TechSpot

Two iexplore.exe * 32 after removing Trojan

Solved
By doubleTrouble
Jul 25, 2012
  1. I am having issues with two iexplore.exe * 32 even when I am not running IE.
    I have windows 7, and due to work policy had to move down to IE8.

    I have also noticed that even if I kill the IE8 processes, when I open an in-house tool, it starts the IE8 again and slows the tool down. I checked that it should not be opening IE8 or slow for other people.

    The following programs found trojans, but the problem is still happening.
    Kapersky
    Spybot
    Malwarebytes
  2. doubleTrouble

    doubleTrouble Newcomer, in training Topic Starter Posts: 40

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.25.07
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    maaldridge :: ALDRIDGE-M-W7 [administrator]
    Protection: Enabled
    7/25/2012 10:37:26 AM
    mbam-log-2012-07-25 (10-37-26).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 256811
    Time elapsed: 1 minute(s), 51 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Users\maaldridge\AppData\Local\Temp\1jfuweif.exe (Trojan.Happili) -> Quarantined and deleted successfully.
    (end)
  3. doubleTrouble

    doubleTrouble Newcomer, in training Topic Starter Posts: 40

    After removing the trojan and restarting.

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.25.07
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    maaldridge :: ALDRIDGE-M-W7 [administrator]
    Protection: Enabled
    7/25/2012 10:44:46 AM
    mbam-log-2012-07-25 (10-44-46).txt
    Scan type: Full scan (C:\|D:\|E:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 559450
    Time elapsed: 30 minute(s), 23 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  4. doubleTrouble

    doubleTrouble Newcomer, in training Topic Starter Posts: 40

    2012/07/25 10:35:45 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE Starting protection
    2012/07/25 10:35:45 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE Executing scheduled update: Daily
    2012/07/25 10:35:48 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE Protection started successfully
    2012/07/25 10:35:51 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE Scheduled update executed successfully: database updated from version v2012.07.03.05 to version v2012.07.25.07
    2012/07/25 10:35:51 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE Starting IP protection
    2012/07/25 10:35:53 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE IP Protection started successfully
    2012/07/25 10:35:53 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE Starting database refresh
    2012/07/25 10:35:53 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE Stopping IP protection
    2012/07/25 10:37:40 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE IP Protection stopped
    2012/07/25 10:37:42 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE Database refreshed successfully
    2012/07/25 10:37:42 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE Starting IP protection
    2012/07/25 10:37:44 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE IP Protection started successfully
    2012/07/25 10:41:26 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE Starting protection
    2012/07/25 10:41:30 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE Protection started successfully
    2012/07/25 10:41:33 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE Starting IP protection
    2012/07/25 10:41:36 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE IP Protection started successfully
    2012/07/25 10:46:51 -0700 ALDRIDGE-M-W7 maaldridge IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 64991, Process: avp.exe)
    2012/07/25 10:51:49 -0700 ALDRIDGE-M-W7 maaldridge IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 12047, Process: avp.exe)
    2012/07/25 11:13:20 -0700 ALDRIDGE-M-W7 maaldridge IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 49487, Process: avp.exe)
    2012/07/25 11:18:48 -0700 ALDRIDGE-M-W7 maaldridge IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 49588, Process: avp.exe)
    2012/07/25 11:23:53 -0700 ALDRIDGE-M-W7 maaldridge IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 49650, Process: avp.exe)
    2012/07/25 11:30:12 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE Stopping IP protection
    2012/07/25 11:31:34 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE IP Protection stopped
    2012/07/25 12:09:49 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE Starting protection
    2012/07/25 12:09:51 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE Protection started successfully
    2012/07/25 12:09:54 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE Starting IP protection
    2012/07/25 12:09:55 -0700 ALDRIDGE-M-W7 maaldridge MESSAGE IP Protection started successfully
    2012/07/25 12:12:26 -0700 ALDRIDGE-M-W7 maaldridge IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 52281, Process: avp.exe)
    2012/07/25 12:17:30 -0700 ALDRIDGE-M-W7 maaldridge IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 53004, Process: avp.exe)
    2012/07/25 12:31:38 -0700 ALDRIDGE-M-W7 maaldridge IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 40297, Process: avp.exe)
  5. doubleTrouble

    doubleTrouble Newcomer, in training Topic Starter Posts: 40

    Step 3 GMER

    I do not have the password to disable the antivirus software, so I ran it in safemode.

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-25 12:05:51
    Windows 6.1.7601 Service Pack 1
    Running: t6de78yz.exe

    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c659daeb835
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004eee1eb9
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c659daeb835 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004eee1eb9 (not active ControlSet)
    ---- EOF - GMER 1.0.15 ----
  6. doubleTrouble

    doubleTrouble Newcomer, in training Topic Starter Posts: 40

    Step 4: DDS
    DDS log

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by maaldridge at 13:02:21 on 2012-07-25
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3977.813 [GMT -7:00]
    .
    AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    FW: Kaspersky Anti-Virus *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\SPBA\upeksvr.exe
    C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
    C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
    C:\Windows\system32\inetsrv\inetinfo.exe
    C:\Program Files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe
    C:\Windows\system32\mqsvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\SysWOW64\CCM\CcmExec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\MozyEnterprise\mozyentstat.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Program Files (x86)\WinZip\WZQKPICK.EXE
    C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files (x86)\Microsoft Lync\communicator.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
    C:\Program Files (x86)\Allscripts Sunrise\Helios\3.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe
    C:\Program Files (x86)\Allscripts Sunrise\Helios\6.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\MozyEnterprise\mozyentbackup.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files\MozyEnterprise\mozyentbackup.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsComProviderSvr.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uStart Page = https://inside.allscripts.com
    uDefault_Page_URL = https://inside.allscripts.com
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
    uRun: [Google Update] "C:\Users\maaldridge\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [VS Revo Group] Rundll32.exe "C:\Users\maaldridge\AppData\Local\VS Revo Group\yzxxvcqk.dll",DllGetClassObject
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\MAALDR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYEN~1.LNK - C:\Program Files (x86)\MozyEnterprise\mozyentstat.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    Trusted Zone: a4healthsystems.com
    Trusted Zone: adp.com
    Trusted Zone: allscripts.com
    Trusted Zone: allscripts.com\clarity.corp
    Trusted Zone: allscripts.com\servicedesk.corp
    Trusted Zone: books24x7.com
    Trusted Zone: brainshark.com
    Trusted Zone: clarity
    Trusted Zone: codecorrect.com
    Trusted Zone: delvenetworks.com\assets
    Trusted Zone: diagnostix.com
    Trusted Zone: eternal
    Trusted Zone: force.com
    Trusted Zone: force.com\*.na0.visual
    Trusted Zone: fpx.com\od1
    Trusted Zone: global.ad\servicedesk.misys
    Trusted Zone: gotrain.net
    Trusted Zone: intersourcing.com\www
    Trusted Zone: intra
    Trusted Zone: llnwd.net\*.fcod
    Trusted Zone: microsoft.com\*.windowsupdate
    Trusted Zone: misys.com\clarity
    Trusted Zone: misys.com\servicedesk
    Trusted Zone: misysgold
    Trusted Zone: misyshealthcare.com
    Trusted Zone: misyshealthcare.com\kb
    Trusted Zone: misysimentor.com
    Trusted Zone: mlv-ris-app-e
    Trusted Zone: mlv-ris-app-f
    Trusted Zone: mlv-ris-app-o
    Trusted Zone: on24.com
    Trusted Zone: onemisys.com\clarity
    Trusted Zone: onemisys.com\eternal
    Trusted Zone: onemisys.com\intra
    Trusted Zone: onemisys.com\misysgold
    Trusted Zone: payerpath.com
    Trusted Zone: salesforce.com
    Trusted Zone: servicedesk
    Trusted Zone: skilldialogue.com
    Trusted Zone: skillport.com
    Trusted Zone: skillport.com\library
    Trusted Zone: skillsoft.com
    Trusted Zone: skillsoftcompliance.com
    Trusted Zone: skillwsa.com
    Trusted Zone: symantecliveupdate.com
    Trusted Zone: velaro.com
    Trusted Zone: windowsupdate.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ssl3.eclipsnet.com/dana-cached/sc/JuniperSetupClient.cab
    TCP: DhcpNameServer = 10.141.1.33 10.141.1.34 10.131.1.77 10.101.224.100
    TCP: Interfaces\{06C4AC5A-53E8-43CC-9777-16FF9D813CAA} : DhcpNameServer = 10.131.1.15 10.131.1.59 10.101.224.52 10.101.224.181
    TCP: Interfaces\{06C4AC5A-53E8-43CC-9777-16FF9D813CAA}\2303035364 : DhcpNameServer = 192.168.1.254 75.153.176.9
    TCP: Interfaces\{06C4AC5A-53E8-43CC-9777-16FF9D813CAA}\23030353C4 : DhcpNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{06C4AC5A-53E8-43CC-9777-16FF9D813CAA}\5436C69607429542 : DhcpNameServer = 10.131.1.15 10.131.1.59 10.101.224.52 10.101.224.181
    TCP: Interfaces\{06C4AC5A-53E8-43CC-9777-16FF9D813CAA}\F4E402E4F47502245616E6 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{829CCC39-CBEB-4C8C-97CA-011ADB61935A} : DhcpNameServer = 10.141.1.33 10.141.1.34 10.131.1.77 10.101.224.100
    TCP: Interfaces\{9D82732A-BEEA-4171-A7E8-6EB94ACFFE15} : DhcpNameServer = 10.141.1.33 10.141.1.34 10.131.1.77 10.101.224.100
    TCP: Interfaces\{EFB12861-64CB-4296-9F76-0B8D6D8B641C} : DhcpNameServer = 10.141.1.33 10.141.1.34 10.131.1.77 10.101.224.100
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    LSA: Authentication Packages = msv1_0 wvauth
    mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
    BHO-X64: Lync add-on BHO - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    TB-X64: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
    R1 mozyentFilter;mozyentFilter;C:\Windows\system32\DRIVERS\mozyent.sys --> C:\Windows\system32\DRIVERS\mozyent.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-19 89600]
    R2 AVP;Kaspersky Anti-Virus 6.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [2010-3-12 311680]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-5-13 1043872]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-5-13 36768]
    R2 GatewayAgent30;Allscripts Gateway Agent - 3.0;C:\Program Files (x86)\Allscripts Sunrise\Helios\3.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe [2011-3-22 32768]
    R2 GatewayAgent60;Allscripts Gateway Agent - 6.0;C:\Program Files (x86)\Allscripts Sunrise\Helios\6.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe [2012-7-12 40960]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-19 13336]
    R2 klnagent;Kaspersky Lab Network Agent;C:\Program Files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe [2010-10-20 141688]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-25 655944]
    R2 mozyentbackup;MozyEnterprise Backup Service;C:\Program Files\MozyEnterprise\mozyentbackup.exe [2010-11-8 51536]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-19 2009704]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-7-24 1188896]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-7-24 1395736]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-2-2 378472]
    R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]
    R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
    R3 cvusbdrv;Dell ControlVault;C:\Windows\system32\Drivers\cvusbdrv.sys --> C:\Windows\system32\Drivers\cvusbdrv.sys [?]
    R3 dcdbas;System Management Driver;C:\Windows\system32\DRIVERS\dcdbas64.sys --> C:\Windows\system32\DRIVERS\dcdbas64.sys [?]
    R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
    R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys --> C:\Windows\system32\DRIVERS\klfltdev.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 GatewayAgent31;Allscripts Gateway Agent - 3.1;"C:\Program Files (x86)\Allscripts Sunrise\Helios\3.1\Gateway\Eclipsys.Infrastructure.WindowsServices.exe" --> C:\Program Files (x86)\Allscripts Sunrise\Helios\3.1\Gateway\Eclipsys.Infrastructure.WindowsServices.exe [?]
    S2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-7-24 166528]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
    S3 VSPerfDrv90;Performance Tools Driver 9.0;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-9-4 71024]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-9-23 4476096]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-07-25 17:35:41 -------- d-----w- C:\Users\maaldridge\AppData\Roaming\Malwarebytes
    2012-07-25 17:35:36 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-25 17:35:35 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-25 17:35:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-25 14:22:42 479744 ----a-w- C:\Windows\SysWow64\RTFConv.dll
    2012-07-25 05:05:51 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-07-25 05:05:23 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2012-07-25 05:05:21 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2012-07-24 21:32:32 -------- d-----w- C:\Users\maaldridge\AppData\Local\visi_coupon
    2012-07-24 21:30:28 -------- d-----w- C:\Program Files (x86)\Yahoo!
    2012-07-24 20:54:06 -------- d-----w- C:\Users\maaldridge\AppData\Local\Microsoft_Corporation
    2012-07-22 22:41:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-07-22 22:41:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-07-22 22:41:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-07-22 22:41:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-07-22 22:41:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-07-22 22:41:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-07-22 22:41:36 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-07-22 22:40:38 -------- d-----w- C:\Users\maaldridge\AppData\Local\Apple
    2012-07-20 18:34:07 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-20 18:30:27 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-07-20 18:30:27 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2012-07-20 18:30:27 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2012-07-20 18:30:27 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2012-07-20 18:30:27 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-07-20 18:30:27 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2012-07-20 18:30:26 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
    2012-07-20 18:30:26 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
    2012-07-20 18:30:26 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2012-07-20 18:30:26 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2012-07-20 18:30:26 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2012-07-20 18:30:26 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2012-07-20 18:30:26 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
    2012-07-13 04:33:52 114176 ----a-w- C:\Windows\SysWow64\Eclipsys.Platform.LdapReader.dll
    2012-07-12 22:16:32 -------- d--h--w- C:\Windows\AxInstSV
    2012-07-03 16:27:51 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-07-03 16:27:48 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-07-03 16:27:48 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-07-03 16:27:32 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-07-03 16:27:32 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-07-03 16:27:32 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-07-03 16:27:32 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-07-03 16:27:32 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-07-03 16:27:32 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    .
    ==================== Find3M ====================
    .
    2012-07-23 16:55:30 328704 ----a-w- C:\Windows\System32\services.exe
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-05 19:51:04 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    .
    ============= FINISH: 13:02:49.30 ===============
  7. doubleTrouble

    doubleTrouble Newcomer, in training Topic Starter Posts: 40

    attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Enterprise
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/11/2011 11:30:29 AM
    System Uptime: 7/25/2012 12:07:08 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 032T9K
    Processor: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz | CPU 1 | 2601/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 119 GiB total, 19.276 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Mass Storage Controller
    Device ID: PCI\VEN_1217&DEV_8231&SUBSYS_04931028&REV_03\4&26B31A7F&0&01E5
    Manufacturer:
    Name: Mass Storage Controller
    PNP Device ID: PCI\VEN_1217&DEV_8231&SUBSYS_04931028&REV_03\4&26B31A7F&0&01E5
    Service:
    .
    ==== System Restore Points ===================
    .
    RP131: 7/24/2012 9:23:58 PM - Removed Sunrise Clinical Manager 6.0 Client (3521.0).
    RP132: 7/24/2012 9:24:46 PM - Removed Sunrise Clinical Manager 6.0 Client (3522.0).
    RP133: 7/24/2012 9:50:25 PM - Removed Sunrise Clinical Manager 6.0 Client (3530.0).
    RP134: 7/24/2012 9:59:03 PM - Removed Sunrise Clinical Manager 6.0 Client (3531.0).
    RP135: 7/25/2012 9:49:16 AM - Installed Sunrise Clinical Manager 6.0 Client (3533.0).
    RP136: 7/25/2012 12:28:50 PM - Removed Adobe Reader 9.4.6.
    .
    ==== Installed Programs ======================
    .
    .
    AccelerometerP11
    Allscripts Gateway 3.0 (777.0)
    Allscripts Gateway 6.0
    Allscripts TFS DatabaseStandards Policy
    Bing Bar
    BrettspielWelt
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Cisco WebEx Meeting Center for Internet Explorer
    Cisco WebEx Meetings
    Configuration Manager Client
    Crystal Reports Basic for Visual Studio 2008
    Crystal Reports for Visual Studio
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell Client Configuration Toolkit
    Dell Data Protection | Access
    Dell Data Protection | Access | Drivers
    Dell Data Protection | Access | Middleware
    Dell Mobile Broadband Manager
    Dell Security Device Driver Pack
    Digital Line Detect
    Dotfuscator Software Services - Community Edition
    Eclipsys TFS ChangeSet Comments Policy
    Eclipsys TFS DatabaseStandards Policy
    Google Chrome
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB2465361)
    Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB2538241)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    IDT Audio
    Infragistics NetAdvantage 2006 Vol. 2 CLR 2.0 HotFix - Build.1079
    Infragistics NetAdvantage for .NET 2006 Vol. 2 CLR 2.0
    Infragistics NetAdvantage jQuery 2011.2
    Infragistics NetAdvantage jQuery 2011.2 Samples
    Infragistics NetAdvantage Reporting 2011.2
    Infragistics NetAdvantage Reporting 2011.2 Samples
    Infragistics NetAdvantage Silverlight 2011.2
    Infragistics NetAdvantage Version Utility 2011.2
    Infragistics NetAdvantage Windows Forms 2009.2
    Infragistics NetAdvantage Windows Forms 2010.3
    Infragistics NetAdvantage Windows Forms 2011.2
    Infragistics NetAdvantage WPF 2009.2
    Infragistics NetAdvantage WPF 2010.3
    Infragistics NetAdvantage WPF 2011.2
    Infragistics NetAdvantage WPF 2011.2 Samples
    InstallVC90Support
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Driver
    Java Auto Updater
    Java(TM) 6 Update 29
    join.me
    Juniper Networks Network Connect 6.2.0
    Juniper Networks Setup Client
    Junk Mail filter update
    Kaspersky Anti-Virus 6.0 for Windows Workstations
    Kaspersky Lab Network Agent
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Compact Framework 1.0 SP3 Developer
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Conferencing Add-in for Microsoft Office Outlook
    Microsoft Document Explorer 2005
    Microsoft Document Explorer 2008
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Project MUI (English) 2010
    Microsoft Office Project Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Visio 2010
    Microsoft Office Visio MUI (English) 2010
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Project 2010 Service Pack 1 (SP1)
    Microsoft Project Professional 2010
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft ReportViewer 2010 SP1 Redistributable
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft SQL Server 2005 Books Online (English)
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft SQL Server Database Publishing Wizard 1.3
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Team Foundation Server 2010 Power Tools
    Microsoft Visio 2010 Service Pack 1 (SP1)
    Microsoft Visio Premium 2010
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft Visual SourceSafe 2005 - ENU
    Microsoft Visual Studio 2005 Premier Partner Edition - ENU
    Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601)
    Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU
    Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU Service Pack 1 (KB926601)
    Microsoft Visual Studio 2005 Team Explorer - ENU
    Microsoft Visual Studio 2005 Team Explorer - ENU Service Pack 1 (KB926601)
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
    Microsoft Visual Studio 2008 Team Explorer - ENU
    Microsoft Visual Studio 2008 Team Explorer - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio 2010 Ultimate - ENU
    Microsoft Visual Studio Macro Tools
    Microsoft Visual Studio Team System 2008 Development Edition - ENU
    Microsoft Visual Studio Team System 2008 Development Edition - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio Test Professional 2010 - ENU
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Web Authoring Component
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Netwaiting
    NVIDIA Stereoscopic 3D Driver
    RICOH Media Driver ver.2.11.01.02
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Security Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB2251481)
    Security Update for Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU (KB2251481)
    Security Update for Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU (KB2538218)
    Security Update for Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU (KB2548826)
    Security Update for Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU (KB937061)
    Security Update for Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU (KB971023)
    Security Update for Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU (KB973673)
    Security Update for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB2251487)
    Security Update for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB972222)
    Security Update for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB973675)
    SpecFlow 1.8.1
    Spybot - Search & Destroy
    Sunrise Clinical Manager 6.0 Client (3525.0)
    Sunrise Clinical Manager 6.0 Client (3532.0)
    Sunrise Clinical Manager 6.0 Client (3533.0)
    Sunrise Clinical Manager 6.0 Services
    Sunrise Prescription Writer 6.0 Client (3410)
    Sunrise Prescription Writer 6.0 Client (3417)
    Sunrise Prescription Writer 6.0 Client (3420)
    Sunrise Prescription Writer 6.0 Client (3436)
    Sunrise Prescription Writer 6.0 Client (3438)
    Sunrise Prescription Writer 6.0 Client (3444)
    Sunrise Prescription Writer 6.0 Client (3445)
    Sunrise Prescription Writer 6.0 Client (3452)
    Sunrise Prescription Writer 6.0 Client (3453)
    Sunrise Prescription Writer 6.0 Client (3454)
    Sunrise Prescription Writer 6.0 Client (3456)
    Sunrise Prescription Writer 6.0 Client (3525)
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft Visual SourceSafe 2005 - ENU (KB943847)
    Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB932232)
    Update for Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU (KB932232)
    Update for Microsoft Visual Studio 2005 Team Explorer - ENU (KB932232)
    Update for Microsoft Visual Studio 2008 Team Explorer - ENU (KB974558)
    Update for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB974558)
    Update for Microsoft Visual Studio Web Authoring Component (KB945140)
    VC Runtimes MSI
    Visual C++ 2008 IA64 Runtime - (v9.0.30729)
    Visual C++ 2008 IA64 Runtime - v9.0.30729.01
    Visual C++ 2008 x64 Runtime - (v9.0.30729)
    Visual C++ 2008 x64 Runtime - v9.0.30729.01
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
    Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
    Visual C++ 2008 x86 Runtime - KB2465361 - (v9.0.30729.5570)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 2008 x86 Runtime - v9.0.30729.4148
    Visual C++ 2008 x86 Runtime - v9.0.30729.5570
    Visual C++ 2008 x86 Runtime - v9.0.30729.6161
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    Visual Studio Tools for the Office system 3.0 Runtime
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
    WCF RIA Services V1.0 SP1
    WebEx Productivity Tools
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    WinMerge 2.12.4
    WinZip 11.1
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/25/2012 8:59:39 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 15:59:42.0000 7/25/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/25/2012 8:59:17 AM, Error: Service Control Manager [7031] - The Kaspersky Lab Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    7/25/2012 6:56:22 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    7/25/2012 12:39:09 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 19:39:11.0000 7/25/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/25/2012 12:09:56 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    7/25/2012 12:09:32 PM, Error: Service Control Manager [7000] - The Allscripts Gateway Agent - 3.1 service failed to start due to the following error: The system cannot find the file specified.
    7/25/2012 12:08:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    7/25/2012 12:07:24 PM, Error: Service Control Manager [7003] - The Spybot-S&D 2 Security Center Service service depends the following service: wscsvc. This service might not be installed.
    7/25/2012 12:07:23 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    7/25/2012 12:07:23 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    7/25/2012 12:07:23 PM, Error: Service Control Manager [7000] - The risdpcie service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    7/25/2012 11:50:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/25/2012 11:50:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/25/2012 11:50:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/25/2012 11:50:34 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
    7/25/2012 11:50:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {2F723A84-FD6F-4C32-9477-391FA6EA0BB6}
    7/25/2012 11:50:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    7/25/2012 11:50:16 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    7/25/2012 11:50:14 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache kl1 KLIF mozyentFilter spldr Wanarpv6
    7/25/2012 11:50:14 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain CORPORATE due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    7/25/2012 11:50:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    7/25/2012 11:48:19 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    7/25/2012 11:47:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    7/25/2012 11:47:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    7/25/2012 11:46:58 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache kl1 KLIF KLIM6 mozyentFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    7/25/2012 11:46:58 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/25/2012 11:46:58 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/25/2012 11:46:58 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    7/25/2012 11:46:58 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/25/2012 11:46:58 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/25/2012 11:46:58 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    7/25/2012 11:46:58 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/25/2012 11:46:58 AM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    7/25/2012 11:46:58 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/25/2012 11:46:58 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/25/2012 10:42:46 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 17:42:54.0000 7/25/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/25/2012 10:41:18 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    7/25/2012 10:34:33 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 17:34:39.0000 7/25/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/24/2012 9:47:41 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 16:47:42.0000 7/24/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/24/2012 3:39:20 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 22:39:22.0000 7/24/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/24/2012 3:30:07 PM, Error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: %%-2147467259
    7/24/2012 3:27:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    7/24/2012 3:05:28 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 22:5:29.0000 7/24/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/24/2012 2:58:36 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 21:58:37.0000 7/24/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/24/2012 2:45:16 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {1CCB96F4-B8AD-4B43-9688-B273F58E0910} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    7/24/2012 2:31:15 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user CORPORATE\maaldridge SID (S-1-5-21-73361282-1014109674-949316387-64872) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    7/24/2012 2:10:25 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.
    7/24/2012 2:10:25 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
    7/24/2012 2:10:25 PM, Error: Microsoft-Windows-Time-Service [46] - The time service encountered an error and was forced to shut down. The error was: 0x800706D3: The authentication service is unknown.
    7/24/2012 2:10:25 PM, Error: Microsoft-Windows-Time-Service [4] - The time provider 'NtpClient' failed to start due to the following error: A system shutdown is in progress. (0x8007045B)
    7/24/2012 2:10:25 PM, Error: BROWSER [8017] - The browser has failed to start because the dependent service LanmanWorkstation had invalid service status 4294967295. Status Meaning 1 Service Stopped 2 Start Pending 3 Stop Pending 4 Running 5 Continue Pending 6 Pause Pending 7 Paused
    7/24/2012 2:10:24 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
    7/24/2012 12:50:49 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 19:50:49.0000 7/24/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/24/2012 11:49:46 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 18:49:46.0000 7/24/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/24/2012 11:01:14 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
    7/24/2012 10:48:44 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 17:48:44.0000 7/24/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/24/2012 1:51:56 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 20:52:51.0000 7/24/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/23/2012 9:59:36 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 16:59:40.0000 7/23/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/23/2012 9:56:48 AM, Error: Service Control Manager [7023] - The UPnP Device Host service terminated with the following error: Access is denied.
    7/23/2012 9:55:15 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
    7/23/2012 9:55:15 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
    7/23/2012 9:50:44 AM, Error: Schannel [36888] - The following fatal alert was generated: 48. The internal error state is 552.
    7/23/2012 9:50:44 AM, Error: Schannel [36882] - The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
    7/23/2012 4:08:38 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 23:8:38.0000 7/23/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/23/2012 3:07:36 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 22:7:36.0000 7/23/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/23/2012 2:06:34 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 21:6:34.0000 7/23/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/23/2012 12:04:31 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 19:4:31.0000 7/23/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/23/2012 11:04:29 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 18:4:29.0000 7/23/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/23/2012 10:38:45 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 5:38:46.0000 7/24/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/23/2012 1:05:32 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 20:5:32.0000 7/23/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/22/2012 4:19:33 PM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 552.
    7/22/2012 4:19:33 PM, Error: Schannel [36884] - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is sipinternal.allscripts.com. The SSL connection request has failed. The attached data contains the server certificate.
    7/20/2012 9:40:11 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 16:40:11.0000 7/20/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/20/2012 9:34:25 AM, Error: Microsoft-Windows-GroupPolicy [1110] - The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.
    7/20/2012 4:19:43 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 23:19:59.0000 7/20/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/20/2012 3:40:01 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 22:40:17.0000 7/20/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/20/2012 2:38:15 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 21:38:15.0000 7/20/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/20/2012 11:42:41 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 18:43:7.0000 7/20/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/20/2012 11:09:39 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer CARAUSU-A-W7 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{06C4AC5A-53E8-43CC-9777-16FF9D813CAA}. The master browser is stopping or an election is being forced.
    7/20/2012 10:41:42 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 17:41:41.0000 7/20/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/20/2012 1:50:53 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 20:50:53.0000 7/20/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/18/2012 9:44:19 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 16:44:18.0000 7/18/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/18/2012 9:44:10 AM, Error: Microsoft-Windows-GroupPolicy [1030] - The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
    7/18/2012 4:09:52 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 23:9:50.0000 7/18/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/18/2012 3:08:31 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 22:8:26.0000 7/18/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/18/2012 12:46:22 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 19:46:23.0000 7/18/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/18/2012 12:35:31 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 7:35:31.0000 7/18/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/18/2012 11:45:19 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 18:46:1.0000 7/18/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/18/2012 10:45:02 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 17:45:3.0000 7/18/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    7/18/2012 1:47:04 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 20:47:13.0000 7/18/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: CORP.ALLSCRIPTS.COM Server Name: HTTP/mail.allscripts.com Target Name: HTTP/mail.allscripts.com@CORP.ALLSCRIPTS.COM Error Text: File: 9 Line: f09 Error Data is in record data.
    .
    ==== End Of File ===========================
  8. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  9. doubleTrouble

    doubleTrouble Newcomer, in training Topic Starter Posts: 40

    If the tools find a problem, do I let the tool delete it? Or just save and post the log? I did the latter (save and post the log) for now.

    OK, I think the tools found the problem. It found the same strange dll in VS Revo group that shows up on VSTS debugger in an infinite loop when my in-house tool misbehaves. =)

    RougueKiller

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: maaldridge [Admin rights]
    Mode: Scan -- Date: 07/25/2012 14:16:12
    ¤¤¤ Bad processes: 0 ¤¤¤
    ¤¤¤ Registry Entries: 6 ¤¤¤
    [SUSP PATH] HKCU\[...]\Run : VS Revo Group (Rundll32.exe "C:\Users\maaldridge\AppData\Local\VS Revo Group\yzxxvcqk.dll",DllGetClassObject) -> FOUND
    [SUSP PATH] HKUS\S-1-5-21-73361282-1014109674-949316387-64872[...]\Run : VS Revo Group (Rundll32.exe "C:\Users\maaldridge\AppData\Local\VS Revo Group\yzxxvcqk.dll",DllGetClassObject) -> FOUND
    [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\maaldridge\AppData\Local\{3135917d-3e18-e023-cb24-6460c7602ab6}\n.) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : c:\windows\installer\{3135917d-3e18-e023-cb24-6460c7602ab6}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\windows\installer\{3135917d-3e18-e023-cb24-6460c7602ab6}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\windows\installer\{3135917d-3e18-e023-cb24-6460c7602ab6}\L --> FOUND
    [ZeroAccess][FILE] @ : c:\users\maaldridge\appdata\local\{3135917d-3e18-e023-cb24-6460c7602ab6}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\users\maaldridge\appdata\local\{3135917d-3e18-e023-cb24-6460c7602ab6}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\users\maaldridge\appdata\local\{3135917d-3e18-e023-cb24-6460c7602ab6}\L --> FOUND
    ¤¤¤ Driver: [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG SSD PM810 2.5" 7 +++++
    --- User ---
    [MBR] 2caf7bcaae2b4b9a3f5fa1755922b811
    [BSP] 4fdbde7ae31e3d616b3d07f30ae6a9c6 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 121793 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 249434112 | Size: 300 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt

    =======================
    aswMBR

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-25 14:19:01
    -----------------------------
    14:19:01.707 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:19:01.707 Number of processors: 4 586 0x2A07
    14:19:01.707 ComputerName: ALDRIDGE-M-W7 UserName: maaldridge
    14:19:02.051 Initialize success
    14:19:56.839 AVAST engine defs: 12072501
    14:21:03.708 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    14:21:03.708 Disk 0 Vendor: SAMSUNG_ AXM0 Size: 122104MB BusType: 8
    14:21:03.708 Disk 0 MBR read successfully
    14:21:03.723 Disk 0 MBR scan
    14:21:03.739 Disk 0 Windows 7 default MBR code
    14:21:03.739 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 121793 MB offset 2048
    14:21:03.770 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 249434112
    14:21:03.786 Disk 0 scanning C:\Windows\system32\drivers
    14:21:09.263 Service scanning
    14:21:23.229 Modules scanning
    14:21:23.229 Disk 0 trace - called modules:
    14:21:23.229 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStor.sys hal.dll
    14:21:23.229 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005d99060]
    14:21:23.229 3 CLASSPNP.SYS[fffff88001a6c43f] -> nt!IofCallDriver -> [0xfffffa8005c9b9a0]
    14:21:23.244 5 stdcfltn.sys[fffff88001da4c52] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bac050]
    14:21:23.635 AVAST engine scan C:\Windows
    14:21:24.462 AVAST engine scan C:\Windows\system32
    14:24:48.496 AVAST engine scan C:\Windows\system32\drivers
    14:24:56.079 AVAST engine scan C:\Users\maaldridge
    14:25:33.507 File: C:\Users\maaldridge\AppData\Local\VS Revo Group\yzxxvcqk.dll **INFECTED** Win32:Downloader-PQL [Trj]
    14:25:47.174 File: C:\Users\maaldridge\Desktop\RK_Quarantine\yzxxvcqk.dll.vir **INFECTED** Win32:Downloader-PQL [Trj]
    14:26:03.789 AVAST engine scan C:\ProgramData
    14:27:24.699 Scan finished successfully
    14:29:30.573 Disk 0 MBR has been saved successfully to "C:\Users\maaldridge\Desktop\MBR.dat"
    14:29:30.573 The log file has been saved successfully to "C:\Users\maaldridge\Desktop\aswMBR.txt"
  10. doubleTrouble

    doubleTrouble Newcomer, in training Topic Starter Posts: 40

    OK, I haven't "fixed" or "deleted" anything, but I see a change in behaviour.
    Certain websites are crashing in IE, and closes the tab.

    I get the following error message
    -----------------------------------------------
    Internet Explorer has stopped working.

    A problem caused the program to stop working correctly. Windows will close the program and notifu you if a solution is available.
  11. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    Never go beyond my instructions.
    You did just fine.

    We have ZeroAccess rootkit infection there.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  12. doubleTrouble

    doubleTrouble Newcomer, in training Topic Starter Posts: 40

    Do I do both the following? Or just one?
    1. To enter System Recovery Options from the Advanced Boot Options:
    2. To enter System Recovery Options by using Windows installation disc:
  13. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    These are two ways to get there.
    First one should work just fine.
  14. doubleTrouble

    doubleTrouble Newcomer, in training Topic Starter Posts: 40

    OK, so I cannot run System Recovery tool until tomorrow when the IT guy comes back with the administrator password. The help desk won't give it to me over the phone.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • My machine prompted me for an administrator password to use the command prompt => So I am stuck until tomorrow morning. :'(
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next
    I did some reading on the Zero access toolkit. Seems like the farbar approach is the method 3 below. Do you recommend any of method 2? I suppose method 1 didn't work for me.
    Does it matter that I downloaded the tool from my infected computer onto the USB stick?
    Is the tool on the USB stick bad? :eek:
    http://www.2-viruses.com/remove-zeroaccess-rootkit
  15. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    Just follow my instructions and you'll be fine.

    Let me know tomorrow.
  16. doubleTrouble

    doubleTrouble Newcomer, in training Topic Starter Posts: 40

    frst.txt

    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 26-07-2012 10:10:38
    Running from F:\
    Windows 7 Enterprise (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-15] ()
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2010-12-07] (IDT, Inc.)
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-01-14] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-01-14] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2011-01-14] (Intel Corporation)
    HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [312936 2011-02-02] (NVIDIA Corporation)
    HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1875048 2010-12-30] ()
    HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-18] (Dell Inc.)
    HKLM\...\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
    HKLM\...\Run: [MsmqIntCert] regsvr32 /s mqrt.dll [x]
    HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [311680 2010-03-12] (Kaspersky Lab)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey [11937552 2010-10-22] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
    HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3921432 2012-07-04] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKU\Administrator\...\Run: [WirelessManager] "C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe" [20480 2011-02-11] (Ericsson AB)
    HKU\maaldridge\...\Run: [Google Update] "C:\Users\maaldridge\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-12] (Google Inc.)
    HKU\maaldridge\...\Run: [VS Revo Group] Rundll32.exe "C:\Users\maaldridge\AppData\Local\VS Revo Group\yzxxvcqk.dll",DllGetClassObject [1054720 2012-02-05] (VSoft Technologies Pty Ltd)
    HKU\maaldridge\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3527176 2012-07-04] (Safer-Networking Ltd.)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    Tcpip\Parameters: [DhcpNameServer] 10.141.1.33 10.141.1.34 10.131.1.77 10.101.224.100
    Lsa: [Authentication Packages] msv1_0
    wvauth
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\MozyEnterprise Status.lnk
    ShortcutTarget: MozyEnterprise Status.lnk -> C:\Program Files\MozyEnterprise\mozyentstat.exe (EMC Corporation)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
    ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
    ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
    Startup: C:\Users\maaldridge\Start Menu\Programs\Startup\MagicDisc.lnk
    ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    ==================== Services (Whitelisted) ======
    2 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" -r [311680 2010-03-12] (Kaspersky Lab)
    2 GatewayAgent30; "C:\Program Files (x86)\Allscripts Sunrise\Helios\3.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe" [32768 2011-03-22] (Allscripts Healthcare Solutions, Inc.)
    2 GatewayAgent60; "C:\Program Files (x86)\Allscripts Sunrise\Helios\6.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe" [40960 2012-07-12] (Allscripts Healthcare Solutions, Inc.)
    2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
    2 klnagent; "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe" [141688 2010-10-20] (Kaspersky Lab ZAO)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 mozyentbackup; "C:\Program Files\MozyEnterprise\mozyentbackup.exe" [51536 2010-11-08] (EMC Corporation)
    2 MSMQ; C:\Windows\System32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation)
    4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4737024 2008-07-29] (Microsoft Corporation)
    2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1188896 2012-07-04] (Safer-Networking Ltd.)
    2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1395736 2012-07-04] (Safer-Networking Ltd.)
    2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [166528 2012-03-22] (Safer-Networking Ltd.)
    2 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1633280 2011-02-17] ()
    2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
    2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)
    2 GatewayAgent31; "C:\Program Files (x86)\Allscripts Sunrise\Helios\3.1\Gateway\Eclipsys.Infrastructure.WindowsServices.exe" [x]
    ========================== Drivers (Whitelisted) =============
    3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [38472 2010-11-25] (Dell Inc.)
    3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdX64.sys [29184 2008-06-05] (Juniper Networks)
    3 e1kexpress; C:\Windows\System32\DRIVERS\e1k62x64.sys [293552 2009-11-06] (Intel Corporation)
    1 kl1; C:\Windows\System32\Drivers\kl1.sys [157712 2009-11-11] (Kaspersky Lab)
    3 KLFLTDEV; C:\Windows\System32\Drivers\KLFLTDEV.sys [30736 2009-09-03] (Kaspersky Lab)
    1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [268376 2011-04-11] (Kaspersky Lab)
    1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [27736 2011-04-11] (Kaspersky Lab ZAO)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    1 mozyentFilter; C:\Windows\System32\DRIVERS\mozyent.sys [66552 2011-08-16] (Mozy, Inc.)
    3 MQAC; C:\Windows\System32\Drivers\MQAC.sys [189440 2009-07-13] (Microsoft Corporation)
    3 prepdrvr; \??\C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
    3 VSPerfDrv90; \??\C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [71024 2007-09-04] (Microsoft Corporation)
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    2012-07-26 10:07 - 2012-07-26 10:07 - 00000000 ____D C:\FRST
    2012-07-25 13:29 - 2012-07-25 13:29 - 00002189 ____A C:\Users\maaldridge\Desktop\aswMBR.txt
    2012-07-25 13:29 - 2012-07-25 13:29 - 00000512 ____A C:\Users\maaldridge\Desktop\MBR.dat
    2012-07-25 13:18 - 2012-07-25 13:18 - 04731392 ____A (AVAST Software) C:\Users\maaldridge\Desktop\aswMBR.exe
    2012-07-25 13:16 - 2012-07-25 13:16 - 00002377 ____A C:\Users\maaldridge\Desktop\RKreport[1].txt
    2012-07-25 13:15 - 2012-07-25 13:16 - 00000000 ____D C:\Users\maaldridge\Desktop\RK_Quarantine
    2012-07-25 13:15 - 2012-07-25 13:15 - 01552384 ____A C:\Users\maaldridge\Desktop\RogueKiller.exe
    2012-07-25 11:09 - 2012-07-25 11:09 - 00607260 ____R (Swearware) C:\Users\maaldridge\Desktop\dds.scr
    2012-07-25 11:06 - 2012-07-25 11:06 - 00000000 ____A C:\Users\maaldridge\Desktop\t6de78yz.reg
    2012-07-25 11:06 - 2012-07-25 11:06 - 00000000 ____A C:\Users\maaldridge\Desktop\t6de78yz.bat
    2012-07-25 10:48 - 2012-07-25 11:05 - 00000619 ____A C:\Users\maaldridge\Desktop\gmer.log
    2012-07-25 10:27 - 2012-07-25 10:27 - 00302592 ____A C:\Users\maaldridge\Desktop\t6de78yz.exe
    2012-07-25 09:35 - 2012-07-25 09:35 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\maaldridge\Desktop\mbam-setup-1.62.0.1300.exe
    2012-07-25 09:35 - 2012-07-25 09:35 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-25 09:35 - 2012-07-25 09:35 - 00000000 ____D C:\Users\maaldridge\AppData\Roaming\Malwarebytes
    2012-07-25 09:35 - 2012-07-25 09:35 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-25 09:35 - 2012-07-25 09:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-25 09:35 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-25 09:19 - 2012-07-25 09:19 - 00007597 ____A C:\Users\maaldridge\AppData\Local\Resmon.ResmonCfg
    2012-07-25 08:56 - 2012-07-26 08:45 - 00001164 ____A C:\Windows\setupact.log
    2012-07-25 06:22 - 2012-07-25 06:22 - 00479744 ____A (Allscripts Healthcare Solutions, Inc.) C:\Windows\SysWOW64\RTFConv.dll
    2012-07-24 22:20 - 2012-07-24 22:20 - 00000000 ____D C:\Users\maaldridge\Documents\ProcAlyzer Dumps
    2012-07-24 21:25 - 2012-07-24 21:25 - 00000121 ____A C:\Windows\wininit.ini
    2012-07-24 21:05 - 2012-07-24 22:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2012-07-24 21:05 - 2012-07-24 22:25 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2012-07-24 21:05 - 2012-07-24 21:05 - 00002179 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2012-07-24 21:05 - 2009-01-25 12:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
    2012-07-24 19:34 - 2012-07-24 19:36 - 40095152 ___AH C:\Users\maaldridge\Documents\sdo_gb.pdf.2d92.part
    2012-07-24 13:32 - 2012-07-24 13:32 - 00000000 ____D C:\Users\maaldridge\AppData\Local\visi_coupon
    2012-07-24 13:30 - 2012-07-24 13:34 - 00000000 ____D C:\Users\All Users\Yahoo!
    2012-07-24 13:30 - 2012-07-24 13:34 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2012-07-24 12:54 - 2012-07-24 12:54 - 00000000 ____D C:\Users\maaldridge\AppData\Local\Microsoft_Corporation
    2012-07-23 08:59 - 2012-07-23 08:59 - 00000000 ____D C:\Users\maaldridge\AppData\Roaming\Apple Computer
    2012-07-22 14:41 - 2012-07-24 13:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-07-22 14:40 - 2012-07-22 14:40 - 00000000 ____D C:\Users\maaldridge\AppData\Local\Apple
    2012-07-22 14:40 - 2012-07-22 14:40 - 00000000 ____D C:\Users\All Users\Apple
    2012-07-20 10:34 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-20 10:33 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-20 10:33 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-20 10:33 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-20 10:33 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-20 10:33 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-20 10:33 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-20 10:33 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-20 10:33 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-20 10:33 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-20 10:33 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-20 10:33 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-20 10:33 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-20 10:33 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-20 10:33 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-20 10:33 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-20 10:33 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-20 10:33 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-20 10:30 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-20 10:30 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-12 20:33 - 2012-07-12 20:33 - 00114176 ____A (Allscripts Healthcare Solutions, Inc.) C:\Windows\SysWOW64\Eclipsys.Platform.LdapReader.dll
    2012-07-12 14:16 - 2012-07-12 14:18 - 00000000 ___HD C:\Windows\AxInstSV
    2012-07-11 10:53 - 2012-07-11 10:53 - 00000000 ____A C:\Windows\BulkUnld.INI
    2012-07-03 08:27 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-07-03 08:27 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-07-03 08:27 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-07-03 08:27 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-07-03 08:27 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-07-03 08:27 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-07-03 08:27 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-07-03 08:27 - 2012-04-16 21:31 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-03 08:27 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-03 08:27 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-07-03 08:27 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-28 12:26 - 2012-06-28 12:26 - 03065187 ____A C:\Users\maaldridge\Documents\TheStepsOfAgile.AgileBill.1103a.pptx
    ============ 3 Months Modified Files ========================
    2012-07-26 09:04 - 2011-04-11 10:29 - 01060961 ____A C:\Windows\WindowsUpdate.log
    2012-07-26 08:54 - 2009-07-13 21:13 - 00871340 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-26 08:52 - 2009-07-13 20:45 - 00012608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-26 08:52 - 2009-07-13 20:45 - 00012608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-26 08:46 - 2011-04-12 08:17 - 00000462 ____A C:\Windows\SMSCFG.ini
    2012-07-26 08:45 - 2012-07-25 08:56 - 00001164 ____A C:\Windows\setupact.log
    2012-07-26 08:45 - 2011-10-18 13:10 - 00001960 ____A C:\Windows\System32\config\netlogon.ftl
    2012-07-26 08:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-25 14:43 - 2011-12-12 10:08 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73361282-1014109674-949316387-64872UA.job
    2012-07-25 13:29 - 2012-07-25 13:29 - 00002189 ____A C:\Users\maaldridge\Desktop\aswMBR.txt
    2012-07-25 13:29 - 2012-07-25 13:29 - 00000512 ____A C:\Users\maaldridge\Desktop\MBR.dat
    2012-07-25 13:18 - 2012-07-25 13:18 - 04731392 ____A (AVAST Software) C:\Users\maaldridge\Desktop\aswMBR.exe
    2012-07-25 13:16 - 2012-07-25 13:16 - 00002377 ____A C:\Users\maaldridge\Desktop\RKreport[1].txt
    2012-07-25 13:15 - 2012-07-25 13:15 - 01552384 ____A C:\Users\maaldridge\Desktop\RogueKiller.exe
    2012-07-25 12:22 - 2010-11-20 14:04 - 00165874 ____A C:\Windows\PFRO.log
    2012-07-25 11:09 - 2012-07-25 11:09 - 00607260 ____R (Swearware) C:\Users\maaldridge\Desktop\dds.scr
    2012-07-25 11:06 - 2012-07-25 11:06 - 00000000 ____A C:\Users\maaldridge\Desktop\t6de78yz.reg
    2012-07-25 11:06 - 2012-07-25 11:06 - 00000000 ____A C:\Users\maaldridge\Desktop\t6de78yz.bat
    2012-07-25 11:05 - 2012-07-25 10:48 - 00000619 ____A C:\Users\maaldridge\Desktop\gmer.log
    2012-07-25 10:27 - 2012-07-25 10:27 - 00302592 ____A C:\Users\maaldridge\Desktop\t6de78yz.exe
    2012-07-25 09:35 - 2012-07-25 09:35 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\maaldridge\Desktop\mbam-setup-1.62.0.1300.exe
    2012-07-25 09:35 - 2012-07-25 09:35 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-25 09:19 - 2012-07-25 09:19 - 00007597 ____A C:\Users\maaldridge\AppData\Local\Resmon.ResmonCfg
    2012-07-25 08:43 - 2011-12-12 10:08 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73361282-1014109674-949316387-64872Core.job
    2012-07-25 06:22 - 2012-07-25 06:22 - 00479744 ____A (Allscripts Healthcare Solutions, Inc.) C:\Windows\SysWOW64\RTFConv.dll
    2012-07-24 21:25 - 2012-07-24 21:25 - 00000121 ____A C:\Windows\wininit.ini
    2012-07-24 21:05 - 2012-07-24 21:05 - 00002179 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2012-07-24 19:36 - 2012-07-24 19:34 - 40095152 ___AH C:\Users\maaldridge\Documents\sdo_gb.pdf.2d92.part
    2012-07-24 13:35 - 2011-10-18 13:16 - 00040165 _RASH C:\Users\All Users\ntuser.pol
    2012-07-24 09:53 - 2010-11-08 12:18 - 00004142 ____A C:\Windows\mozyent.blk
    2012-07-24 09:53 - 2010-11-08 12:18 - 00003748 ____A C:\Windows\mozyent.flt
    2012-07-23 08:55 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-07-23 08:50 - 2011-04-11 10:34 - 00153053 ____A C:\Windows\System32\Drivers\klin.dat
    2012-07-23 08:50 - 2011-04-11 10:34 - 00107384 ____A C:\Windows\System32\Drivers\klick.dat
    2012-07-20 13:37 - 2011-10-19 08:32 - 00011278 _RASH C:\Users\maaldridge\ntuser.pol
    2012-07-20 13:36 - 2009-07-13 20:45 - 00423888 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-20 10:31 - 2010-11-20 13:53 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-13 15:25 - 2011-10-25 09:21 - 00002006 ___AH C:\Users\maaldridge\Documents\Default.rdp
    2012-07-13 14:13 - 2011-12-12 10:09 - 00002390 ____A C:\Users\maaldridge\Desktop\Google Chrome.lnk
    2012-07-12 20:33 - 2012-07-12 20:33 - 00114176 ____A (Allscripts Healthcare Solutions, Inc.) C:\Windows\SysWOW64\Eclipsys.Platform.LdapReader.dll
    2012-07-11 10:53 - 2012-07-11 10:53 - 00000000 ____A C:\Windows\BulkUnld.INI
    2012-07-03 12:46 - 2012-07-25 09:35 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-03 08:27 - 2011-04-12 08:17 - 00865556 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-28 12:26 - 2012-06-28 12:26 - 03065187 ____A C:\Users\maaldridge\Documents\TheStepsOfAgile.AgileBill.1103a.pptx
    2012-06-20 11:41 - 2012-06-20 11:41 - 00000937 ____A C:\Users\maaldridge\Desktop\join.me.lnk
    2012-06-18 11:17 - 2012-06-18 11:17 - 648568960 ____A C:\Windows\MEMORY.DMP
    2012-06-18 11:17 - 2012-06-18 11:17 - 00270416 ____A C:\Windows\Minidump\061812-13540-01.dmp
    2012-06-11 19:08 - 2012-07-20 10:34 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-11 14:03 - 2011-04-14 07:16 - 00000411 ____A C:\Windows\ODBC.INI
    2012-06-08 21:43 - 2012-07-20 10:33 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-20 10:33 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 22:06 - 2012-07-20 10:33 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-20 10:33 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-20 10:30 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-20 10:33 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-20 10:33 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-20 10:30 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-02 14:19 - 2012-06-12 08:26 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-12 08:26 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-12 08:26 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-12 08:25 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-12 08:25 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-12 08:25 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-12 08:26 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-12 08:25 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:15 - 2012-06-12 08:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 21:50 - 2012-07-20 10:33 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-20 10:33 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-20 10:33 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-20 10:33 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-20 10:33 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-20 10:33 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-20 10:33 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-20 10:33 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-20 10:33 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-31 11:25 - 2010-11-20 13:17 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-14 20:01 - 2012-06-21 08:51 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-14 19:59 - 2012-06-21 08:51 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-14 19:03 - 2012-06-21 08:51 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-14 19:00 - 2012-06-21 08:51 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-14 11:09 - 2012-05-10 14:45 - 00000123 ____A C:\Users\maaldridge\Desktop\Microsoft Fix it.url
    2012-05-05 11:51 - 2012-04-13 12:25 - 08769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-05-04 03:06 - 2012-06-13 21:01 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-13 21:01 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 21:01 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-04-30 21:40 - 2012-07-03 08:27 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-30 20:35 - 2012-04-30 20:35 - 00001002 ____A C:\Users\maaldridge\Desktop\BrettspielWelt.lnk
    2012-04-30 10:19 - 2011-04-12 08:15 - 00111728 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT

    ZeroAccess:
    C:\Windows\Installer\{3135917d-3e18-e023-cb24-6460c7602ab6}
    C:\Windows\Installer\{3135917d-3e18-e023-cb24-6460c7602ab6}\@
    C:\Windows\Installer\{3135917d-3e18-e023-cb24-6460c7602ab6}\L
    C:\Windows\Installer\{3135917d-3e18-e023-cb24-6460c7602ab6}\U
    C:\Windows\Installer\{3135917d-3e18-e023-cb24-6460c7602ab6}\U\00000004.@
    ZeroAccess:
    C:\Users\maaldridge\AppData\Local\{3135917d-3e18-e023-cb24-6460c7602ab6}
    C:\Users\maaldridge\AppData\Local\{3135917d-3e18-e023-cb24-6460c7602ab6}\@
    C:\Users\maaldridge\AppData\Local\{3135917d-3e18-e023-cb24-6460c7602ab6}\L
    C:\Users\maaldridge\AppData\Local\{3135917d-3e18-e023-cb24-6460c7602ab6}\U
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe FCB084FA3DCB7449F3BAA13312A215B4 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 18%
    Total physical RAM: 3976.9 MB
    Available physical RAM: 3246.09 MB
    Total Pagefile: 3975.05 MB
    Available Pagefile: 3245.42 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ======================= Partitions =========================
    1 Drive c: (OSDisk) (Fixed) (Total:118.94 GB) (Free:18.35 GB) NTFS
    3 Drive f: () (Removable) (Total:0.99 GB) (Free:0.89 GB) FAT
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (BDEDrive) (Fixed) (Total:0.29 GB) (Free:0.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 119 GB 9 MB
    Disk 1 Online 1010 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 118 GB 1024 KB
    Partition 2 Primary 300 MB 118 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C OSDisk NTFS Partition 118 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 Y BDEDrive NTFS Partition 300 MB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1010 MB 16 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT Removable 1010 MB Healthy
    ==================================================================================
    ==========================================================
    Last Boot: 2012-07-21 05:22
    ======================= End Of Log ==========================

    Search.txt

    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-26 10:11:20
    Running from F:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2012-07-23 08:55] - 0328704 ____A (Microsoft Corporation) FCB084FA3DCB7449F3BAA13312A215B4
    ====== End Of Search ======
  17. doubleTrouble

    doubleTrouble Newcomer, in training Topic Starter Posts: 40

    Are we getting close to fixing this thing?
  18. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    First of all be patient and do NOT bump!
    We're just volunteers providing free help.
    We do work, we do sleep and we have our private lives.
    We do NOT provide 911 services.

    Now...hold on until I compose a fix for you.
  19. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

  20. doubleTrouble

    doubleTrouble Newcomer, in training Topic Starter Posts: 40

    Hi,

    Sorry about trying to bump/being impatient.

    I can't disable my anti-virus (Kapersky). My machine is on a network server, and they will not allow me to disable it.
    (Even running the Farbar tool was hard as they first refused to give me access. They finally conceded and gave me temporary admin access).

    Can I run the Combofix in the safemode without network?
    Or, is there any way around it?

    Thanks in advance.
  21. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    Yes.

    I still need a log from FRST fix.
  22. doubleTrouble

    doubleTrouble Newcomer, in training Topic Starter Posts: 40

    I can't figure out how to disable spybot. I had a look at the instructions, but the newer spybot does not have those options. Spybot 2.0.9.0.

    Attached Files:

  23. doubleTrouble

    doubleTrouble Newcomer, in training Topic Starter Posts: 40

    Here is the fixlog.
    I couldn't run the combo fix yet, as I cannot figure out how to turn off the spybot. :( In safemode without network, it hasn't complained about kapersky yet. I don't have permission to disable kapersky either.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-26 13:59:40 Run:1
    Running from F:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{3135917d-3e18-e023-cb24-6460c7602ab6} moved successfully.
    C:\Users\maaldridge\AppData\Local\{3135917d-3e18-e023-cb24-6460c7602ab6} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
  24. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    According to Spybot forum the only way to do it is to disable it through Windows services.
    Personally I consider Spybot as a tool of the past.
  25. doubleTrouble

    doubleTrouble Newcomer, in training Topic Starter Posts: 40

    Here is the combofix log.

    ComboFix 12-07-27.02 - maaldridge 07/26/2012 15:41:56.1.4 - x64 MINIMAL
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3977.3298 [GMT -7:00]
    Running from: c:\users\maaldridge\Desktop\ComboFix.exe
    AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    SP: Spybot - Search and Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Administrator\AppData\Local\assembly\tmp
    c:\users\maaldridge\AppData\Local\assembly\tmp
    c:\users\maaldridge\AppData\Local\VS Revo Group\yzxxvcqk.dll
    c:\windows\SysWow64\html
    c:\windows\SysWow64\html\calendar.html
    c:\windows\SysWow64\html\calendarbottom.html
    c:\windows\SysWow64\html\calendartop.html
    c:\windows\SysWow64\html\crystalexportdialog.htm
    c:\windows\SysWow64\html\crystalprinthost.html
    c:\windows\SysWow64\images
    c:\windows\SysWow64\images\toolbar\calendar.gif
    c:\windows\SysWow64\images\toolbar\crlogo.gif
    c:\windows\SysWow64\images\toolbar\export.gif
    c:\windows\SysWow64\images\toolbar\export_over.gif
    c:\windows\SysWow64\images\toolbar\exportd.gif
    c:\windows\SysWow64\images\toolbar\First.gif
    c:\windows\SysWow64\images\toolbar\first_over.gif
    c:\windows\SysWow64\images\toolbar\Firstd.gif
    c:\windows\SysWow64\images\toolbar\gotopage.gif
    c:\windows\SysWow64\images\toolbar\gotopage_over.gif
    c:\windows\SysWow64\images\toolbar\gotopaged.gif
    c:\windows\SysWow64\images\toolbar\grouptree.gif
    c:\windows\SysWow64\images\toolbar\grouptree_over.gif
    c:\windows\SysWow64\images\toolbar\grouptreed.gif
    c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
    c:\windows\SysWow64\images\toolbar\Last.gif
    c:\windows\SysWow64\images\toolbar\last_over.gif
    c:\windows\SysWow64\images\toolbar\Lastd.gif
    c:\windows\SysWow64\images\toolbar\Next.gif
    c:\windows\SysWow64\images\toolbar\next_over.gif
    c:\windows\SysWow64\images\toolbar\Nextd.gif
    c:\windows\SysWow64\images\toolbar\Prev.gif
    c:\windows\SysWow64\images\toolbar\prev_over.gif
    c:\windows\SysWow64\images\toolbar\Prevd.gif
    c:\windows\SysWow64\images\toolbar\print.gif
    c:\windows\SysWow64\images\toolbar\print_over.gif
    c:\windows\SysWow64\images\toolbar\printd.gif
    c:\windows\SysWow64\images\toolbar\Refresh.gif
    c:\windows\SysWow64\images\toolbar\refresh_over.gif
    c:\windows\SysWow64\images\toolbar\refreshd.gif
    c:\windows\SysWow64\images\toolbar\Search.gif
    c:\windows\SysWow64\images\toolbar\search_over.gif
    c:\windows\SysWow64\images\toolbar\searchd.gif
    c:\windows\SysWow64\images\toolbar\up.gif
    c:\windows\SysWow64\images\toolbar\up_over.gif
    c:\windows\SysWow64\images\toolbar\upd.gif
    c:\windows\SysWow64\images\tree\begindots.gif
    c:\windows\SysWow64\images\tree\beginminus.gif
    c:\windows\SysWow64\images\tree\beginplus.gif
    c:\windows\SysWow64\images\tree\blank.gif
    c:\windows\SysWow64\images\tree\blankdots.gif
    c:\windows\SysWow64\images\tree\dots.gif
    c:\windows\SysWow64\images\tree\lastdots.gif
    c:\windows\SysWow64\images\tree\lastminus.gif
    c:\windows\SysWow64\images\tree\lastplus.gif
    c:\windows\SysWow64\images\tree\Magnify.gif
    c:\windows\SysWow64\images\tree\minus.gif
    c:\windows\SysWow64\images\tree\minusbox.gif
    c:\windows\SysWow64\images\tree\plus.gif
    c:\windows\SysWow64\images\tree\plusbox.gif
    c:\windows\SysWow64\images\tree\singleminus.gif
    c:\windows\SysWow64\images\tree\singleplus.gif
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-26 22:45 . 2012-07-26 22:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-07-26 22:45 . 2012-07-26 22:45 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2012-07-26 18:07 . 2012-07-26 18:07 -------- d-----w- C:\FRST
    2012-07-25 17:35 . 2012-07-25 17:35 -------- d-----w- c:\users\maaldridge\AppData\Roaming\Malwarebytes
    2012-07-25 17:35 . 2012-07-25 17:35 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-25 17:35 . 2012-07-25 17:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-25 17:35 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-25 14:22 . 2012-07-25 14:22 479744 ----a-w- c:\windows\SysWow64\RTFConv.dll
    2012-07-25 05:05 . 2012-07-25 06:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-07-25 05:05 . 2009-01-25 20:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
    2012-07-25 05:05 . 2012-07-25 06:34 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2012-07-24 21:32 . 2012-07-24 21:32 -------- d-----w- c:\users\maaldridge\AppData\Local\visi_coupon
    2012-07-24 21:30 . 2012-07-24 21:34 -------- d-----w- c:\programdata\Yahoo!
    2012-07-24 21:30 . 2012-07-24 21:34 -------- d-----w- c:\program files (x86)\Yahoo!
    2012-07-24 20:54 . 2012-07-24 20:54 -------- d-----w- c:\users\maaldridge\AppData\Local\Microsoft_Corporation
    2012-07-23 16:59 . 2012-07-23 16:59 -------- d-----w- c:\users\maaldridge\AppData\Roaming\Apple Computer
    2012-07-22 22:41 . 2012-07-22 22:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-07-22 22:41 . 2012-07-22 22:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-07-22 22:41 . 2012-07-22 22:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-07-22 22:41 . 2012-07-22 22:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-07-22 22:41 . 2012-07-22 22:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-07-22 22:41 . 2012-07-22 22:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-07-22 22:41 . 2012-07-22 22:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-07-22 22:41 . 2012-07-24 21:35 -------- d-----w- c:\program files (x86)\QuickTime
    2012-07-22 22:40 . 2012-07-22 22:40 -------- d-----w- c:\users\maaldridge\AppData\Local\Apple
    2012-07-22 22:40 . 2012-07-22 22:40 -------- d-----w- c:\programdata\Apple
    2012-07-20 18:34 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-20 18:30 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-07-20 18:30 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2012-07-20 18:30 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-07-20 18:30 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
    2012-07-20 18:30 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
    2012-07-20 18:30 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-07-20 18:30 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2012-07-20 18:30 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
    2012-07-20 18:30 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2012-07-20 18:30 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
    2012-07-20 18:30 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
    2012-07-20 18:30 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
    2012-07-20 18:30 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
    2012-07-13 04:33 . 2012-07-13 04:33 114176 ----a-w- c:\windows\SysWow64\Eclipsys.Platform.LdapReader.dll
    2012-07-12 22:16 . 2012-07-12 22:18 -------- d--h--w- c:\windows\AxInstSV
    2012-07-03 16:27 . 2012-04-17 05:31 918016 ----a-w- c:\windows\system32\jscript.dll
    2012-07-03 16:27 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-07-03 16:27 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-07-03 16:27 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-07-03 16:27 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-07-03 16:27 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-07-03 16:27 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-07-03 16:27 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-07-03 16:27 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-07-03 16:27 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-26 22:46 . 2011-10-25 17:10 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
    2012-07-20 18:31 . 2010-11-20 21:53 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-02 22:19 . 2012-06-12 16:25 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-12 16:26 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-12 16:26 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-12 16:26 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-12 16:25 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-12 16:25 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-12 16:26 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-12 16:25 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-12 16:25 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-05-31 19:25 . 2010-11-20 21:17 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-18 21:31 . 2011-04-14 20:49 2480768 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2012-05-15 04:01 . 2012-06-21 16:51 1188864 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 03:59 . 2012-06-21 16:51 64512 ----a-w- c:\windows\system32\jsproxy.dll
    2012-05-15 03:03 . 2012-06-21 16:51 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-05-05 19:51 . 2012-04-13 20:25 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-04 11:06 . 2012-06-14 05:01 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-14 05:01 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-14 05:01 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-04-28 05:32 . 2012-06-14 05:01 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
    2012-04-28 03:55 . 2012-06-14 05:01 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-07-04 3527176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2010-10-22 11937552]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
    "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-07-04 3921432]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2010-03-12 311680]
    .
    c:\users\maaldridge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-11-8 576000]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-9-19 50688]
    MozyEnterprise Status.lnk - c:\program files\MozyEnterprise\mozyentstat.exe [2012-6-4 6270088]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2119488]
    WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
    WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2007-5-15 394856]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 GatewayAgent30;Allscripts Gateway Agent - 3.0;c:\program files (x86)\Allscripts Sunrise\Helios\3.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe [2011-03-22 32768]
    R2 GatewayAgent31;Allscripts Gateway Agent - 3.1;c:\program files (x86)\Allscripts Sunrise\Helios\3.1\Gateway\Eclipsys.Infrastructure.WindowsServices.exe [x]
    R2 GatewayAgent60;Allscripts Gateway Agent - 6.0;c:\program files (x86)\Allscripts Sunrise\Helios\6.0\Gateway\Eclipsys.Infrastructure.WindowsServices.exe [2012-07-13 40960]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    R2 mozyentbackup;MozyEnterprise Backup Service;c:\program files\MozyEnterprise\mozyentbackup.exe [2010-11-08 51536]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-07 2009704]
    R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2010-03-19 81920]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-11-06 293552]
    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 151936]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-02-07 173160]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-19 68440]
    R3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-09-04 71024]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-20 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-09-23 4476096]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-04 25960]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-04-11 27736]
    S1 mozyentFilter;mozyentFilter;c:\windows\system32\DRIVERS\mozyent.sys [2011-08-16 66552]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-05-13 1043872]
    S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-05-13 36768]
    S2 klnagent;Kaspersky Lab Network Agent;c:\program files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe [2010-10-20 141688]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-03 378472]
    S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
    S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
    S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
    S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-05-10 38504]
    S3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys [2010-11-25 38472]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-10-28 315568]
    S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2009-09-03 30736]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73361282-1014109674-949316387-64872Core.job
    - c:\users\maaldridge\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 18:08]
    .
    2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73361282-1014109674-949316387-64872UA.job
    - c:\users\maaldridge\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 18:08]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2011-05-28 00:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozyent]
    @="{567f4262-b8b0-578b-e7bc-b384643f0d85}"
    [HKEY_CLASSES_ROOT\CLSID\{567f4262-b8b0-578b-e7bc-b384643f0d85}]
    2012-06-04 22:34 6299784 ----a-w- c:\program files\MozyEnterprise\mozyentshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozyent2]
    @="{5efb374b-ea9d-fd9e-528a-5f53484cb3dc}"
    [HKEY_CLASSES_ROOT\CLSID\{5efb374b-ea9d-fd9e-528a-5f53484cb3dc}]
    2012-06-04 22:34 6299784 ----a-w- c:\program files\MozyEnterprise\mozyentshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozyent3]
    @="{1b4d21fd-1325-b7e3-a45e-07804bf4fc8c}"
    [HKEY_CLASSES_ROOT\CLSID\{1b4d21fd-1325-b7e3-a45e-07804bf4fc8c}]
    2012-06-04 22:34 6299784 ----a-w- c:\program files\MozyEnterprise\mozyentshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayAdd]
    @="{D4DD7FC6-066F-442a-A200-DD21649CF378}"
    [HKEY_CLASSES_ROOT\CLSID\{D4DD7FC6-066F-442a-A200-DD21649CF378}]
    2011-12-07 03:42 292168 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayControlled]
    @="{EFF5DF4C-7662-4ed7-B533-837D3319D311}"
    [HKEY_CLASSES_ROOT\CLSID\{EFF5DF4C-7662-4ed7-B533-837D3319D311}]
    2011-12-07 03:42 292168 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayEdit]
    @="{FF529703-3398-4c98-B88D-13F784CB10A2}"
    [HKEY_CLASSES_ROOT\CLSID\{FF529703-3398-4c98-B88D-13F784CB10A2}]
    2011-12-07 03:42 292168 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayLock]
    @="{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}"
    [HKEY_CLASSES_ROOT\CLSID\{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}]
    2011-12-07 03:42 292168 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayRename]
    @="{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}"
    [HKEY_CLASSES_ROOT\CLSID\{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}]
    2011-12-07 03:42 292168 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2011-05-28 00:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-15 686704]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-08 525312]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-15 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-15 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-15 418328]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-02-03 312936]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-12-30 1875048]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-18 6492672]
    "TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-28 257392]
    "MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "combofix"="c:\combofix\CF8037.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://inside.allscripts.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    Trusted Zone: a4healthsystems.com
    Trusted Zone: adp.com
    Trusted Zone: allscripts.com
    Trusted Zone: allscripts.com\clarity.corp
    Trusted Zone: allscripts.com\servicedesk.corp
    Trusted Zone: books24x7.com
    Trusted Zone: brainshark.com
    Trusted Zone: clarity
    Trusted Zone: codecorrect.com
    Trusted Zone: delvenetworks.com\assets
    Trusted Zone: diagnostix.com
    Trusted Zone: eternal
    Trusted Zone: force.com
    Trusted Zone: force.com\*.na0.visual
    Trusted Zone: fpx.com\od1
    Trusted Zone: global.ad\servicedesk.misys
    Trusted Zone: gotrain.net
    Trusted Zone: intersourcing.com\www
    Trusted Zone: intra
    Trusted Zone: llnwd.net\*.fcod
    Trusted Zone: microsoft.com\*.windowsupdate
    Trusted Zone: misys.com\clarity
    Trusted Zone: misys.com\servicedesk
    Trusted Zone: misysgold
    Trusted Zone: misyshealthcare.com
    Trusted Zone: misyshealthcare.com\kb
    Trusted Zone: misysimentor.com
    Trusted Zone: mlv-ris-app-e
    Trusted Zone: mlv-ris-app-f
    Trusted Zone: mlv-ris-app-o
    Trusted Zone: on24.com
    Trusted Zone: onemisys.com\clarity
    Trusted Zone: onemisys.com\eternal
    Trusted Zone: onemisys.com\intra
    Trusted Zone: onemisys.com\misysgold
    Trusted Zone: payerpath.com
    Trusted Zone: salesforce.com
    Trusted Zone: servicedesk
    Trusted Zone: skilldialogue.com
    Trusted Zone: skillport.com
    Trusted Zone: skillsoft.com
    Trusted Zone: skillsoftcompliance.com
    Trusted Zone: skillwsa.com
    Trusted Zone: symantecliveupdate.com
    Trusted Zone: velaro.com
    Trusted Zone: windowsupdate.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-VS Revo Group - c:\users\maaldridge\AppData\Local\VS Revo Group\yzxxvcqk.dll
    Notify-SDWinLogon - SDWinLogon.dll
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-898976328-1975694646-3752162016-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,99,2d,f0,b2,41,18,4b,8d,46,c7,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,99,2d,f0,b2,41,18,4b,8d,46,c7,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\windows\SysWOW64\CCM\CcmExec.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-26 15:48:26 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-26 22:48
    .
    Pre-Run: 20,409,544,704 bytes free
    Post-Run: 22,841,856,000 bytes free
    .
    - - End Of File - - D7C148B28739A84495AF7DE37925FA5F


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.