/2011 1:10:35 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/20/2011 1:10:15 PM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
12/20/2011 1:09:14 PM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the lxedCATSCustConnectService service to connect.
12/20/2011 1:09:14 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/20/2011 1:09:14 PM, Error: Service Control Manager [7000] - The lxedCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2011 1:08:58 PM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the dleeCATSCustConnectService service to connect.
12/20/2011 1:08:58 PM, Error: Service Control Manager [7000] - The dleeCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2011 1:08:55 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
12/20/2011 1:08:54 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/20/2011 1:08:51 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain PARIVEDA due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
12/20/2011 1:08:04 PM, Error: amdkmdag [52236] - CPLIB :: General - Invalid Parameter
12/20/2011 1:08:04 PM, Error: amdkmdag [43029] - Display is not active
12/19/2011 3:43:03 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/19/2011 3:35:43 PM, Error: Service Control Manager [7024] - The SQL Server (CRM) service terminated with service-specific error The specified resource name cannot be found in the image file..
12/19/2011 3:04:40 PM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the SQL Server VSS Writer service to connect.
12/19/2011 3:04:40 PM, Error: Service Control Manager [7001] - The Intel(R) Matrix Storage Event Monitor service depends on the Windows Management Instrumentation service which failed to start because of the following error: The system cannot find the path specified.
12/19/2011 3:04:40 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The system cannot find the path specified.
12/19/2011 3:04:40 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The system cannot find the path specified.
12/19/2011 3:04:40 PM, Error: Service Control Manager [7000] - The UltraMon Utility Driver service failed to start due to the following error: The media is write protected.
12/19/2011 3:04:40 PM, Error: Service Control Manager [7000] - The TCP/IP Registry Compatibility service failed to start due to the following error: The media is write protected.
12/19/2011 3:04:40 PM, Error: Service Control Manager [7000] - The SQL Server VSS Writer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/19/2011 3:04:40 PM, Error: Service Control Manager [7000] - The Remote Desktop Services service failed to start due to the following error: The system cannot find the path specified.
12/19/2011 3:04:40 PM, Error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The system cannot find the path specified.
12/19/2011 3:04:40 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The system cannot find the path specified.
12/19/2011 3:04:37 PM, Error: Service Control Manager [7038] - The SQLBrowser service was unable to log on as NT AUTHORITY\LOCAL SERVICE with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/19/2011 3:04:37 PM, Error: Service Control Manager [7038] - The ReportServer service was unable to log on as NT AUTHORITY\NETWORK SERVICE with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/19/2011 3:04:37 PM, Error: Service Control Manager [7038] - The RemoteRegistry service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/19/2011 3:04:37 PM, Error: Service Control Manager [7038] - The Pml Driver HPZ12 service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/19/2011 3:04:37 PM, Error: Service Control Manager [7001] - The SQL Server Agent (MSSQLSERVER) service depends on the SQL Server (MSSQLSERVER) service which failed to start because of the following error: The service did not start due to a logon failure.
12/19/2011 3:04:37 PM, Error: Service Control Manager [7000] - The SQL Server Reporting Services (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
12/19/2011 3:04:37 PM, Error: Service Control Manager [7000] - The SQL Server Browser service failed to start due to the following error: The service did not start due to a logon failure.
12/19/2011 3:04:37 PM, Error: Service Control Manager [7000] - The Remote Registry service failed to start due to the following error: The service did not start due to a logon failure.
12/19/2011 3:04:37 PM, Error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not start due to a logon failure.
12/19/2011 3:04:35 PM, Error: Service Control Manager [7038] - The NlaSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/19/2011 3:04:35 PM, Error: Service Control Manager [7038] - The MSSQLServerOLAPService service was unable to log on as NT AUTHORITY\NETWORK SERVICE with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/19/2011 3:04:35 PM, Error: Service Control Manager [7038] - The MSSQLSERVER service was unable to log on as NT AUTHORITY\NETWORK SERVICE with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/19/2011 3:04:35 PM, Error: Service Control Manager [7038] - The MSSQL$SQLEXPRESS service was unable to log on as NT AUTHORITY\NETWORK SERVICE with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/19/2011 3:04:35 PM, Error: Service Control Manager [7038] - The MSSQL$CRM service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/19/2011 3:04:35 PM, Error: Service Control Manager [7000] - The SQL Server Analysis Services (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
12/19/2011 3:04:35 PM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not start due to a logon failure.
12/19/2011 3:04:35 PM, Error: Service Control Manager [7000] - The SQL Server (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
12/19/2011 3:04:35 PM, Error: Service Control Manager [7000] - The SQL Server (CRM) service failed to start due to the following error: The service did not start due to a logon failure.
12/19/2011 3:04:35 PM, Error: Service Control Manager [7000] - The Program Compatibility Assistant Service service failed to start due to the following error: A system shutdown is in progress.
12/19/2011 3:04:35 PM, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The service did not start due to a logon failure.
12/19/2011 3:04:35 PM, Error: Service Control Manager [7000] - The Microsoft Online Services Sign-in Assistant service failed to start due to the following error: The pipe has been ended.
12/19/2011 3:04:34 PM, Error: Service Control Manager [7038] - The MsDtsServer100 service was unable to log on as NT AUTHORITY\NETWORK SERVICE with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/19/2011 3:04:34 PM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the lxed_device service to connect.
12/19/2011 3:04:34 PM, Error: Service Control Manager [7000] - The SQL Server Integration Services 10.0 service failed to start due to the following error: The service did not start due to a logon failure.
12/19/2011 3:04:34 PM, Error: Service Control Manager [7000] - The lxed_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/19/2011 3:04:33 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The pipe has been ended.
12/19/2011 3:04:27 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
12/15/2011 1:33:11 PM, Error: Service Control Manager [7011] - A timeout (60000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
12/14/2011 9:41:51 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
 
askMBR

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-20 20:41:05
-----------------------------
20:41:05.348 OS Version: Windows x64 6.1.7601 Service Pack 1
20:41:05.348 Number of processors: 2 586 0x170A
20:41:05.350 ComputerName: CKAUFMANDAL3 UserName:
20:41:07.377 Initialize success
20:42:01.460 AVAST engine defs: 11122001
20:43:23.060 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:43:23.071 Disk 0 Vendor: ST916082 3.CM Size: 152627MB BusType: 3
20:43:23.077 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
20:43:23.084 Disk 1 Vendor: Corsair_ 1.0_ Size: 114473MB BusType: 3
20:43:23.098 Disk 0 MBR read successfully
20:43:23.105 Disk 0 MBR scan
20:43:23.121 Disk 0 Windows 7 default MBR code
20:43:23.130 Service scanning
20:43:24.941 Modules scanning
20:43:24.953 Disk 0 trace - called modules:
20:43:25.013 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:43:25.023 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008d82760]
20:43:25.034 3 CLASSPNP.SYS[fffff88001b8543f] -> nt!IofCallDriver -> [0xfffffa8007c85040]
20:43:25.050 5 ACPI.sys[fffff88000f1e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007c86050]
20:43:26.597 AVAST engine scan C:\Windows
20:43:31.030 AVAST engine scan C:\Windows\system32
20:43:50.255 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
20:46:34.208 AVAST engine scan C:\Windows\system32\drivers
20:46:53.852 AVAST engine scan C:\Users\Carly.Kaufman
20:57:03.968 AVAST engine scan C:\ProgramData
20:58:17.454 Disk 0 MBR has been saved successfully to "C:\Users\Carly.Kaufman\Desktop\logs\MBR.dat"
20:58:17.457 The log file has been saved successfully to "C:\Users\Carly.Kaufman\Desktop\logs\aswMBR.txt"
 
ComboFix Log

ComboFix 11-12-20.04 - carly.kaufman 12/20/2011 21:51:21.1.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8088.6198 [GMT -7:00]
Running from: c:\users\Carly.Kaufman\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
.
.
2011-12-21 05:04 . 2011-12-21 05:04 -------- d-----w- c:\users\MultiWindow\AppData\Local\temp
2011-12-21 05:04 . 2011-12-21 05:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-20 19:42 . 2011-12-20 19:42 -------- d-----w- C:\MGlogs
2011-12-20 18:57 . 2011-12-20 19:40 -------- d-----w- C:\MGtools
2011-12-20 18:11 . 2011-12-20 18:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-20 18:00 . 2011-12-20 18:00 -------- d-----w- c:\program files (x86)\Cisco
2011-12-19 23:06 . 2011-11-04 19:37 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-12-19 23:06 . 2011-11-04 19:37 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-12-19 23:05 . 2011-12-19 23:05 -------- d-----w- c:\program files\Oracle
2011-12-19 21:55 . 2011-12-19 23:08 -------- d-----w- c:\users\Carly.Kaufman\VirtualBox VMs
2011-12-19 21:48 . 2011-12-20 17:40 -------- d-----w- c:\users\Carly.Kaufman\.VirtualBox
2011-12-16 23:17 . 2011-12-16 23:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-16 22:07 . 2011-12-16 22:07 -------- d-----w- c:\users\Carly.Kaufman\AppData\Roaming\SUPERAntiSpyware.com
2011-12-16 22:07 . 2011-12-16 22:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-16 22:06 . 2011-12-16 22:06 -------- d-----w- c:\users\Carly.Kaufman\AppData\Roaming\Malwarebytes
2011-12-16 22:05 . 2011-12-16 22:05 -------- d-----w- c:\programdata\Malwarebytes
2011-12-16 22:05 . 2011-12-20 20:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-16 22:05 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-15 22:25 . 2011-12-15 22:25 -------- d-----w- c:\programdata\Xerox
2011-12-15 03:26 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 03:15 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 03:15 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 03:15 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 03:15 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 03:15 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-13 18:19 . 2011-12-13 18:19 -------- d-----w- c:\users\Carly.Kaufman\AppData\Roaming\C2PublicFoldersSyncAddin
2011-12-13 18:16 . 2011-12-13 18:16 -------- d-----w- c:\program files (x86)\CodeTwo
2011-12-12 21:11 . 2011-12-12 21:11 -------- d-----w- c:\users\Carly.Kaufman\Lync Recordings
2011-12-12 21:03 . 2011-12-12 21:03 -------- d-----w- c:\program files\Microsoft Lync
2011-12-12 21:03 . 2011-12-12 21:03 -------- d-----w- c:\program files (x86)\Microsoft Lync
2011-12-12 21:02 . 2011-12-21 04:45 -------- d-----w- c:\users\Carly.Kaufman\Tracing
2011-12-12 21:02 . 2011-12-12 21:02 -------- d-----w- c:\program files (x86)\OCSetup
2011-12-07 19:38 . 2011-12-07 19:38 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems
2011-12-07 19:19 . 2010-12-17 16:47 29248 ----a-r- c:\windows\system32\drivers\Ndiscdp.sys
2011-12-07 19:19 . 2010-12-17 16:47 58432 ----a-r- c:\windows\system32\CdpNotify.dll
2011-12-07 18:07 . 2011-12-07 18:07 -------- d-----w- c:\users\Carly.Kaufman\AppData\Roaming\Cisco
2011-12-07 18:00 . 2011-12-07 18:00 -------- d-----w- c:\users\Carly.Kaufman\AppData\Local\Downloaded Installations
2011-12-07 17:51 . 2011-12-07 17:51 -------- d-----w- c:\program files (x86)\Yammer
2011-12-05 00:11 . 2011-12-05 00:11 -------- d-----w- c:\programdata\VS
2011-12-04 23:39 . 2011-12-04 23:39 -------- d-----w- c:\windows\system32\SPReview
2011-12-04 23:38 . 2011-12-04 23:38 -------- d-----w- c:\windows\system32\EventProviders
2011-12-04 23:35 . 2011-09-23 04:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2011-12-04 23:35 . 2011-09-23 00:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2011-12-04 23:31 . 2011-09-23 04:06 109416 ----a-w- c:\windows\system32\perf-MSSQLSERVER-sqlctr10.3.5500.0.dll
2011-12-04 23:31 . 2011-09-23 00:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQLSERVER-sqlctr10.3.5500.0.dll
2011-12-04 23:17 . 2011-12-04 23:17 -------- d-----w- c:\program files\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 19:40 . 2011-12-20 18:57 400445 ----a-w- C:\MGlogs.zip
2011-12-20 18:45 . 2010-08-13 15:17 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-12-20 18:10 . 2010-09-17 00:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-12 21:05 . 2010-07-20 12:09 17816 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
2011-12-06 07:00 . 2010-11-19 16:23 5115104 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-12-05 07:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-05 07:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-11-04 19:37 . 2011-11-04 19:37 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-11-04 19:37 . 2011-11-04 19:37 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-11-04 19:36 . 2011-11-04 19:36 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-09-29 16:29 . 2011-11-11 04:20 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-23 04:07 . 2010-08-16 21:28 105832 ----a-w- c:\windows\system32\SQSRVRES.DLL
2011-09-23 04:06 . 2011-09-23 04:06 3171176 ----a-w- c:\windows\system32\sqlncli10.dll
2011-09-23 04:01 . 2011-09-23 04:01 312168 ----a-w- c:\windows\system32\drivers\RsFx0104.sys
2011-09-23 04:01 . 2011-09-23 04:01 311144 ----a-w- c:\windows\system32\drivers\RsFx0105.sys
2011-09-23 03:09 . 2011-09-23 03:09 42344 ----a-w- c:\windows\system32\DTSPipelinePerf100.dll
2011-09-23 00:18 . 2011-09-23 00:18 2570088 ----a-w- c:\windows\SysWow64\sqlncli10.dll
2011-09-22 22:42 . 2011-09-22 22:42 32616 ----a-w- c:\windows\SysWow64\DTSPipelinePerf100.dll
2006-02-05 03:46 . 2010-10-06 19:34 679936 ----a-w- c:\program files (x86)\Crm Trace Log Viewer.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DBISQL9"="c:\program files (x86)\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" [2005-04-21 135168]
"SybaseCentral43"="c:\program files (x86)\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" [2005-04-01 102400]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"Cisco Unified Personal Communicator"="c:\program files (x86)\Cisco Systems\Unified Personal Communicator\CUPC.exe" [2010-10-08 4485968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-05-12 1128296]
"DoroServer"="c:\program files (x86)\DoroPDFWriter\DoroServer.exe" [2006-12-30 106496]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSCRM"="c:\program files (x86)\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" [2010-10-08 58216]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2011-11-16 12065056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Carly.Kaufman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
Yammer.lnk - c:\program files (x86)\Yammer\Yammer.exe [2011-12-7 142336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyPro Status.lnk - c:\program files\MozyPro\mozyprostat.exe [2011-2-8 4874040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe [2010-01-07 33448]
R2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe [2010-04-14 45736]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-05-12 164200]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-01 30192]
R3 HtcUsbMdmV64;HTC Proprietary USB Driver;c:\windows\system32\DRIVERS\HtcUsbMdmV64.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-05-12 75112]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-09-04 71024]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [x]
S1 mozyproFilter;mozyproFilter;c:\windows\system32\DRIVERS\mozypro.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpextender;Check Point SSL Network Extender;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [2009-11-03 353672]
S2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe [2010-01-07 1052328]
S2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe [2010-04-14 1052328]
S2 mozyprobackup;MozyPro Backup Service;c:\program files\MozyPro\mozyprobackup.exe [2009-05-04 79672]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-09-23 210792]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-08-17 2024864]
S2 MSSQL$CRM;SQL Server (CRM);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;c:\windows\system32\DRIVERS\ndiscdp.sys [x]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-09-23 2084712]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-08-16 592120]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1722649934-543905925-1528377701-1142Core.job
- c:\users\Carly.Kaufman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-16 03:25]
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1722649934-543905925-1528377701-1142UA.job
- c:\users\Carly.Kaufman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-16 03:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro]
@="{71B8CED8-5D67-4f57-89B1-F64CE6302A1E}"
[HKEY_CLASSES_ROOT\CLSID\{71B8CED8-5D67-4f57-89B1-F64CE6302A1E}]
2011-02-08 20:21 4368184 ----a-w- c:\program files\MozyPro\mozyproshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro2]
@="{CBAFE103-79DA-46ca-BD9A-63CBF6282882}"
[HKEY_CLASSES_ROOT\CLSID\{CBAFE103-79DA-46ca-BD9A-63CBF6282882}]
2011-02-08 20:21 4368184 ----a-w- c:\program files\MozyPro\mozyproshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro3]
@="{8B99EA55-1AFF-4539-80A0-A71C6011CD84}"
[HKEY_CLASSES_ROOT\CLSID\{8B99EA55-1AFF-4539-80A0-A71C6011CD84}]
2011-02-08 20:21 4368184 ----a-w- c:\program files\MozyPro\mozyproshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"IaNvSrv"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-22 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-22 365592]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://mail.google.com/mail/u/0/?hl=en&shva=1#inbox
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: C&all - c:\program files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-call.htm
IE: Call with &Edit... - c:\program files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-edit-and-call.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: google.com\mail
TCP: DhcpNameServer = 192.168.1.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {0FACC666-E038-43FF-B1A5-064FFB536934} - hxxp://tenrox.parivedasolutions.com/TEnterprise/Download/Upload.CAB
DPF: {3E059DAB-6894-435C-B758-2977F014D734} - hxxp://tenrox.parivedasolutions.com/TEnterprise/download/TClientProc.CAB
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://parivedasolutions1.crm.dynamics.com/Reserved.ReportViewerWebControl.axd?ReportSession=xpe1eyvg1jfezaq0itsw4l55&ControlID=acbad67086914735b69b25b12c58522b&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {9CF0560E-8FDC-45DB-8FBB-E7C9AE50BCE9} - hxxp://tenrox.parivedasolutions.com/TEnterprise/Download/TWorkflowMapX.cab
FF - ProfilePath - c:\users\Carly.Kaufman\AppData\Roaming\Mozilla\Firefox\Profiles\cgdwdqir.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&t=0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-20 22:08:11
ComboFix-quarantined-files.txt 2011-12-21 05:08
ComboFix2.txt 2011-12-20 18:48
.
Pre-Run: 18,413,740,032 bytes free
Post-Run: 18,352,128,000 bytes free
.
- - End Of File - - 8D3D4F43DBA5C9FFE27121CC9629EAF2
 
Except for the initial MBAM log I don't see anything malicious.

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
 
Thanks for your help

Broni said:
Except for the initial MBAM log I don't see anything malicious.

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
Click to expand...
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back