This error just started happening and I believe it's due to some malware I picked up the other day. I thought I properly removed it. Here are my logs:
Malware
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8404
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
12/20/2011 1:06:14 PM
mbam-log-2011-12-20 (13-06-14).txt
Scan type: Quick scan
Objects scanned: 199185
Time elapsed: 3 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\carly.kaufman\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
GMER
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-20 13:57:27
Windows 6.1.7601 Service Pack 1
Running: yuekg61g.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002268e4a24d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c60768b2c95
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002268e4a24d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c60768b2c95 (not active ControlSet)
---- Files - GMER 1.0.15 ----
File C:\Windows\temp\7e06d6e2-37fb-467d-9228-9b8fb85d7f9a.tmp 0 bytes
File C:\Windows\temp\5f42564b-8969-4a38-91ac-590a7e7f9189.tmp 0 bytes
File C:\Windows\temp\b209c5bf-f6d1-41eb-9aa9-5920f9d05324.tmp 0 bytes
---- EOF - GMER 1.0.15 ----
DDS
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by carly.kaufman at 13:57:46 on 2011-12-20
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8088.5394 [GMT -7:00]
.
AV: AVG Anti-Virus Network Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Network Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Windows\system32\dleecoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lxedcoms.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
C:\Windows\system32\conhost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
C:\Program Files (x86)\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\MozyPro\mozyprostat.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://mail.google.com/mail/u/0/?hl=en&shva=1#inbox
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [DBISQL9] "C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload
uRun: [SybaseCentral43] "C:\Program Files (x86)\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Cisco Unified Personal Communicator] "C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\CUPC.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [MSCRM] "C:\Program Files (x86)\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" /uninstallpst /uninstallabp /deactivateaddin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\CARLY~1.KAU\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\CARLY~1.KAU\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\CARLY~1.KAU\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Yammer.lnk - C:\Program Files (x86)\Yammer\Yammer.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYPR~1.LNK - C:\Program Files (x86)\MozyPro\mozyprostat.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: C&all - C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-call.htm
IE: Call with &Edit... - C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-edit-and-call.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: google.com\mail
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {0FACC666-E038-43FF-B1A5-064FFB536934} - hxxp://tenrox.parivedasolutions.com/TEnterprise/Download/Upload.CAB
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://tenrox.parivedasolutions.com/TEnterprise/download/ScriptX.cab
DPF: {3E059DAB-6894-435C-B758-2977F014D734} - hxxp://tenrox.parivedasolutions.com/TEnterprise/download/TClientProc.CAB
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://parivedasolutions1.crm.dynamics.com/Reserved.ReportViewerWebControl.axd?ReportSession=xpe1eyvg1jfezaq0itsw4l55&ControlID=acbad67086914735b69b25b12c58522b&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {9CF0560E-8FDC-45DB-8FBB-E7C9AE50BCE9} - hxxp://tenrox.parivedasolutions.com/TEnterprise/Download/TWorkflowMapX.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68}\051627B614675623 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68}\361627C69716E64627F69646 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68}\47964716E69657D6 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68}\775656E69637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AB1BB9B7-1BEE-407B-8ADD-A6EB1BB3E60D} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\0716274616C6 : DhcpNameServer = 192.168.100.150 10.10.19.41
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\2375942554133353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\255637964656E63656F594E6E6 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\261687475627D646 : DhcpNameServer = 4.2.2.3 4.2.2.5 4.2.2.1
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\47964716E69657D6 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\E4F414D4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\F46756274627966756D2931314 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\GOOGLE\GOOGLE~1\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO-X64: Lync add-on BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [MSCRM] "C:\Program Files (x86)\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" /uninstallpst /uninstallabp /deactivateaddin
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\PROGRA~2\GOOGLE\GOOGLE~1\GO36F4~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Carly.Kaufman\AppData\Roaming\Mozilla\Firefox\Profiles\cgdwdqir.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&t=0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Carly.Kaufman\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Carly.Kaufman\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
FF - plugin: C:\Users\Carly.Kaufman\AppData\Roaming\Mozilla\Firefox\Profiles\cgdwdqir.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\Carly.Kaufman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Carly.Kaufman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?]
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 iaNvStor;Intel(R) Turbo Memory Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys --> C:\Windows\system32\DRIVERS\iaNvStor.sys [?]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R1 mozyproFilter;mozyproFilter;C:\Windows\system32\DRIVERS\mozypro.sys --> C:\Windows\system32\DRIVERS\mozypro.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2011-3-28 308136]
R2 cpextender;Check Point SSL Network Extender;C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [2009-11-2 353672]
R2 dlee_device;dlee_device;C:\Windows\system32\dleecoms.exe -service --> C:\Windows\system32\dleecoms.exe -service [?]
R2 lxed_device;lxed_device;C:\Windows\system32\lxedcoms.exe -service --> C:\Windows\system32\lxedcoms.exe -service [?]
R2 mozyprobackup;MozyPro Backup Service;C:\Program Files\MozyPro\mozyprobackup.exe [2009-5-4 79672]
R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-9-22 210792]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-8-17 2024864]
R2 MSSQL$CRM;SQL Server (CRM);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-2-10 29178224]
R2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;C:\Windows\system32\DRIVERS\ndiscdp.sys --> C:\Windows\system32\DRIVERS\ndiscdp.sys [?]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-9-22 2084712]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-8-16 592120]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
R3 VNA;Check Point Virtual Network Adapter;C:\Windows\system32\DRIVERS\vna.sys --> C:\Windows\system32\DRIVERS\vna.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dleeCATSCustConnectService;dleeCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleeserv.exe [2010-10-7 33448]
S2 lxedCATSCustConnectService;lxedCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxedserv.exe [2010-12-24 45736]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-8-12 164200]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-8-31 30192]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-8-12 75112]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv90;Performance Tools Driver 9.0;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-9-4 71024]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== Created Last 30 ================
.
2011-12-20 19:42:14 -------- d-----w- C:\MGlogs
2011-12-20 19:37:03 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-20 18:57:20 -------- d-----w- C:\MGtools
2011-12-20 18:27:26 98816 ----a-w- C:\Windows\sed.exe
2011-12-20 18:27:26 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-20 18:27:26 256000 ----a-w- C:\Windows\PEV.exe
2011-12-20 18:27:26 208896 ----a-w- C:\Windows\MBR.exe
2011-12-20 18:19:43 2442533 ----a-w- C:\MGtools.exe
2011-12-20 18:00:30 -------- d-----w- C:\Program Files (x86)\Cisco
2011-12-19 23:06:07 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-12-19 23:06:01 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-12-19 23:05:57 -------- d-----w- C:\Program Files\Oracle
2011-12-19 21:55:54 -------- d-----w- C:\Users\Carly.Kaufman\VirtualBox VMs
2011-12-19 21:48:08 -------- d-----w- C:\Users\Carly.Kaufman\.VirtualBox
2011-12-16 23:17:16 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-16 22:07:12 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Roaming\SUPERAntiSpyware.com
2011-12-16 22:07:12 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-16 22:06:20 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Roaming\Malwarebytes
2011-12-16 22:05:59 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-16 22:05:55 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-16 22:05:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-15 22:25:26 -------- d-----w- C:\ProgramData\Xerox
2011-12-15 03:26:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 03:15:36 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 03:15:34 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 03:15:34 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 03:15:21 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 03:15:21 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-13 18:19:42 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Roaming\C2PublicFoldersSyncAddin
2011-12-13 18:16:56 -------- d-----w- C:\Program Files (x86)\CodeTwo
2011-12-12 21:11:05 -------- d-----w- C:\Users\Carly.Kaufman\Lync Recordings
2011-12-12 21:03:39 -------- d-----w- C:\Program Files\Microsoft Lync
2011-12-12 21:03:35 -------- d-----w- C:\Program Files (x86)\Microsoft Lync
2011-12-12 21:02:57 -------- d-----w- C:\Users\Carly.Kaufman\Tracing
2011-12-12 21:02:57 -------- d-----w- C:\Program Files (x86)\OCSetup
2011-12-07 19:38:30 -------- d-----w- C:\Program Files (x86)\Common Files\Cisco Systems
2011-12-07 19:19:02 58432 ----a-r- C:\Windows\System32\CdpNotify.dll
2011-12-07 19:19:02 29248 ----a-r- C:\Windows\System32\drivers\Ndiscdp.sys
2011-12-07 18:07:40 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Roaming\Cisco
2011-12-07 18:00:25 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Local\Downloaded Installations
2011-12-07 17:51:00 -------- d-----w- C:\Program Files (x86)\Yammer
2011-12-05 00:11:33 -------- d-----w- C:\ProgramData\VS
2011-12-04 23:39:45 -------- d-----w- C:\Windows\System32\SPReview
2011-12-04 23:38:34 -------- d-----w- C:\Windows\System32\EventProviders
2011-12-04 23:35:16 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2011-12-04 23:35:16 109416 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2011-12-04 23:31:00 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQLSERVER-sqlctr10.3.5500.0.dll
2011-12-04 23:31:00 109416 ----a-w- C:\Windows\System32\perf-MSSQLSERVER-sqlctr10.3.5500.0.dll
.
==================== Find3M ====================
.
2011-12-20 18:45:45 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-12-20 18:10:40 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-05 07:45:30 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-12-05 07:45:29 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-11-04 19:37:00 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-11-04 19:37:00 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-11-04 19:36:58 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-23 04:07:34 105832 ----a-w- C:\Windows\System32\SQSRVRES.DLL
2011-09-23 04:06:04 3171176 ----a-w- C:\Windows\System32\sqlncli10.dll
2011-09-23 04:01:54 312168 ----a-w- C:\Windows\System32\drivers\RsFx0104.sys
2011-09-23 04:01:54 311144 ----a-w- C:\Windows\System32\drivers\RsFx0105.sys
2011-09-23 03:09:36 42344 ----a-w- C:\Windows\System32\DTSPipelinePerf100.dll
2011-09-23 00:18:58 2570088 ----a-w- C:\Windows\SysWow64\sqlncli10.dll
2011-09-22 22:42:48 32616 ----a-w- C:\Windows\SysWow64\DTSPipelinePerf100.dll
2006-02-05 03:46:06 679936 ----a-w- C:\Program Files (x86)\Crm Trace Log Viewer.exe
.
============= FINISH: 13:58:41.89 ===============
Malware
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8404
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
12/20/2011 1:06:14 PM
mbam-log-2011-12-20 (13-06-14).txt
Scan type: Quick scan
Objects scanned: 199185
Time elapsed: 3 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\carly.kaufman\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
GMER
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-20 13:57:27
Windows 6.1.7601 Service Pack 1
Running: yuekg61g.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002268e4a24d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c60768b2c95
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002268e4a24d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c60768b2c95 (not active ControlSet)
---- Files - GMER 1.0.15 ----
File C:\Windows\temp\7e06d6e2-37fb-467d-9228-9b8fb85d7f9a.tmp 0 bytes
File C:\Windows\temp\5f42564b-8969-4a38-91ac-590a7e7f9189.tmp 0 bytes
File C:\Windows\temp\b209c5bf-f6d1-41eb-9aa9-5920f9d05324.tmp 0 bytes
---- EOF - GMER 1.0.15 ----
DDS
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by carly.kaufman at 13:57:46 on 2011-12-20
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8088.5394 [GMT -7:00]
.
AV: AVG Anti-Virus Network Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Network Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Windows\system32\dleecoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lxedcoms.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
C:\Windows\system32\conhost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
C:\Program Files (x86)\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\MozyPro\mozyprostat.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://mail.google.com/mail/u/0/?hl=en&shva=1#inbox
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [DBISQL9] "C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload
uRun: [SybaseCentral43] "C:\Program Files (x86)\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Cisco Unified Personal Communicator] "C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\CUPC.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [MSCRM] "C:\Program Files (x86)\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" /uninstallpst /uninstallabp /deactivateaddin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\CARLY~1.KAU\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Carly.Kaufman\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\CARLY~1.KAU\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\CARLY~1.KAU\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Yammer.lnk - C:\Program Files (x86)\Yammer\Yammer.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYPR~1.LNK - C:\Program Files (x86)\MozyPro\mozyprostat.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: C&all - C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-call.htm
IE: Call with &Edit... - C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-edit-and-call.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: google.com\mail
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {0FACC666-E038-43FF-B1A5-064FFB536934} - hxxp://tenrox.parivedasolutions.com/TEnterprise/Download/Upload.CAB
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://tenrox.parivedasolutions.com/TEnterprise/download/ScriptX.cab
DPF: {3E059DAB-6894-435C-B758-2977F014D734} - hxxp://tenrox.parivedasolutions.com/TEnterprise/download/TClientProc.CAB
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://parivedasolutions1.crm.dynamics.com/Reserved.ReportViewerWebControl.axd?ReportSession=xpe1eyvg1jfezaq0itsw4l55&ControlID=acbad67086914735b69b25b12c58522b&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {9CF0560E-8FDC-45DB-8FBB-E7C9AE50BCE9} - hxxp://tenrox.parivedasolutions.com/TEnterprise/Download/TWorkflowMapX.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68}\051627B614675623 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68}\361627C69716E64627F69646 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68}\47964716E69657D6 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{7C129DAC-BF01-448D-A8B5-308C60C37F68}\775656E69637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AB1BB9B7-1BEE-407B-8ADD-A6EB1BB3E60D} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\0716274616C6 : DhcpNameServer = 192.168.100.150 10.10.19.41
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\2375942554133353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\255637964656E63656F594E6E6 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\261687475627D646 : DhcpNameServer = 4.2.2.3 4.2.2.5 4.2.2.1
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\47964716E69657D6 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\E4F414D4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AB3FC9B6-2037-4864-88B7-4932E45817C9}\F46756274627966756D2931314 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\GOOGLE\GOOGLE~1\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO-X64: Lync add-on BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [MSCRM] "C:\Program Files (x86)\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" /uninstallpst /uninstallabp /deactivateaddin
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\PROGRA~2\GOOGLE\GOOGLE~1\GO36F4~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Carly.Kaufman\AppData\Roaming\Mozilla\Firefox\Profiles\cgdwdqir.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&t=0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Carly.Kaufman\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Carly.Kaufman\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
FF - plugin: C:\Users\Carly.Kaufman\AppData\Roaming\Mozilla\Firefox\Profiles\cgdwdqir.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\Carly.Kaufman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Carly.Kaufman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?]
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 iaNvStor;Intel(R) Turbo Memory Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys --> C:\Windows\system32\DRIVERS\iaNvStor.sys [?]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R1 mozyproFilter;mozyproFilter;C:\Windows\system32\DRIVERS\mozypro.sys --> C:\Windows\system32\DRIVERS\mozypro.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2011-3-28 308136]
R2 cpextender;Check Point SSL Network Extender;C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [2009-11-2 353672]
R2 dlee_device;dlee_device;C:\Windows\system32\dleecoms.exe -service --> C:\Windows\system32\dleecoms.exe -service [?]
R2 lxed_device;lxed_device;C:\Windows\system32\lxedcoms.exe -service --> C:\Windows\system32\lxedcoms.exe -service [?]
R2 mozyprobackup;MozyPro Backup Service;C:\Program Files\MozyPro\mozyprobackup.exe [2009-5-4 79672]
R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-9-22 210792]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-8-17 2024864]
R2 MSSQL$CRM;SQL Server (CRM);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-2-10 29178224]
R2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;C:\Windows\system32\DRIVERS\ndiscdp.sys --> C:\Windows\system32\DRIVERS\ndiscdp.sys [?]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-9-22 2084712]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-8-16 592120]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
R3 VNA;Check Point Virtual Network Adapter;C:\Windows\system32\DRIVERS\vna.sys --> C:\Windows\system32\DRIVERS\vna.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dleeCATSCustConnectService;dleeCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleeserv.exe [2010-10-7 33448]
S2 lxedCATSCustConnectService;lxedCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxedserv.exe [2010-12-24 45736]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-8-12 164200]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-8-31 30192]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-8-12 75112]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv90;Performance Tools Driver 9.0;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-9-4 71024]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== Created Last 30 ================
.
2011-12-20 19:42:14 -------- d-----w- C:\MGlogs
2011-12-20 19:37:03 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-20 18:57:20 -------- d-----w- C:\MGtools
2011-12-20 18:27:26 98816 ----a-w- C:\Windows\sed.exe
2011-12-20 18:27:26 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-20 18:27:26 256000 ----a-w- C:\Windows\PEV.exe
2011-12-20 18:27:26 208896 ----a-w- C:\Windows\MBR.exe
2011-12-20 18:19:43 2442533 ----a-w- C:\MGtools.exe
2011-12-20 18:00:30 -------- d-----w- C:\Program Files (x86)\Cisco
2011-12-19 23:06:07 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-12-19 23:06:01 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-12-19 23:05:57 -------- d-----w- C:\Program Files\Oracle
2011-12-19 21:55:54 -------- d-----w- C:\Users\Carly.Kaufman\VirtualBox VMs
2011-12-19 21:48:08 -------- d-----w- C:\Users\Carly.Kaufman\.VirtualBox
2011-12-16 23:17:16 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-16 22:07:12 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Roaming\SUPERAntiSpyware.com
2011-12-16 22:07:12 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-16 22:06:20 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Roaming\Malwarebytes
2011-12-16 22:05:59 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-16 22:05:55 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-16 22:05:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-15 22:25:26 -------- d-----w- C:\ProgramData\Xerox
2011-12-15 03:26:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 03:15:36 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 03:15:34 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 03:15:34 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 03:15:21 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 03:15:21 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-13 18:19:42 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Roaming\C2PublicFoldersSyncAddin
2011-12-13 18:16:56 -------- d-----w- C:\Program Files (x86)\CodeTwo
2011-12-12 21:11:05 -------- d-----w- C:\Users\Carly.Kaufman\Lync Recordings
2011-12-12 21:03:39 -------- d-----w- C:\Program Files\Microsoft Lync
2011-12-12 21:03:35 -------- d-----w- C:\Program Files (x86)\Microsoft Lync
2011-12-12 21:02:57 -------- d-----w- C:\Users\Carly.Kaufman\Tracing
2011-12-12 21:02:57 -------- d-----w- C:\Program Files (x86)\OCSetup
2011-12-07 19:38:30 -------- d-----w- C:\Program Files (x86)\Common Files\Cisco Systems
2011-12-07 19:19:02 58432 ----a-r- C:\Windows\System32\CdpNotify.dll
2011-12-07 19:19:02 29248 ----a-r- C:\Windows\System32\drivers\Ndiscdp.sys
2011-12-07 18:07:40 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Roaming\Cisco
2011-12-07 18:00:25 -------- d-----w- C:\Users\Carly.Kaufman\AppData\Local\Downloaded Installations
2011-12-07 17:51:00 -------- d-----w- C:\Program Files (x86)\Yammer
2011-12-05 00:11:33 -------- d-----w- C:\ProgramData\VS
2011-12-04 23:39:45 -------- d-----w- C:\Windows\System32\SPReview
2011-12-04 23:38:34 -------- d-----w- C:\Windows\System32\EventProviders
2011-12-04 23:35:16 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2011-12-04 23:35:16 109416 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2011-12-04 23:31:00 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQLSERVER-sqlctr10.3.5500.0.dll
2011-12-04 23:31:00 109416 ----a-w- C:\Windows\System32\perf-MSSQLSERVER-sqlctr10.3.5500.0.dll
.
==================== Find3M ====================
.
2011-12-20 18:45:45 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-12-20 18:10:40 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-05 07:45:30 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-12-05 07:45:29 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-11-04 19:37:00 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-11-04 19:37:00 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-11-04 19:36:58 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-23 04:07:34 105832 ----a-w- C:\Windows\System32\SQSRVRES.DLL
2011-09-23 04:06:04 3171176 ----a-w- C:\Windows\System32\sqlncli10.dll
2011-09-23 04:01:54 312168 ----a-w- C:\Windows\System32\drivers\RsFx0104.sys
2011-09-23 04:01:54 311144 ----a-w- C:\Windows\System32\drivers\RsFx0105.sys
2011-09-23 03:09:36 42344 ----a-w- C:\Windows\System32\DTSPipelinePerf100.dll
2011-09-23 00:18:58 2570088 ----a-w- C:\Windows\SysWow64\sqlncli10.dll
2011-09-22 22:42:48 32616 ----a-w- C:\Windows\SysWow64\DTSPipelinePerf100.dll
2006-02-05 03:46:06 679936 ----a-w- C:\Program Files (x86)\Crm Trace Log Viewer.exe
.
============= FINISH: 13:58:41.89 ===============