TechSpot

Cisco issue: The vpn client was unable to setup IP filtering

By carlyk
Dec 20, 2011
  1. This error just started happening and I believe it's due to some malware I picked up the other day. I thought I properly removed it. Here are my logs:

    Malware
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8404

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    12/20/2011 1:06:14 PM
    mbam-log-2011-12-20 (13-06-14).txt

    Scan type: Quick scan
    Objects scanned: 199185
    Time elapsed: 3 minute(s), 15 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\carly.kaufman\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

    GMER
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-20 13:57:27
    Windows 6.1.7601 Service Pack 1
    Running: yuekg61g.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002268e4a24d
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c60768b2c95
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002268e4a24d (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c60768b2c95 (not active ControlSet)

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\temp\7e06d6e2-37fb-467d-9228-9b8fb85d7f9a.tmp 0 bytes
    File C:\Windows\temp\5f42564b-8969-4a38-91ac-590a7e7f9189.tmp 0 bytes
    File C:\Windows\temp\b209c5bf-f6d1-41eb-9aa9-5920f9d05324.tmp 0 bytes

    ---- EOF - GMER 1.0.15 ----

    DDS
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
    Run by carly.kaufman at 13:57:46 on 2011-12-20
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8088.5394 [GMT -7:00]
    .
    AV: AVG Anti-Virus Network Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Network Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
    C:\Windows\system32\dleecoms.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\AVG\AVG9\avgam.exe
    C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Windows\system32\lxedcoms.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
    C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k regsvc
    C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
    C:\Windows\system32\conhost.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
    C:\Program Files (x86)\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\MozyPro\mozyprostat.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\conhost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files\MozyPro\mozyprobackup.exe
    C:\Program Files\MozyPro\mozyprobackup.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://mail.google.com/mail/u/0/?hl=en&shva=1#inbox
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
    uRun: [DBISQL9] "C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload
    uRun: [SybaseCentral43] "C:\Program Files (x86)\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload
    uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    uRun: [Cisco Unified Personal Communicator] "C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\CUPC.exe"
    mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
    mRun: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [MSCRM] "C:\Program Files (x86)\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" /uninstallpst /uninstallabp /deactivateaddin
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
    mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\CARLY~1.KAU\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\CARLY~1.KAU\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    StartupFolder: C:\Users\CARLY~1.KAU\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Yammer.lnk - C:\Program Files (x86)\Yammer\Yammer.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYPR~1.LNK - C:\Program Files (x86)\MozyPro\mozyprostat.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: C&all - C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-call.htm
    IE: Call with &Edit... - C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-edit-and-call.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    Trusted Zone: google.com\mail
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    DPF: {0FACC666-E038-43FF-B1A5-064FFB536934} - hxxp://tenrox.parivedasolutions.com/TEnterprise/Download/Upload.CAB
    DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://tenrox.parivedasolutions.com/TEnterprise/download/ScriptX.cab
    DPF: {3E059DAB-6894-435C-B758-2977F014D734} - hxxp://tenrox.parivedasolutions.com/TEnterprise/download/TClientProc.CAB
    DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://parivedasolutions1.crm.dynamics.com/Reserved.ReportViewerWebControl.axd?ReportSession=xpe1eyvg1jfezaq0itsw4l55&ControlID=acbad67086914735b69b25b12c58522b&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
    DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {9CF0560E-8FDC-45DB-8FBB-E7C9AE50BCE9} - hxxp://tenrox.parivedasolutions.com/TEnterprise/Download/TWorkflowMapX.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68}\051627B614675623 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68}\361627C69716E64627F69646 : DhcpNameServer = 192.168.43.1
    TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68}\47964716E69657D6 : DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68}\775656E69637 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{AB1BB9B7-1BEE-407B-8ADD-A6EB1BB3E60D} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\0716274616C6 : DhcpNameServer = 192.168.100.150 10.10.19.41
    TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\2375942554133353 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\255637964656E63656F594E6E6 : DhcpNameServer = 4.2.2.1
    TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\261687475627D646 : DhcpNameServer = 4.2.2.3 4.2.2.5 4.2.2.1
    TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\47964716E69657D6 : DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\E4F414D4 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\F46756274627966756D2931314 : DhcpNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\PROGRA~2\GOOGLE\GOOGLE~1\GO36F4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
    BHO-X64: Lync add-on BHO - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
    mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
    mRun-x64: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [MSCRM] "C:\Program Files (x86)\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" /uninstallpst /uninstallabp /deactivateaddin
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
    mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    AppInit_DLLs-X64: C:\PROGRA~2\GOOGLE\GOOGLE~1\GO36F4~1.DLL
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Carly.Kaufman\AppData\Roaming\Mozilla\Firefox\Profiles\cgdwdqir.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&t=0
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Carly.Kaufman\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Carly.Kaufman\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
    FF - plugin: C:\Users\Carly.Kaufman\AppData\Roaming\Mozilla\Firefox\Profiles\cgdwdqir.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
    FF - plugin: C:\Users\Carly.Kaufman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Carly.Kaufman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?]
    R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
    R0 iaNvStor;Intel(R) Turbo Memory Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys --> C:\Windows\system32\DRIVERS\iaNvStor.sys [?]
    R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
    R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
    R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
    R1 mozyproFilter;mozyproFilter;C:\Windows\system32\DRIVERS\mozypro.sys --> C:\Windows\system32\DRIVERS\mozypro.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2011-3-28 308136]
    R2 cpextender;Check Point SSL Network Extender;C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [2009-11-2 353672]
    R2 dlee_device;dlee_device;C:\Windows\system32\dleecoms.exe -service --> C:\Windows\system32\dleecoms.exe -service [?]
    R2 lxed_device;lxed_device;C:\Windows\system32\lxedcoms.exe -service --> C:\Windows\system32\lxedcoms.exe -service [?]
    R2 mozyprobackup;MozyPro Backup Service;C:\Program Files\MozyPro\mozyprobackup.exe [2009-5-4 79672]
    R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-9-22 210792]
    R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-8-17 2024864]
    R2 MSSQL$CRM;SQL Server (CRM);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-2-10 29178224]
    R2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;C:\Windows\system32\DRIVERS\ndiscdp.sys --> C:\Windows\system32\DRIVERS\ndiscdp.sys [?]
    R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-9-22 2084712]
    R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
    R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-8-16 592120]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?]
    R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
    R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    R3 VNA;Check Point Virtual Network Adapter;C:\Windows\system32\DRIVERS\vna.sys --> C:\Windows\system32\DRIVERS\vna.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 dleeCATSCustConnectService;dleeCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleeserv.exe [2010-10-7 33448]
    S2 lxedCATSCustConnectService;lxedCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxedserv.exe [2010-12-24 45736]
    S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
    S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-8-12 164200]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-8-31 30192]
    S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
    S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-8-12 75112]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 VSPerfDrv90;Performance Tools Driver 9.0;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-9-4 71024]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 61976]
    S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
    .
    =============== Created Last 30 ================
    .
    2011-12-20 19:42:14 -------- d-----w- C:\MGlogs
    2011-12-20 19:37:03 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-12-20 18:57:20 -------- d-----w- C:\MGtools
    2011-12-20 18:27:26 98816 ----a-w- C:\Windows\sed.exe
    2011-12-20 18:27:26 518144 ----a-w- C:\Windows\SWREG.exe
    2011-12-20 18:27:26 256000 ----a-w- C:\Windows\PEV.exe
    2011-12-20 18:27:26 208896 ----a-w- C:\Windows\MBR.exe
    2011-12-20 18:19:43 2442533 ----a-w- C:\MGtools.exe
    2011-12-20 18:00:30 -------- d-----w- C:\Program Files (x86)\Cisco
    2011-12-19 23:06:07 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
    2011-12-19 23:06:01 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
    2011-12-19 23:05:57 -------- d-----w- C:\Program Files\Oracle
    2011-12-19 21:55:54 -------- d-----w- C:\Users\Carly.Kaufman\VirtualBox VMs
    2011-12-19 21:48:08 -------- d-----w- C:\Users\Carly.Kaufman\.VirtualBox
    2011-12-16 23:17:16 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2011-12-16 22:07:12 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Roaming\SUPERAntiSpyware.com
    2011-12-16 22:07:12 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2011-12-16 22:06:20 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Roaming\Malwarebytes
    2011-12-16 22:05:59 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-12-16 22:05:55 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-12-16 22:05:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-12-15 22:25:26 -------- d-----w- C:\ProgramData\Xerox
    2011-12-15 03:26:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2011-12-15 03:15:36 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-12-15 03:15:34 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2011-12-15 03:15:34 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-12-15 03:15:21 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-12-15 03:15:21 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-12-13 18:19:42 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Roaming\C2PublicFoldersSyncAddin
    2011-12-13 18:16:56 -------- d-----w- C:\Program Files (x86)\CodeTwo
    2011-12-12 21:11:05 -------- d-----w- C:\Users\Carly.Kaufman\Lync Recordings
    2011-12-12 21:03:39 -------- d-----w- C:\Program Files\Microsoft Lync
    2011-12-12 21:03:35 -------- d-----w- C:\Program Files (x86)\Microsoft Lync
    2011-12-12 21:02:57 -------- d-----w- C:\Users\Carly.Kaufman\Tracing
    2011-12-12 21:02:57 -------- d-----w- C:\Program Files (x86)\OCSetup
    2011-12-07 19:38:30 -------- d-----w- C:\Program Files (x86)\Common Files\Cisco Systems
    2011-12-07 19:19:02 58432 ----a-r- C:\Windows\System32\CdpNotify.dll
    2011-12-07 19:19:02 29248 ----a-r- C:\Windows\System32\drivers\Ndiscdp.sys
    2011-12-07 18:07:40 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Roaming\Cisco
    2011-12-07 18:00:25 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Local\Downloaded Installations
    2011-12-07 17:51:00 -------- d-----w- C:\Program Files (x86)\Yammer
    2011-12-05 00:11:33 -------- d-----w- C:\ProgramData\VS
    2011-12-04 23:39:45 -------- d-----w- C:\Windows\System32\SPReview
    2011-12-04 23:38:34 -------- d-----w- C:\Windows\System32\EventProviders
    2011-12-04 23:35:16 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2011-12-04 23:35:16 109416 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2011-12-04 23:31:00 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQLSERVER-sqlctr10.3.5500.0.dll
    2011-12-04 23:31:00 109416 ----a-w- C:\Windows\System32\perf-MSSQLSERVER-sqlctr10.3.5500.0.dll
    .
    ==================== Find3M ====================
    .
    2011-12-20 18:45:45 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2011-12-20 18:10:40 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-12-05 07:45:30 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-12-05 07:45:29 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-11-04 19:37:00 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
    2011-11-04 19:37:00 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
    2011-11-04 19:36:58 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
    2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-09-23 04:07:34 105832 ----a-w- C:\Windows\System32\SQSRVRES.DLL
    2011-09-23 04:06:04 3171176 ----a-w- C:\Windows\System32\sqlncli10.dll
    2011-09-23 04:01:54 312168 ----a-w- C:\Windows\System32\drivers\RsFx0104.sys
    2011-09-23 04:01:54 311144 ----a-w- C:\Windows\System32\drivers\RsFx0105.sys
    2011-09-23 03:09:36 42344 ----a-w- C:\Windows\System32\DTSPipelinePerf100.dll
    2011-09-23 00:18:58 2570088 ----a-w- C:\Windows\SysWow64\sqlncli10.dll
    2011-09-22 22:42:48 32616 ----a-w- C:\Windows\SysWow64\DTSPipelinePerf100.dll
    2006-02-05 03:46:06 679936 ----a-w- C:\Program Files (x86)\Crm Trace Log Viewer.exe
    .
    ============= FINISH: 13:58:41.89 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================================

    Attach.txt part of DDS is missing so post that.

    Then....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. carlyk

    carlyk TS Rookie Topic Starter

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Enterprise
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/9/2010 1:02:57 PM
    System Uptime: 12/20/2011 1:07:12 PM (0 hours ago)
    .
    Motherboard: LENOVO | | 406235U
    Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz | None | 2128/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 148 GiB total, 15.347 GiB free.
    D: is FIXED (NTFS) - 1 GiB total, 0.957 GiB free.
    E: is FIXED (NTFS) - 112 GiB total, 51.142 GiB free.
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_20C917AA&REV_11\4&1E9DBD12&0&03F0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_20C917AA&REV_11\4&1E9DBD12&0&03F0
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0002
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0002
    Service: vpnva
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Bluetooth Device (Personal Area Network)
    Device ID: BTH\MS_BTHPAN\6&B88B683&0&2
    Manufacturer: Microsoft
    Name: Bluetooth Device (Personal Area Network)
    PNP Device ID: BTH\MS_BTHPAN\6&B88B683&0&2
    Service: BthPan
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: Bluetooth Hands-free Audio
    Device ID: BTHENUM\{24DF01A9-3E4F-4C9F-9F66-5AA8AB14F8F4}_LOCALMFG&0000\7&63DB509&0&000000000000_00000000
    Manufacturer: Broadcom
    Name: Bluetooth Hands-free Audio
    PNP Device ID: BTHENUM\{24DF01A9-3E4F-4C9F-9F66-5AA8AB14F8F4}_LOCALMFG&0000\7&63DB509&0&000000000000_00000000
    Service: btwaudio
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_20CA17AA&REV_11\4&1E9DBD12&0&04F0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_20CA17AA&REV_11\4&1E9DBD12&0&04F0
    Service:
    .
    Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
    Description: Bluetooth L2CAP Interface
    Device ID: BTHENUM\{6E0C8F4C-D928-4852-B6B2-F0F0E0D126FA}_LOCALMFG&0000\7&63DB509&0&000000000000_00000000
    Manufacturer: Broadcom Corp.
    Name: Bluetooth L2CAP Interface
    PNP Device ID: BTHENUM\{6E0C8F4C-D928-4852-B6B2-F0F0E0D126FA}_LOCALMFG&0000\7&63DB509&0&000000000000_00000000
    Service: btwl2cap
    .
    Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Description: Bluetooth Remote Control
    Device ID: BTHENUM\{84A1E9B8-12BA-4A9C-8AB0-A43784E0D149}_LOCALMFG&0000\7&63DB509&0&000000000000_00000000
    Manufacturer: Broadcom
    Name: Bluetooth Remote Control
    PNP Device ID: BTHENUM\{84A1E9B8-12BA-4A9C-8AB0-A43784E0D149}_LOCALMFG&0000\7&63DB509&0&000000000000_00000000
    Service: btwrchid
    .
    ==== System Restore Points ===================
    .
    RP272: 12/20/2011 11:00:18 AM - Installed Cisco AnyConnect VPN Client
    RP273: 12/20/2011 11:07:40 AM - Removed Java(TM) 6 Update 22
    RP274: 12/20/2011 11:10:24 AM - Installed Java(TM) 6 Update 30
    RP275: 12/20/2011 11:13:47 AM - Removed harmon.ie for SharePoint
    RP276: 12/20/2011 11:14:36 AM - Removed EasyTether
    RP277: 12/20/2011 11:15:12 AM - Removed Picaboo X
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.6
    AnkhSVN 2.1.8420.8
    Apple Application Support
    Apple Software Update
    AVG 9.0
    Balsamiq Mockups For Desktop
    BI Documenter
    BIDS Helper 2008 1.4.3.0
    Check Point SSL Network Extender
    Cisco AnyConnect VPN Client
    Cisco Unified Personal Communicator
    CodeTwo FolderSync Addin
    Crystal Reports Basic for Visual Studio 2008
    Crystal Reports for Visual Studio
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Doro 1.35
    Dotfuscator Software Services - Community Edition
    Dropbox
    eReg
    FHTM.RSPro.Reports.Template
    Google Desktop
    Google Talk (remove only)
    Google Talk Plugin
    GoToMeeting 4.8.0.723
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2522890)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
    Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB2538241)
    Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB971092)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    Java Auto Updater
    Java(TM) 6 Update 30
    JGoodies JDiskReport 1.3.2
    K-Lite Codec Pack 4.0.0 (Full)
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Document Explorer 2008
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Project 2007 Service Pack 2 (SP2)
    Microsoft Office Project MUI (English) 2007
    Microsoft Office Project MUI (English) 2010
    Microsoft Office Project Professional 2007
    Microsoft Office Project Professional 2010
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Visio 2007 Service Pack 2 (SP2)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2010
    Microsoft Project Professional 2010
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (CRM)
    Microsoft SQL Server 2008 Books Online (English)
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Policies
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP1 Query Tools English
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Database Publishing Wizard 1.3
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server System CLR Types
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
    Microsoft Visual Studio 2008 Team Explorer - ENU
    Microsoft Visual Studio 2008 Team Explorer - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Professional - ENU
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio Macro Tools
    Microsoft Visual Studio Team System 2008 Development Edition - ENU
    Microsoft Visual Studio Team System 2008 Development Edition - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Web Authoring Component
    Move Media Player
    Mozilla Firefox 8.0.1 (x86 en-US)
    MSVCRT
    No-IP DUC
    Notepad++
    NotesLink
    Pandora
    Picasa 3
    QuickTime
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio 2007 (KB2553010)
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB2251487)
    Security Update for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB972222)
    Skype™ 5.0
    SQL Anywhere Studio 9, Documentation
    SQL Anywhere Studio 9, Software
    SQL Pretty Printer for SQL Server Management Studio
    Sybase InfoMaker 10.5
    ThinkPad Power Manager
    Trillian
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office Project 2007 Help (KB957248)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Visio 2007 Help (KB957251)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    Update for Microsoft Visual Studio 2008 Team Explorer - ENU (KB974558)
    Update for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB974558)
    Update for Microsoft Visual Studio Web Authoring Component (KB945140)
    VBoxHeadlessTray
    VC Runtimes MSI
    Visual C++ 2008 IA64 Runtime - (v9.0.30729)
    Visual C++ 2008 IA64 Runtime - v9.0.30729.01
    Visual C++ 2008 x64 Runtime - (v9.0.30729)
    Visual C++ 2008 x64 Runtime - v9.0.30729.01
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
    Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 2008 x86 Runtime - v9.0.30729.4148
    Visual C++ 2008 x86 Runtime - v9.0.30729.6161
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    Visual Studio Tools for the Office system 3.0 Runtime
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
    WCF RIA Services V1.0 SP1
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    Wisdom-soft Set up ScreenHunter 5.1 Free
    XML Notepad 2007
    Yammer
    Your Uninstaller! 2010
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/20/2011 12:38:48 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    12/20/2011 11:43:41 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    12/20/2011 11:41:00 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    12/20/2011 10:47:23 AM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
    12/20/2011 10:47:23 AM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/20/2011 10:36:10 AM, Error: Service Control Manager [7030] - The Cisco AnyConnect VPN Agent service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    12/20/2011 1:15:45 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
    12/20/2011 1:12:34 PM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
    12/20/2011 1:12:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    12/20/2011 1:11:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    12/20/2011 1:10:46 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
    12/20/2011 1:10:35 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    12/20/2011 1:10:15 PM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
    12/20/2011 1:09:14 PM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the lxedCATSCustConnectService service to connect.
    12/20/2011 1:09:14 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    12/20/2011 1:09:14 PM, Error: Service Control Manager [7000] - The lxedCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/20/2011 1:08:58 PM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the dleeCATSCustConnectService service to connect.
    12/20/2011 1:08:58 PM, Error: Service Control Manager [7000] - The dleeCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/20/2011 1:08:55 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
    12/20/2011 1:08:54 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    12/20/2011 1:08:51 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain PARIVEDA due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    12/20/2011 1:08:04 PM, Error: amdkmdag [52236] - CPLIB :: General - Invalid Parameter
    12/20/2011 1:08:04 PM, Error: amdkmdag [43029] - Display is not active
    12/19/2011 3:43:03 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    12/19/2011 3:35:43 PM, Error: Service Control Manager [7024] - The SQL Server (CRM) service terminated with service-specific error The specified resource name cannot be found in the image file..
    12/19/2011 3:04:40 PM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the SQL Server VSS Writer service to connect.
    12/19/2011 3:04:40 PM, Error: Service Control Manager [7001] - The Intel(R) Matrix Storage Event Monitor service depends on the Windows Management Instrumentation service which failed to start because of the following error: The system cannot find the path specified.
    12/19/2011 3:04:40 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The system cannot find the path specified.
    12/19/2011 3:04:40 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The system cannot find the path specified.
    12/19/2011 3:04:40 PM, Error: Service Control Manager [7000] - The UltraMon Utility Driver service failed to start due to the following error: The media is write protected.
    12/19/2011 3:04:40 PM, Error: Service Control Manager [7000] - The TCP/IP Registry Compatibility service failed to start due to the following error: The media is write protected.
    12/19/2011 3:04:40 PM, Error: Service Control Manager [7000] - The SQL Server VSS Writer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/19/2011 3:04:40 PM, Error: Service Control Manager [7000] - The Remote Desktop Services service failed to start due to the following error: The system cannot find the path specified.
    12/19/2011 3:04:40 PM, Error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The system cannot find the path specified.
    12/19/2011 3:04:40 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The system cannot find the path specified.
    12/19/2011 3:04:37 PM, Error: Service Control Manager [7038] - The SQLBrowser service was unable to log on as NT AUTHORITY\LOCAL SERVICE with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/19/2011 3:04:37 PM, Error: Service Control Manager [7038] - The ReportServer service was unable to log on as NT AUTHORITY\NETWORK SERVICE with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/19/2011 3:04:37 PM, Error: Service Control Manager [7038] - The RemoteRegistry service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/19/2011 3:04:37 PM, Error: Service Control Manager [7038] - The Pml Driver HPZ12 service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/19/2011 3:04:37 PM, Error: Service Control Manager [7001] - The SQL Server Agent (MSSQLSERVER) service depends on the SQL Server (MSSQLSERVER) service which failed to start because of the following error: The service did not start due to a logon failure.
    12/19/2011 3:04:37 PM, Error: Service Control Manager [7000] - The SQL Server Reporting Services (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
    12/19/2011 3:04:37 PM, Error: Service Control Manager [7000] - The SQL Server Browser service failed to start due to the following error: The service did not start due to a logon failure.
    12/19/2011 3:04:37 PM, Error: Service Control Manager [7000] - The Remote Registry service failed to start due to the following error: The service did not start due to a logon failure.
    12/19/2011 3:04:37 PM, Error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not start due to a logon failure.
    12/19/2011 3:04:35 PM, Error: Service Control Manager [7038] - The NlaSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/19/2011 3:04:35 PM, Error: Service Control Manager [7038] - The MSSQLServerOLAPService service was unable to log on as NT AUTHORITY\NETWORK SERVICE with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/19/2011 3:04:35 PM, Error: Service Control Manager [7038] - The MSSQLSERVER service was unable to log on as NT AUTHORITY\NETWORK SERVICE with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/19/2011 3:04:35 PM, Error: Service Control Manager [7038] - The MSSQL$SQLEXPRESS service was unable to log on as NT AUTHORITY\NETWORK SERVICE with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/19/2011 3:04:35 PM, Error: Service Control Manager [7038] - The MSSQL$CRM service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/19/2011 3:04:35 PM, Error: Service Control Manager [7000] - The SQL Server Analysis Services (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
    12/19/2011 3:04:35 PM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not start due to a logon failure.
    12/19/2011 3:04:35 PM, Error: Service Control Manager [7000] - The SQL Server (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
    12/19/2011 3:04:35 PM, Error: Service Control Manager [7000] - The SQL Server (CRM) service failed to start due to the following error: The service did not start due to a logon failure.
    12/19/2011 3:04:35 PM, Error: Service Control Manager [7000] - The Program Compatibility Assistant Service service failed to start due to the following error: A system shutdown is in progress.
    12/19/2011 3:04:35 PM, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The service did not start due to a logon failure.
    12/19/2011 3:04:35 PM, Error: Service Control Manager [7000] - The Microsoft Online Services Sign-in Assistant service failed to start due to the following error: The pipe has been ended.
    12/19/2011 3:04:34 PM, Error: Service Control Manager [7038] - The MsDtsServer100 service was unable to log on as NT AUTHORITY\NETWORK SERVICE with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/19/2011 3:04:34 PM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the lxed_device service to connect.
    12/19/2011 3:04:34 PM, Error: Service Control Manager [7000] - The SQL Server Integration Services 10.0 service failed to start due to the following error: The service did not start due to a logon failure.
    12/19/2011 3:04:34 PM, Error: Service Control Manager [7000] - The lxed_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/19/2011 3:04:33 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The pipe has been ended.
    12/19/2011 3:04:27 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    12/15/2011 1:33:11 PM, Error: Service Control Manager [7011] - A timeout (60000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    12/14/2011 9:41:51 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    .
    ==== End Of File ===========================
     
  4. carlyk

    carlyk TS Rookie Topic Starter

    askMBR

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-20 20:41:05
    -----------------------------
    20:41:05.348 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:41:05.348 Number of processors: 2 586 0x170A
    20:41:05.350 ComputerName: CKAUFMANDAL3 UserName:
    20:41:07.377 Initialize success
    20:42:01.460 AVAST engine defs: 11122001
    20:43:23.060 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    20:43:23.071 Disk 0 Vendor: ST916082 3.CM Size: 152627MB BusType: 3
    20:43:23.077 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
    20:43:23.084 Disk 1 Vendor: Corsair_ 1.0_ Size: 114473MB BusType: 3
    20:43:23.098 Disk 0 MBR read successfully
    20:43:23.105 Disk 0 MBR scan
    20:43:23.121 Disk 0 Windows 7 default MBR code
    20:43:23.130 Service scanning
    20:43:24.941 Modules scanning
    20:43:24.953 Disk 0 trace - called modules:
    20:43:25.013 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    20:43:25.023 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008d82760]
    20:43:25.034 3 CLASSPNP.SYS[fffff88001b8543f] -> nt!IofCallDriver -> [0xfffffa8007c85040]
    20:43:25.050 5 ACPI.sys[fffff88000f1e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007c86050]
    20:43:26.597 AVAST engine scan C:\Windows
    20:43:31.030 AVAST engine scan C:\Windows\system32
    20:43:50.255 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
    20:46:34.208 AVAST engine scan C:\Windows\system32\drivers
    20:46:53.852 AVAST engine scan C:\Users\Carly.Kaufman
    20:57:03.968 AVAST engine scan C:\ProgramData
    20:58:17.454 Disk 0 MBR has been saved successfully to "C:\Users\Carly.Kaufman\Desktop\logs\MBR.dat"
    20:58:17.457 The log file has been saved successfully to "C:\Users\Carly.Kaufman\Desktop\logs\aswMBR.txt"
     
  5. carlyk

    carlyk TS Rookie Topic Starter

    ComboFix Log

    ComboFix 11-12-20.04 - carly.kaufman 12/20/2011 21:51:21.1.2 - x64
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8088.6198 [GMT -7:00]
    Running from: c:\users\Carly.Kaufman\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-21 05:04 . 2011-12-21 05:04 -------- d-----w- c:\users\MultiWindow\AppData\Local\temp
    2011-12-21 05:04 . 2011-12-21 05:04 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-20 19:42 . 2011-12-20 19:42 -------- d-----w- C:\MGlogs
    2011-12-20 18:57 . 2011-12-20 19:40 -------- d-----w- C:\MGtools
    2011-12-20 18:11 . 2011-12-20 18:11 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-12-20 18:00 . 2011-12-20 18:00 -------- d-----w- c:\program files (x86)\Cisco
    2011-12-19 23:06 . 2011-11-04 19:37 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
    2011-12-19 23:06 . 2011-11-04 19:37 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2011-12-19 23:05 . 2011-12-19 23:05 -------- d-----w- c:\program files\Oracle
    2011-12-19 21:55 . 2011-12-19 23:08 -------- d-----w- c:\users\Carly.Kaufman\VirtualBox VMs
    2011-12-19 21:48 . 2011-12-20 17:40 -------- d-----w- c:\users\Carly.Kaufman\.VirtualBox
    2011-12-16 23:17 . 2011-12-16 23:17 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-12-16 22:07 . 2011-12-16 22:07 -------- d-----w- c:\users\Carly.Kaufman\AppData\Roaming\SUPERAntiSpyware.com
    2011-12-16 22:07 . 2011-12-16 22:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-12-16 22:06 . 2011-12-16 22:06 -------- d-----w- c:\users\Carly.Kaufman\AppData\Roaming\Malwarebytes
    2011-12-16 22:05 . 2011-12-16 22:05 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-16 22:05 . 2011-12-20 20:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-12-16 22:05 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-15 22:25 . 2011-12-15 22:25 -------- d-----w- c:\programdata\Xerox
    2011-12-15 03:26 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-15 03:15 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 03:15 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 03:15 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-12-15 03:15 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-15 03:15 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-12-13 18:19 . 2011-12-13 18:19 -------- d-----w- c:\users\Carly.Kaufman\AppData\Roaming\C2PublicFoldersSyncAddin
    2011-12-13 18:16 . 2011-12-13 18:16 -------- d-----w- c:\program files (x86)\CodeTwo
    2011-12-12 21:11 . 2011-12-12 21:11 -------- d-----w- c:\users\Carly.Kaufman\Lync Recordings
    2011-12-12 21:03 . 2011-12-12 21:03 -------- d-----w- c:\program files\Microsoft Lync
    2011-12-12 21:03 . 2011-12-12 21:03 -------- d-----w- c:\program files (x86)\Microsoft Lync
    2011-12-12 21:02 . 2011-12-21 04:45 -------- d-----w- c:\users\Carly.Kaufman\Tracing
    2011-12-12 21:02 . 2011-12-12 21:02 -------- d-----w- c:\program files (x86)\OCSetup
    2011-12-07 19:38 . 2011-12-07 19:38 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems
    2011-12-07 19:19 . 2010-12-17 16:47 29248 ----a-r- c:\windows\system32\drivers\Ndiscdp.sys
    2011-12-07 19:19 . 2010-12-17 16:47 58432 ----a-r- c:\windows\system32\CdpNotify.dll
    2011-12-07 18:07 . 2011-12-07 18:07 -------- d-----w- c:\users\Carly.Kaufman\AppData\Roaming\Cisco
    2011-12-07 18:00 . 2011-12-07 18:00 -------- d-----w- c:\users\Carly.Kaufman\AppData\Local\Downloaded Installations
    2011-12-07 17:51 . 2011-12-07 17:51 -------- d-----w- c:\program files (x86)\Yammer
    2011-12-05 00:11 . 2011-12-05 00:11 -------- d-----w- c:\programdata\VS
    2011-12-04 23:39 . 2011-12-04 23:39 -------- d-----w- c:\windows\system32\SPReview
    2011-12-04 23:38 . 2011-12-04 23:38 -------- d-----w- c:\windows\system32\EventProviders
    2011-12-04 23:35 . 2011-09-23 04:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2011-12-04 23:35 . 2011-09-23 00:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2011-12-04 23:31 . 2011-09-23 04:06 109416 ----a-w- c:\windows\system32\perf-MSSQLSERVER-sqlctr10.3.5500.0.dll
    2011-12-04 23:31 . 2011-09-23 00:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQLSERVER-sqlctr10.3.5500.0.dll
    2011-12-04 23:17 . 2011-12-04 23:17 -------- d-----w- c:\program files\Microsoft.NET
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-20 19:40 . 2011-12-20 18:57 400445 ----a-w- C:\MGlogs.zip
    2011-12-20 18:45 . 2010-08-13 15:17 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2011-12-20 18:10 . 2010-09-17 00:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-12-12 21:05 . 2010-07-20 12:09 17816 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
    2011-12-06 07:00 . 2010-11-19 16:23 5115104 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2011-12-05 07:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-12-05 07:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-11-04 19:37 . 2011-11-04 19:37 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
    2011-11-04 19:37 . 2011-11-04 19:37 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
    2011-11-04 19:36 . 2011-11-04 19:36 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
    2011-09-29 16:29 . 2011-11-11 04:20 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-09-23 04:07 . 2010-08-16 21:28 105832 ----a-w- c:\windows\system32\SQSRVRES.DLL
    2011-09-23 04:06 . 2011-09-23 04:06 3171176 ----a-w- c:\windows\system32\sqlncli10.dll
    2011-09-23 04:01 . 2011-09-23 04:01 312168 ----a-w- c:\windows\system32\drivers\RsFx0104.sys
    2011-09-23 04:01 . 2011-09-23 04:01 311144 ----a-w- c:\windows\system32\drivers\RsFx0105.sys
    2011-09-23 03:09 . 2011-09-23 03:09 42344 ----a-w- c:\windows\system32\DTSPipelinePerf100.dll
    2011-09-23 00:18 . 2011-09-23 00:18 2570088 ----a-w- c:\windows\SysWow64\sqlncli10.dll
    2011-09-22 22:42 . 2011-09-22 22:42 32616 ----a-w- c:\windows\SysWow64\DTSPipelinePerf100.dll
    2006-02-05 03:46 . 2010-10-06 19:34 679936 ----a-w- c:\program files (x86)\Crm Trace Log Viewer.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DBISQL9"="c:\program files (x86)\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" [2005-04-21 135168]
    "SybaseCentral43"="c:\program files (x86)\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" [2005-04-01 102400]
    "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
    "Cisco Unified Personal Communicator"="c:\program files (x86)\Cisco Systems\Unified Personal Communicator\CUPC.exe" [2010-10-08 4485968]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-05-12 1128296]
    "DoroServer"="c:\program files (x86)\DoroPDFWriter\DoroServer.exe" [2006-12-30 106496]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "MSCRM"="c:\program files (x86)\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" [2010-10-08 58216]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2011-11-16 12065056]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\users\Carly.Kaufman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
    Yammer.lnk - c:\program files (x86)\Yammer\Yammer.exe [2011-12-7 142336]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    MozyPro Status.lnk - c:\program files\MozyPro\mozyprostat.exe [2011-2-8 4874040]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe [2010-01-07 33448]
    R2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe [2010-04-14 45736]
    R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-05-12 164200]
    R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-01 30192]
    R3 HtcUsbMdmV64;HTC Proprietary USB Driver;c:\windows\system32\DRIVERS\HtcUsbMdmV64.sys [x]
    R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys [x]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-05-12 75112]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-09-04 71024]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976]
    R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
    S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
    S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [x]
    S1 mozyproFilter;mozyproFilter;c:\windows\system32\DRIVERS\mozypro.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 cpextender;Check Point SSL Network Extender;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [2009-11-03 353672]
    S2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe [2010-01-07 1052328]
    S2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe [2010-04-14 1052328]
    S2 mozyprobackup;MozyPro Backup Service;c:\program files\MozyPro\mozyprobackup.exe [2009-05-04 79672]
    S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-09-23 210792]
    S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-08-17 2024864]
    S2 MSSQL$CRM;SQL Server (CRM);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
    S2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;c:\windows\system32\DRIVERS\ndiscdp.sys [x]
    S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-09-23 2084712]
    S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-08-16 592120]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
    S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
    S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1722649934-543905925-1528377701-1142Core.job
    - c:\users\Carly.Kaufman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-16 03:25]
    .
    2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1722649934-543905925-1528377701-1142UA.job
    - c:\users\Carly.Kaufman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-16 03:25]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro]
    @="{71B8CED8-5D67-4f57-89B1-F64CE6302A1E}"
    [HKEY_CLASSES_ROOT\CLSID\{71B8CED8-5D67-4f57-89B1-F64CE6302A1E}]
    2011-02-08 20:21 4368184 ----a-w- c:\program files\MozyPro\mozyproshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro2]
    @="{CBAFE103-79DA-46ca-BD9A-63CBF6282882}"
    [HKEY_CLASSES_ROOT\CLSID\{CBAFE103-79DA-46ca-BD9A-63CBF6282882}]
    2011-02-08 20:21 4368184 ----a-w- c:\program files\MozyPro\mozyproshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro3]
    @="{8B99EA55-1AFF-4539-80A0-A71C6011CD84}"
    [HKEY_CLASSES_ROOT\CLSID\{8B99EA55-1AFF-4539-80A0-A71C6011CD84}]
    2011-02-08 20:21 4368184 ----a-w- c:\program files\MozyPro\mozyproshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
    "IaNvSrv"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-22 387608]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-22 365592]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://mail.google.com/mail/u/0/?hl=en&shva=1#inbox
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: C&all - c:\program files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-call.htm
    IE: Call with &Edit... - c:\program files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-edit-and-call.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: google.com\mail
    TCP: DhcpNameServer = 192.168.1.1
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    DPF: {0FACC666-E038-43FF-B1A5-064FFB536934} - hxxp://tenrox.parivedasolutions.com/TEnterprise/Download/Upload.CAB
    DPF: {3E059DAB-6894-435C-B758-2977F014D734} - hxxp://tenrox.parivedasolutions.com/TEnterprise/download/TClientProc.CAB
    DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://parivedasolutions1.crm.dynamics.com/Reserved.ReportViewerWebControl.axd?ReportSession=xpe1eyvg1jfezaq0itsw4l55&ControlID=acbad67086914735b69b25b12c58522b&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
    DPF: {9CF0560E-8FDC-45DB-8FBB-E7C9AE50BCE9} - hxxp://tenrox.parivedasolutions.com/TEnterprise/Download/TWorkflowMapX.cab
    FF - ProfilePath - c:\users\Carly.Kaufman\AppData\Roaming\Mozilla\Firefox\Profiles\cgdwdqir.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&t=0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-12-20 22:08:11
    ComboFix-quarantined-files.txt 2011-12-21 05:08
    ComboFix2.txt 2011-12-20 18:48
    .
    Pre-Run: 18,413,740,032 bytes free
    Post-Run: 18,352,128,000 bytes free
    .
    - - End Of File - - 8D3D4F43DBA5C9FFE27121CC9629EAF2
     
  6. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Except for the initial MBAM log I don't see anything malicious.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
     
  7. carlyk

    carlyk TS Rookie Topic Starter

    Thanks for your help

     
  8. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    You're very welcome [​IMG]
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...