Virus and malware removal logs

Solved
By Boscoe
Sep 25, 2012
  1. I have been having issues with my internet browser/browsing. First, I am no longer able to click on links to websites directly from my email - it opens an "InPrivate" browser. I have checked my in private browsing settings repeatedly and the feature is not turned on. Second, when I click on a link in google search results, random ad sites come up instead of the link I selected. I followed the steps in the removal process as directed and my logs are pasted below. Sincerest thanks in advance.

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org
    Database version: v2012.09.07.13
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    QU54112 :: NC-ATL14010 [administrator]
    9/25/2012 8:22:35 PM
    mbam-log-2012-09-25 (20-22-35).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 250968
    Time elapsed: 22 minute(s), 12 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 3
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|2 (Security.Hijack) -> Data: chrome.exe -> Delete on reboot.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Documents and Settings\qu54112\Application Data\dplaysvr.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Documents and Settings\qu54112\Application Data\dplaysvr.exe -> Quarantined and deleted successfully.
    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-09-25 20:55:51
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ECBO
    Running: t2vs2ej8.exe; Driver: C:\DOCUME~1\qu54112\LOCALS~1\Temp\fxrirpow.sys

    ---- System - GMER 1.0.15 ----
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9356290]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB93562A4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB93562D0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9356326]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB935627C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9356254]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9356268]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB93562BA]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB93562FC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB93562E6]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9356350]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB935633C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9356310]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\Ntfs \Ntfs PGPfsfd.sys (PGP FSFD/PGP Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    ---- EOF - GMER 1.0.15 ----
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by QU54112 at 20:58:49 on 2012-09-25
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3241.2345 [GMT -4:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IDT\WDM\stacsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    c:\SvcTools\pkg\SLM-Usage\eSMARTUM.exe
    C:\WINDOWS\system32\dleacoms.exe
    C:\WINDOWS\SYSTEM32\DNTUS26.EXE
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Lumension\LEMSSAgent\LMAgent.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
    C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\mfevtps.exe
    C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
    C:\WINDOWS\system32\DRIVERS\o2flash.exe
    C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe
    C:\WINDOWS\system32\PGPserv.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lumension\Patch Agent\GravitixService.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
    C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe
    C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files\Dell V310-V510 Series\dleamon.exe
    C:\Program Files\Dell V310-V510 Series\ezprint.exe
    C:\Program Files\McAfee\Common Framework\udaterui.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Lumension\LEMSSAgent\epui\epui.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\Lumension\Patch Agent\pddm.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files\WebEx\Productivity Tools\PTIM.exe
    C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
    C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
    C:\Documents and Settings\qu54112\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Documents and Settings\qu54112\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\qu54112\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe
    C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
    C:\Documents and Settings\qu54112\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Program Files\Jordan Lawrence\GRIP Desktop\GRIP Desktop.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Microsoft Internet Explorer provided by Newell-Rubbermaid
    uStart Page = hxxp://www-I.nwlconnect.com/
    uDefault_Page_URL = hxxp://www-I.nwlconnect.com/
    uInternet Settings,ProxyOverride = *.local;<local>
    BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell printable web\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
    BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell printable web\toolband.dll
    TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
    uRun: [PTIM.exe] c:\program files\webex\productivity tools\PTIM.exe
    uRun: [PTOneClick] c:\program files\webex\productivity tools\ptoneclk.exe /AutoRunning="2"
    uRun: [Akamai NetSession Interface] "c:\documents and settings\qu54112\local settings\application data\akamai\netsession_win.exe"
    uRun: [PCShowServer] "c:\documents and settings\qu54112\local settings\application data\directv player\PCShowServerPMWrapper.exe"
    uRun: [SubSystems] rundll32.exe "c:\documents and settings\qu54112\local settings\application data\subsystems\jnvfxtgq.dll",DllGetClassObject
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
    mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
    mRun: [NBAgent] "c:\program files\nero\nero backitup & burn\nero backitup\NBAgent.exe" /WinStart
    mRun: [SAP_WUS_UNT] "c:\program files\sap\sapsetup\setup\updater\NwSapSetupUserNotificationTool.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
    mRun: [dleamon.exe] "c:\program files\dell v310-v510 series\dleamon.exe"
    mRun: [EzPrint] "c:\program files\dell v310-v510 series\ezprint.exe"
    mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRun: [msbui] ",FILTERTEXTURE
    mRun: [IntellisyncLotus] " /J
    mRun: [wpcof] ",INITEX
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\docume~1\qu54112\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gripde~1.lnk - c:\windows\installer\{58d3349d-849e-4215-870e-66349cec47f9}\_188652DA885AB9DE3230E7.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{7ba5cb2d-f497-4ab6-8206-c24a7d67750f}\Icon6560581611.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
    uPolicies-explorer: DisallowRun = 1 (0x1)
    uPolicies-disallowrun: 1 = 386.exe
    uPolicies-disallowrun: 2 = chrome.exe
    uPolicies-disallowrun: 3 = ChromeSetup.exe
    uPolicies-disallowrun: 4 = Elite.exe
    uPolicies-disallowrun: 5 = Explorer32.exe
    uPolicies-disallowrun: 6 = googledesktop.exe
    uPolicies-disallowrun: 7 = usb.exe
    uPolicies-disallowrun: 8 = usb32.exe
    uPolicies-disallowrun: 9 = windrvl32.exe
    uPolicies-disallowrun: 10 = winshost.exe
    mPolicies-explorer: NoStartMenuEjectPC = 1 (0x1)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    LSP: c:\windows\system32\PGPlsp.dll
    LSP: mswsock.dll
    Trusted Zone: appreciatehub.com
    Trusted Zone: btslearning.com\www
    Trusted Zone: Contentserver.elementh.com
    Trusted Zone: Dell.com
    Trusted Zone: my-totalrewards.com
    Trusted Zone: newellco.com
    Trusted Zone: newellcotraining.com
    Trusted Zone: octanner.com\*.recognition
    Trusted Zone: outlook.com
    Trusted Zone: retireonline.com\www
    Trusted Zone: scorm.com
    Trusted Zone: Staples.com
    Trusted Zone: staplesadvantage.com
    Trusted Zone: taleo.net
    Trusted Zone: unisourcelink.com
    Trusted Zone: workforcehosting.com
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://mqc.sap.newellco.com:8080/qcbin/capicom.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282248966734
    DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
    DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://virtualkitchenshowroom.homedepot.com/VS/Core/Player/2020PlayerAX_WEB_Win32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://newell.webex.com/client/upgradeserver/client/ptool/T27L10NSP11_ASRRLS6-4838/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://qc.newellco.com:8080/qcbin/ALM-Platform-Loader.11.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://bond.newellco.com/dana-cached/sc/JuniperSetupClient.cab
    DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://mqc.sap.newellco.com:8080/qcbin/Spider10.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
    Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
    Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: igfxcui - igfxdev.dll
    Notify: spba - c:\program files\common files\spba\homefus2.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    LSA: Authentication Packages = msv1_0 wvauth
    LSA: Notification Packages = scecli PGPpwflt
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-14 461864]
    R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2011-5-9 136824]
    R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [2011-5-9 13432]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2011-7-7 17648]
    R1 EPS;EPS;c:\windows\system32\drivers\eps.sys [2012-9-13 139504]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-10-24 89624]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-10-25 826272]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-10-25 32160]
    R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2011-1-6 378224]
    R2 DDM Usage Monitoring;DDM Usage Monitoring;c:\svctools\pkg\slm-usage\eSMARTUM.exe [2011-7-15 52224]
    R2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
    R2 LEMSS Agent;LEMSS Agent;c:\program files\lumension\lemssagent\LMAgent.exe [2012-5-1 467280]
    R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2011-5-12 324928]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2011-8-31 22816]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-5-19 120128]
    R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2011-5-10 150032]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-8-31 66880]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-14 148520]
    R2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files\sap\sapsetup\setup\updater\NwSapAutoWorkstationUpdateService.exe [2010-8-20 263536]
    R2 PGP RDD Service;PGP RDD Service;c:\program files\pgp corporation\pgp desktop\RDDService.exe [2011-5-9 166520]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-7-7 2656280]
    R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2011-7-7 43888]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-7-7 113664]
    R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2011-7-7 33832]
    R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c5132.sys [2011-7-7 174248]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-7-7 260864]
    R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-7-7 41088]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-10-14 180072]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-10-14 59288]
    R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfvst.sys [2011-7-7 60904]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    R3 Patch Agent;Patch Agent;c:\program files\lumension\patch agent\GravitixService.exe [2011-9-20 95584]
    S0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2010-6-29 218112]
    S0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2010-6-29 48140]
    S0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2010-6-29 204800]
    S0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2010-6-29 187960]
    S0 cerc6;cerc6; [x]
    S0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2010-6-29 19200]
    S0 sisraid4;sisraid4;c:\windows\system32\drivers\sisraid4.sys [2010-6-29 63872]
    S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleaserv.exe [2011-7-26 98984]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-8 250568]
    S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2011-11-4 352256]
    S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2011-11-4 33792]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys --> c:\windows\system32\drivers\e1y5132.sys [?]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-14 87808]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-13 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-09-26 00:21:54 -------- d-----w- c:\documents and settings\qu54112\application data\Malwarebytes
    2012-09-26 00:20:40 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-26 00:20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-09-13 14:35:08 109056 ----a-w- c:\windows\system32\EPUICpl.cpl
    2012-09-13 14:34:52 139504 ----a-w- c:\windows\system32\eps.sys
    2012-09-13 14:34:51 139504 ----a-w- c:\windows\system32\drivers\eps.sys
    2012-09-13 14:33:57 -------- d-----w- c:\program files\Lumension
    2012-09-13 14:33:57 -------- d-----w- c:\documents and settings\all users\application data\Lumension
    .
    ==================== Find3M ====================
    .
    2012-08-29 00:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-29 00:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-28 22:39:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-08-22 12:13:58 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-22 12:13:57 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 21:00:27.64 ===============

    .
  2. Boscoe

    Boscoe Newcomer, in training Topic Starter

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/7/2011 9:17:05 AM
    System Uptime: 9/25/2012 8:48:38 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0K0DNP
    Processor: Intel Pentium III Xeon processor | CPU 1 | 1571/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 148.108 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    ==== System Restore Points ===================
    .
    RP276: 8/23/2012 10:43:11 AM - Removed Verizon Wireless USB727 Firmware Updates.
    RP277: 8/23/2012 3:45:14 PM - System Checkpoint
    RP278: 8/24/2012 8:12:30 PM - System Checkpoint
    RP279: 8/27/2012 12:49:14 PM - System Checkpoint
    RP280: 8/28/2012 9:48:50 PM - System Checkpoint
    RP281: 8/29/2012 9:51:22 PM - System Checkpoint
    RP282: 8/30/2012 11:10:02 PM - System Checkpoint
    RP283: 9/4/2012 11:32:52 AM - Installed Java(TM) 6 Update 35
    RP284: 9/6/2012 1:56:08 PM - System Checkpoint
    RP285: 9/7/2012 9:59:52 PM - System Checkpoint
    RP286: 9/8/2012 11:38:42 PM - System Checkpoint
    RP287: 9/9/2012 11:40:41 PM - System Checkpoint
    RP288: 9/10/2012 11:44:08 PM - System Checkpoint
    RP289: 9/11/2012 11:48:06 PM - System Checkpoint
    RP290: 9/13/2012 12:47:52 AM - System Checkpoint
    RP291: 9/14/2012 6:31:11 PM - System Checkpoint
    RP292: 9/16/2012 12:06:34 AM - System Checkpoint
    RP293: 9/18/2012 1:07:35 PM - System Checkpoint
    RP294: 9/20/2012 7:24:49 PM - System Checkpoint
    RP295: 9/21/2012 7:25:58 PM - System Checkpoint
    RP296: 9/23/2012 6:54:47 AM - System Checkpoint
    RP297: 9/24/2012 4:05:19 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    ABBYY FineReader 6.0 Sprint
    AccelerometerP11
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.2.6
    Avaya one-X Communicator
    BEHRINGER USB AUDIO DRIVER
    BioAPI Framework
    BlackBerry Desktop Software 6.1
    Bonjour
    Cisco Systems VPN Client 5.0.00.0340
    Cisco WebEx Meetings
    Custom
    CyberLink PowerDVD 9.5
    CyberSafe TrustBroker Secure Client for Workstations
    Definition update for Microsoft Office 2010 (KB982726)
    Dell ControlVault Host Components Installer
    Dell Data Protection | Access
    Dell Data Protection | Access | Drivers
    Dell Data Protection | Access | Middleware
    Dell Data Protection | Access | Prerequisites
    Dell Image Preparation Tool
    Dell System Manager
    Dell Toolbar
    Dell Touchpad
    Dell V310-V510 Series
    DellAccess
    DIRECTV Player
    DW WLAN Card Utility
    ECL Viewer
    EMBASSY Security Center
    energyXT2.5
    Font - Trade Gothic 6.03-B
    FormsWizard
    Gemalto
    GRIP Desktop
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB967048-v2)
    Hotfix for Windows XP (KB969084)
    Hotfix for Windows XP (KB981793)
    Intel(R) Management Engine Components
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 35
    Juniper Networks Network Connect 7.0.0
    Juniper Networks Network Connect 7.1.0
    Juniper Networks Network Connect 7.2.0
    Juniper Networks, Inc. Setup Client
    LM Agent
    Lumension Patch Agent for Windows
    Malwarebytes Anti-Malware version 1.65.0.1400
    McAfee Agent
    McAfee AntiSpyware Enterprise Module
    McAfee SiteAdvisor Enterprise Plus
    McAfee VirusScan Enterprise
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Conferencing Add-in for Microsoft Office Outlook
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Communicator 2007 R2
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Live Meeting 2007
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Visio 2010
    Microsoft Office Visio MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft redistributable runtime DLLs VS2005 SP1(x86)
    Microsoft redistributable runtime DLLs VS2008 SP1(x86)
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 14
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visio 2010 Service Pack 1 (SP1)
    Microsoft Visio Premium 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual J# 2.0 Redistributable Package
    MM Client
    Mobile Broadband Generic Drivers
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser
    MSXML4.0 redistributable
    Musicnotes Player V1.31.6 and Viewer V1.19.0
    Musicnotes Software Suite 1.6.0
    Nero BackItUp
    Nero BackItUp and Burn
    Nero BurnRights
    Nero Express
    Nero RescueAgent
    Nikon File Uploader 2
    Nikon Message Center 2
    NRAtlanta-DDM8
    NTRU TCG Software Stack
    OGA Notifier 2.0.0048.0
    PC CCID
    PGP Desktop
    Picasa 3
    Picture Control Utility
    Preboot Manager
    Private Information Manager
    Program Files
    QuickTime
    QWS3270 PLUS 4.2
    RWD uPerform Client
    SAP Business Explorer
    SAP GUI for Windows 7.20
    SAPSetup Automatic Workstation Update Service
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio 2010 (KB2597171) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB2586448)
    Security Update for Windows Internet Explorer 7 (KB2618444)
    Security Update for Windows Internet Explorer 7 (KB2647516)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2483614)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Shutterfly Express Uploader
    Skype Click to Call
    Skype™ 5.5
    SPBA 5.9
    Trusted Drive Manager
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft Windows (KB971513)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Upek Touchchip Fingerprint Reader
    vcredist_x86
    ViewNX 2
    Wave Infrastructure Installer
    Wave Support Software Installer
    WebEx Productivity Tools
    WebFldrs XP
    Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Yahoo! Detect
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/25/2012 8:49:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a320raid aac aarich adpu160m adpu320 ahcix86 aic78u2 aic78xx atapi cercsr6 fasttx2k IntelIde megasas nvatabus nvraid PCIIde sisraid4 Symmpi vmscsi
    9/25/2012 6:26:32 PM, error: Dhcp [1002] - The IP address lease 10.2.71.108 for the Network Card with network address 00FF00DBEB88 has been denied by the DHCP server 10.200.200.201 (The DHCP Server sent a DHCPNACK message).
    9/25/2012 6:17:47 PM, error: Dhcp [1002] - The IP address lease 10.221.160.253 for the Network Card with network address C0F8DA3B22CC has been denied by the DHCP server 172.20.0.1 (The DHCP Server sent a DHCPNACK message).
    9/23/2012 8:49:40 AM, error: Dhcp [1002] - The IP address lease 10.2.71.108 for the Network Card with network address 00FF989CFB88 has been denied by the DHCP server 10.200.200.201 (The DHCP Server sent a DHCPNACK message).
    9/22/2012 11:34:27 AM, error: Dhcp [1002] - The IP address lease 10.2.71.108 for the Network Card with network address 00FF009BF388 has been denied by the DHCP server 10.200.200.201 (The DHCP Server sent a DHCPNACK message).
    9/21/2012 7:59:05 AM, error: Dhcp [1002] - The IP address lease 10.2.82.52 for the Network Card with network address 00FF009BF388 has been denied by the DHCP server 10.200.200.201 (The DHCP Server sent a DHCPNACK message).
    9/20/2012 8:19:01 AM, error: Print [22] - Failed to ugrade printer settings for printer \\EMSFPSA10001\EMPRISA10123,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpmdp112.dll error 5.
    9/20/2012 8:18:54 AM, error: Print [22] - Failed to ugrade printer settings for printer \\naseasasfps01\NASEASAPHP01,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpmdp112.dll error 5.
    9/20/2012 6:54:37 PM, error: Dhcp [1002] - The IP address lease 10.221.160.253 for the Network Card with network address C0F8DA3B22CC has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
    9/19/2012 8:11:59 AM, error: e1cexpress [24] - Intel(R) 82579LM Gigabit Network Connection PROBLEM: Unable to start the network adapter. ACTION: Install the latest driver from "http://www.intel.com/support/go/network/adapter/home.htm".
    9/19/2012 8:11:49 AM, error: NETLOGON [5719] - No Domain Controller is available for domain NRADNEWELLCO due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    9/18/2012 8:12:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vmscsi
    9/18/2012 8:12:14 AM, error: Service Control Manager [7023] - The Wtcls2k service terminated with the following error: The specified module could not be found.
    9/18/2012 8:12:14 AM, error: Service Control Manager [7009] - Timeout (300000 milliseconds) waiting for the dleaCATSCustConnectService service to connect.
    9/18/2012 8:12:14 AM, error: Service Control Manager [7000] - The dleaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
  3. Boscoe

    Boscoe Newcomer, in training Topic Starter

    I didn't indicate it previously, but the only browser I have/use is IE8.
  4. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  5. Boscoe

    Boscoe Newcomer, in training Topic Starter

    Thank you!Here are my logs:

    21:37:11.0924 7524 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    21:37:12.0440 7524 ============================================================
    21:37:12.0440 7524 Current date / time: 2012/09/25 21:37:12.0440
    21:37:12.0440 7524 SystemInfo:
    21:37:12.0440 7524
    21:37:12.0440 7524 OS Version: 5.1.2600 ServicePack: 3.0
    21:37:12.0440 7524 Product type: Workstation
    21:37:12.0440 7524 ComputerName: NC-ATL14010
    21:37:12.0440 7524 UserName: QU54112
    21:37:12.0440 7524 Windows directory: C:\WINDOWS
    21:37:12.0440 7524 System windows directory: C:\WINDOWS
    21:37:12.0440 7524 Processor architecture: Intel x86
    21:37:12.0440 7524 Number of processors: 4
    21:37:12.0440 7524 Page size: 0x1000
    21:37:12.0440 7524 Boot type: Normal boot
    21:37:12.0440 7524 ============================================================
    21:37:13.0018 7524 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    21:37:13.0018 7524 ============================================================
    21:37:13.0018 7524 \Device\Harddisk0\DR0:
    21:37:13.0018 7524 MBR partitions:
    21:37:13.0018 7524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
    21:37:13.0018 7524 ============================================================
    21:37:13.0018 7524 Initialize success
    21:37:13.0018 7524 ============================================================
    21:37:20.0390 7260 ============================================================
    21:37:20.0390 7260 Scan started
    21:37:20.0406 7260 Mode: Manual;
    21:37:20.0406 7260 ============================================================
    21:37:21.0156 7260 ================ Scan system memory ========================
    21:37:21.0171 7260 System memory - ok
    21:37:21.0171 7260 ================ Scan services =============================
    21:37:21.0171 7260 a320raid - ok
    21:37:21.0187 7260 aac - ok
    21:37:21.0187 7260 aarich - ok
    21:37:21.0187 7260 Abiosdsk - ok
    21:37:21.0187 7260 abp480n5 - ok
    21:37:21.0187 7260 Acceler - ok
    21:37:21.0203 7260 ACPI - ok
    21:37:21.0203 7260 ACPIEC - ok
    21:37:21.0218 7260 AdobeFlashPlayerUpdateSvc - ok
    21:37:21.0218 7260 adpu160m - ok
    21:37:21.0218 7260 adpu320 - ok
    21:37:21.0218 7260 aec - ok
    21:37:21.0218 7260 AESTAud - ok
    21:37:21.0234 7260 AFD - ok
    21:37:21.0250 7260 Aha154x - ok
    21:37:21.0281 7260 ahcix86 - ok
    21:37:21.0296 7260 aic78u2 - ok
    21:37:21.0296 7260 aic78xx - ok
    21:37:21.0312 7260 Alerter - ok
    21:37:21.0312 7260 ALG - ok
    21:37:21.0312 7260 AliIde - ok
    21:37:21.0328 7260 amsint - ok
    21:37:21.0328 7260 ApfiltrService - ok
    21:37:21.0328 7260 Apple Mobile Device - ok
    21:37:21.0343 7260 AppMgmt - ok
    21:37:21.0343 7260 asc - ok
    21:37:21.0359 7260 asc3350p - ok
    21:37:21.0359 7260 asc3550 - ok
    21:37:21.0359 7260 aspnet_state - ok
    21:37:21.0374 7260 AsyncMac - ok
    21:37:21.0390 7260 atapi - ok
    21:37:21.0390 7260 Atdisk - ok
    21:37:21.0468 7260 Atmarpc - ok
    21:37:21.0484 7260 AudioSrv - ok
    21:37:21.0515 7260 audstub - ok
    21:37:21.0531 7260 BCM43XX - ok
    21:37:21.0531 7260 BCMWLNPF - ok
    21:37:21.0562 7260 Beep - ok
    21:37:21.0562 7260 BEHRINGER_2902 - ok
    21:37:21.0624 7260 BITS - ok
    21:37:21.0624 7260 Bonjour Service - ok
    21:37:21.0640 7260 Browser - ok
    21:37:21.0640 7260 BUSB_AUDIO_WDM - ok
    21:37:21.0640 7260 cbidf2k - ok
    21:37:21.0656 7260 CCDECODE - ok
    21:37:21.0656 7260 cd20xrnt - ok
    21:37:21.0656 7260 Cdaudio - ok
    21:37:21.0656 7260 Cdfs - ok
    21:37:21.0656 7260 Cdrom - ok
    21:37:21.0671 7260 cerc6 - ok
    21:37:21.0687 7260 cercsr6 - ok
    21:37:21.0687 7260 Changer - ok
    21:37:21.0687 7260 cisvc - ok
    21:37:21.0687 7260 ClipSrv - ok
    21:37:21.0687 7260 clr_optimization_v2.0.50727_32 - ok
    21:37:21.0703 7260 clr_optimization_v4.0.30319_32 - ok
    21:37:21.0703 7260 CmBatt - ok
    21:37:21.0703 7260 CmdIde - ok
    21:37:21.0718 7260 Compbatt - ok
    21:37:21.0718 7260 COMSysApp - ok
    21:37:21.0718 7260 Cpqarray - ok
    21:37:21.0718 7260 Credential Vault Host Control Service - ok
    21:37:21.0734 7260 Credential Vault Host Storage - ok
    21:37:21.0734 7260 CryptSvc - ok
    21:37:21.0734 7260 CVirtA - ok
    21:37:21.0749 7260 CVPND - ok
    21:37:21.0749 7260 CVPNDRVA - ok
    21:37:21.0749 7260 cvusbdrv - ok
    21:37:21.0749 7260 dac2w2k - ok
    21:37:21.0765 7260 dac960nt - ok
    21:37:21.0765 7260 DcomLaunch - ok
    21:37:21.0765 7260 dcpsysmgrsvc - ok
    21:37:21.0765 7260 DDM Usage Monitoring - ok
    21:37:21.0796 7260 Dhcp - ok
    21:37:21.0796 7260 Disk - ok
    21:37:21.0812 7260 dleaCATSCustConnectService - ok
    21:37:21.0812 7260 dlea_device - ok
    21:37:21.0827 7260 dmadmin - ok
    21:37:21.0827 7260 dmboot - ok
    21:37:21.0843 7260 dmio - ok
    21:37:21.0843 7260 dmload - ok
    21:37:21.0843 7260 dmserver - ok
    21:37:21.0843 7260 DMusic - ok
    21:37:21.0843 7260 DNE - ok
    21:37:21.0859 7260 Dnscache - ok
    21:37:21.0859 7260 DNTUS26 - ok
    21:37:21.0859 7260 Dot3svc - ok
    21:37:21.0859 7260 dpti2o - ok
    21:37:21.0874 7260 drmkaud - ok
    21:37:21.0874 7260 dsNcAdpt - ok
    21:37:21.0874 7260 dsNcService - ok
    21:37:21.0874 7260 e1cexpress - ok
    21:37:21.0890 7260 e1yexpress - ok
    21:37:21.0890 7260 EapHost - ok
    21:37:21.0890 7260 EPS - ok
    21:37:21.0890 7260 ERSvc - ok
    21:37:21.0890 7260 Eventlog - ok
    21:37:21.0906 7260 EventSystem - ok
    21:37:21.0921 7260 Fastfat - ok
    21:37:21.0937 7260 fasttx2k - ok
    21:37:21.0952 7260 FastUserSwitchingCompatibility - ok
    21:37:21.0968 7260 Fdc - ok
    21:37:21.0968 7260 Fips - ok
    21:37:21.0968 7260 Flpydisk - ok
    21:37:21.0968 7260 FltMgr - ok
    21:37:21.0968 7260 FontCache3.0.0.0 - ok
    21:37:21.0968 7260 Fs_Rec - ok
    21:37:21.0984 7260 Ftdisk - ok
    21:37:21.0984 7260 GEARAspiWDM - ok
    21:37:21.0984 7260 Gpc - ok
    21:37:21.0984 7260 gusvc - ok
    21:37:21.0984 7260 HDAudBus - ok
    21:37:21.0999 7260 helpsvc - ok
    21:37:21.0999 7260 HidServ - ok
    21:37:21.0999 7260 HidUsb - ok
    21:37:21.0999 7260 hkmsvc - ok
    21:37:22.0015 7260 hpn - ok
    21:37:22.0015 7260 HTTP - ok
    21:37:22.0015 7260 HTTPFilter - ok
    21:37:22.0015 7260 i2omgmt - ok
    21:37:22.0015 7260 i2omp - ok
    21:37:22.0062 7260 i8042prt - ok
    21:37:22.0062 7260 ialm - ok
    21:37:22.0062 7260 iastor - ok
    21:37:22.0093 7260 iClarityQoSService - ok
    21:37:22.0093 7260 IDriverT - ok
    21:37:22.0093 7260 idsvc - ok
    21:37:22.0093 7260 Imapi - ok
    21:37:22.0093 7260 ImapiService - ok
    21:37:22.0109 7260 ini910u - ok
    21:37:22.0109 7260 IntcDAud - ok
    21:37:22.0124 7260 IntelIde - ok
    21:37:22.0124 7260 intelppm - ok
    21:37:22.0124 7260 Ip6Fw - ok
    21:37:22.0124 7260 IpFilterDriver - ok
    21:37:22.0140 7260 IpInIp - ok
    21:37:22.0140 7260 IpNat - ok
    21:37:22.0140 7260 iPod Service - ok
    21:37:22.0140 7260 IPSec - ok
    21:37:22.0156 7260 IRENUM - ok
    21:37:22.0156 7260 isapnp - ok
    21:37:22.0156 7260 JavaQuickStarterService - ok
    21:37:22.0171 7260 Kbdclass - ok
    21:37:22.0171 7260 kbdhid - ok
    21:37:22.0187 7260 kmixer - ok
    21:37:22.0187 7260 KSecDD - ok
    21:37:22.0218 7260 LanmanServer - ok
    21:37:22.0218 7260 lanmanworkstation - ok
    21:37:22.0218 7260 lbrtfdc - ok
    21:37:22.0218 7260 LEMSS Agent - ok
    21:37:22.0234 7260 LmHosts - ok
    21:37:22.0234 7260 LMS - ok
    21:37:22.0234 7260 McAfee SiteAdvisor Enterprise Service - ok
    21:37:22.0249 7260 McAfeeEngineService - ok
    21:37:22.0249 7260 McAfeeFramework - ok
    21:37:22.0249 7260 McShield - ok
    21:37:22.0249 7260 McTaskManager - ok
    21:37:22.0249 7260 MDM - ok
    21:37:22.0249 7260 megasas - ok
    21:37:22.0265 7260 MEI - ok
    21:37:22.0265 7260 Messenger - ok
    21:37:22.0265 7260 mfeapfk - ok
    21:37:22.0265 7260 mfeavfk - ok
    21:37:22.0265 7260 mfebopk - ok
    21:37:22.0280 7260 mfehidk - ok
    21:37:22.0280 7260 mferkdet - ok
    21:37:22.0280 7260 mfetdi2k - ok
    21:37:22.0280 7260 mfetdik - ok
    21:37:22.0280 7260 mfevtp - ok
    21:37:22.0343 7260 mnmdd - ok
    21:37:22.0359 7260 mnmsrvc - ok
    21:37:22.0359 7260 Modem - ok
    21:37:22.0359 7260 Mouclass - ok
    21:37:22.0359 7260 mouhid - ok
    21:37:22.0374 7260 MountMgr - ok
    21:37:22.0374 7260 mraid35x - ok
    21:37:22.0374 7260 MRxDAV - ok
    21:37:22.0374 7260 MRxSmb - ok
    21:37:22.0390 7260 MSDTC - ok
    21:37:22.0390 7260 Msfs - ok
    21:37:22.0390 7260 MSIServer - ok
    21:37:22.0390 7260 MSKSSRV - ok
    21:37:22.0390 7260 MSPCLOCK - ok
    21:37:22.0405 7260 MSPQM - ok
    21:37:22.0405 7260 mssmbios - ok
    21:37:22.0405 7260 MSTAPE - ok
    21:37:22.0405 7260 MSTEE - ok
    21:37:22.0405 7260 Mup - ok
    21:37:22.0421 7260 NABTSFEC - ok
    21:37:22.0421 7260 napagent - ok
    21:37:22.0421 7260 NDIS - ok
    21:37:22.0421 7260 NdisIP - ok
    21:37:22.0421 7260 NdisTapi - ok
    21:37:22.0421 7260 Ndisuio - ok
    21:37:22.0437 7260 NdisWan - ok
    21:37:22.0437 7260 NDProxy - ok
    21:37:22.0437 7260 NetBIOS - ok
    21:37:22.0437 7260 NetBT - ok
    21:37:22.0437 7260 NetDDE - ok
    21:37:22.0437 7260 NetDDEdsdm - ok
    21:37:22.0452 7260 Netlogon - ok
    21:37:22.0452 7260 Netman - ok
    21:37:22.0452 7260 NetTcpPortSharing - ok
    21:37:22.0452 7260 Nla - ok
    21:37:22.0452 7260 Npfs - ok
    21:37:22.0468 7260 Ntfs - ok
    21:37:22.0468 7260 NtLmSsp - ok
    21:37:22.0468 7260 NtmsSvc - ok
    21:37:22.0468 7260 Null - ok
    21:37:22.0468 7260 nvatabus - ok
    21:37:22.0484 7260 nvraid - ok
    21:37:22.0484 7260 NWADI - ok
    21:37:22.0484 7260 NwlnkFlt - ok
    21:37:22.0484 7260 NwlnkFwd - ok
    21:37:22.0484 7260 NWSAPAutoWorkstationUpdateSvc - ok
    21:37:22.0499 7260 NWUSBModem - ok
    21:37:22.0499 7260 NWUSBPort - ok
    21:37:22.0499 7260 O2FLASH - ok
    21:37:22.0499 7260 O2MDFRDR - ok
    21:37:22.0499 7260 ohci1394 - ok
    21:37:22.0499 7260 ose - ok
    21:37:22.0515 7260 osppsvc - ok
    21:37:22.0515 7260 Parport - ok
    21:37:22.0515 7260 PartMgr - ok
    21:37:22.0515 7260 ParVdm - ok
    21:37:22.0515 7260 Patch Agent - ok
    21:37:22.0530 7260 PBADRV - ok
    21:37:22.0530 7260 PCI - ok
    21:37:22.0530 7260 PCIDump - ok
    21:37:22.0530 7260 PCIIde - ok
    21:37:22.0530 7260 Pcmcia - ok
    21:37:22.0530 7260 PDCOMP - ok
    21:37:22.0546 7260 PDFRAME - ok
    21:37:22.0546 7260 PDRELI - ok
    21:37:22.0546 7260 PDRFRAME - ok
    21:37:22.0546 7260 perc2 - ok
    21:37:22.0546 7260 perc2hib - ok
    21:37:22.0562 7260 PGP RDD Service - ok
    21:37:22.0562 7260 PGPdisk - ok
    21:37:22.0562 7260 pgpfs - ok
    21:37:22.0562 7260 PGPsdkDriver - ok
    21:37:22.0562 7260 PGPserv - ok
    21:37:22.0577 7260 PGPwded - ok
    21:37:22.0577 7260 Pgpwdefs - ok
    21:37:22.0577 7260 PLFlash DeviceIoControl Service - ok
    21:37:22.0577 7260 PlugPlay - ok
    21:37:22.0577 7260 Pml Driver HPZ12 - ok
    21:37:22.0577 7260 PolicyAgent - ok
    21:37:22.0577 7260 PptpMiniport - ok
    21:37:22.0593 7260 ProcObsrv - ok
    21:37:22.0593 7260 ProtectedStorage - ok
    21:37:22.0593 7260 PSched - ok
    21:37:22.0593 7260 Ptilink - ok
    21:37:22.0593 7260 ql1080 - ok
    21:37:22.0593 7260 Ql10wnt - ok
    21:37:22.0593 7260 ql12160 - ok
    21:37:22.0609 7260 ql1240 - ok
    21:37:22.0609 7260 ql1280 - ok
    21:37:22.0609 7260 RasAcd - ok
    21:37:22.0609 7260 RasAuto - ok
    21:37:22.0609 7260 Rasl2tp - ok
    21:37:22.0609 7260 RasMan - ok
    21:37:22.0609 7260 RasPppoe - ok
    21:37:22.0624 7260 Raspti - ok
    21:37:22.0624 7260 Rdbss - ok
    21:37:22.0624 7260 RDPCDD - ok
    21:37:22.0624 7260 rdpdr - ok
    21:37:22.0624 7260 RDPWD - ok
    21:37:22.0624 7260 RDSessMgr - ok
    21:37:22.0640 7260 redbook - ok
    21:37:22.0640 7260 RemoteAccess - ok
    21:37:22.0640 7260 RemoteRegistry - ok
    21:37:22.0640 7260 RimUsb - ok
    21:37:22.0640 7260 RimVSerPort - ok
    21:37:22.0640 7260 ROOTMODEM - ok
    21:37:22.0640 7260 RpcLocator - ok
    21:37:22.0655 7260 RpcSs - ok
    21:37:22.0655 7260 RSVP - ok
    21:37:22.0655 7260 SamSs - ok
    21:37:22.0655 7260 SCardSvr - ok
    21:37:22.0655 7260 Schedule - ok
    21:37:22.0655 7260 sdbus - ok
    21:37:22.0671 7260 Secdrv - ok
    21:37:22.0671 7260 seclogon - ok
    21:37:22.0671 7260 SecureStorageService - ok
    21:37:22.0671 7260 SENS - ok
    21:37:22.0671 7260 Serenum - ok
    21:37:22.0671 7260 Serial - ok
    21:37:22.0687 7260 sffdisk - ok
    21:37:22.0687 7260 sffp_sd - ok
    21:37:22.0687 7260 Sfloppy - ok
    21:37:22.0687 7260 SharedAccess - ok
    21:37:22.0702 7260 ShellHWDetection - ok
    21:37:22.0702 7260 Simbad - ok
    21:37:22.0702 7260 sisraid4 - ok
    21:37:22.0702 7260 SLIP - ok
    21:37:22.0702 7260 Sparrow - ok
    21:37:22.0702 7260 splitter - ok
    21:37:22.0718 7260 Spooler - ok
    21:37:22.0718 7260 sr - ok
    21:37:22.0718 7260 srservice - ok
    21:37:22.0718 7260 Srv - ok
    21:37:22.0718 7260 SSDPSRV - ok
    21:37:22.0718 7260 STacSV - ok
    21:37:22.0733 7260 stdcfltn - ok
    21:37:22.0733 7260 STHDA - ok
    21:37:22.0733 7260 stisvc - ok
    21:37:22.0733 7260 streamip - ok
    21:37:22.0733 7260 swenum - ok
    21:37:22.0733 7260 swmidi - ok
    21:37:22.0749 7260 SwPrv - ok
    21:37:22.0749 7260 symc810 - ok
    21:37:22.0749 7260 symc8xx - ok
    21:37:22.0749 7260 Symmpi - ok
    21:37:22.0749 7260 sym_hi - ok
    21:37:22.0749 7260 sym_u3 - ok
    21:37:22.0765 7260 sysaudio - ok
    21:37:22.0765 7260 SysmonLog - ok
    21:37:22.0765 7260 TapiSrv - ok
    21:37:22.0765 7260 Tcpip - ok
    21:37:22.0765 7260 tcsd_win32.exe - ok
    21:37:22.0765 7260 TdmService - ok
    21:37:22.0780 7260 TDPIPE - ok
    21:37:22.0780 7260 TDTCP - ok
    21:37:22.0780 7260 TermDD - ok
    21:37:22.0780 7260 TermService - ok
    21:37:22.0780 7260 Themes - ok
    21:37:22.0780 7260 TlntSvr - ok
    21:37:22.0796 7260 TosIde - ok
    21:37:22.0796 7260 TrkWks - ok
    21:37:22.0796 7260 Udfs - ok
    21:37:22.0796 7260 ultra - ok
    21:37:22.0796 7260 UNS - ok
    21:37:22.0796 7260 Update - ok
    21:37:22.0812 7260 upnphost - ok
    21:37:22.0812 7260 UPS - ok
    21:37:22.0812 7260 USBAAPL - ok
    21:37:22.0812 7260 usbaudio - ok
    21:37:22.0827 7260 usbccgp - ok
    21:37:22.0827 7260 USBCCID - ok
    21:37:22.0827 7260 usbehci - ok
    21:37:22.0827 7260 usbhub - ok
    21:37:22.0827 7260 usbprint - ok
    21:37:22.0827 7260 usbscan - ok
    21:37:22.0843 7260 USBSTOR - ok
    21:37:22.0843 7260 usbuhci - ok
    21:37:22.0843 7260 usbvideo - ok
    21:37:22.0843 7260 VgaSave - ok
    21:37:22.0843 7260 ViaIde - ok
    21:37:22.0843 7260 vmscsi - ok
    21:37:22.0843 7260 VolSnap - ok
    21:37:22.0858 7260 vsdatant - ok
    21:37:22.0858 7260 VSS - ok
    21:37:22.0858 7260 W32Time - ok
    21:37:22.0858 7260 Wanarp - ok
    21:37:22.0858 7260 Wdf01000 - ok
    21:37:22.0874 7260 WDICA - ok
    21:37:22.0874 7260 wdmaud - ok
    21:37:22.0874 7260 WebClient - ok
    21:37:22.0874 7260 winmgmt - ok
    21:37:22.0890 7260 WinRM - ok
    21:37:22.0890 7260 wltrysvc - ok
    21:37:22.0890 7260 WmdmPmSN - ok
    21:37:22.0890 7260 Wmi - ok
    21:37:22.0905 7260 WmiAcpi - ok
    21:37:22.0905 7260 WmiApSrv - ok
    21:37:22.0905 7260 WMPNetworkSvc - ok
    21:37:22.0905 7260 WPFFontCache_v0400 - ok
    21:37:22.0921 7260 WSearch - ok
    21:37:22.0921 7260 WSTCODEC - ok
    21:37:22.0921 7260 wuauserv - ok
    21:37:22.0921 7260 WudfPf - ok
    21:37:22.0921 7260 WudfRd - ok
    21:37:22.0921 7260 WudfSvc - ok
    21:37:22.0937 7260 WZCSVC - ok
    21:37:22.0937 7260 xmlprov - ok
    21:37:22.0937 7260 ================ Scan global ===============================
    21:37:22.0937 7260 [Global] - ok
    21:37:22.0952 7260 ================ Scan MBR ==================================
    21:37:22.0968 7260 [ E9E14E3F65458533C0B413CBE07BE4E4 ] \Device\Harddisk0\DR0
    21:37:23.0046 7260 \Device\Harddisk0\DR0 - ok
    21:37:23.0046 7260 ================ Scan VBR ==================================
    21:37:23.0046 7260 [ ADA95700CA9272AFFB1DD29EF933E316 ] \Device\Harddisk0\DR0\Partition1
    21:37:23.0046 7260 \Device\Harddisk0\DR0\Partition1 - ok
    21:37:23.0046 7260 ============================================================
    21:37:23.0046 7260 Scan finished
    21:37:23.0046 7260 ============================================================
    21:37:23.0046 4124 Detected object count: 0
    21:37:23.0046 4124 Actual detected object count: 0

    RogueKiller V8.0.5 [09/23/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : QU54112 [Admin rights]
    Mode : Remove -- Date : 09/25/2012 21:40:21

    ¤¤¤ Bad processes : 4 ¤¤¤
    [SUSP PATH][DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\qu54112\Local Settings\Application Data\SubSystems\jnvfxtgq.dll -> UNLOADED
    [SUSP PATH] PCShowServerPMWrapper.exe -- C:\Documents and Settings\qu54112\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe -> KILLED [TermProc]
    [SUSP PATH][DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : -> KILLED [TermProc]
    [SUSP PATH] NDSPCShowServer.exe -- C:\Documents and Settings\qu54112\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : PCShowServer ("C:\Documents and Settings\qu54112\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe") -> DELETED
    [RUN][BLACKLIST DLL] HKCU\[...]\Run : SubSystems (rundll32.exe "C:\Documents and Settings\qu54112\Local Settings\Application Data\SubSystems\jnvfxtgq.dll",DllGetClassObject) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS723225A7A364 +++++
    --- User ---
    [MBR] 8c2a039f5162017e42a6c9156e4d04c9
    [BSP] 7f6a04fa76454dbdd855d1f97d3b12da : MBR Code unknown
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-25 21:42:54
    -----------------------------
    21:42:54.768 OS Version: Windows 5.1.2600 Service Pack 3
    21:42:54.768 Number of processors: 4 586 0x2A07
    21:42:54.768 ComputerName: NC-ATL14010 UserName: QU54112
    21:42:55.893 Initialize success
    21:55:40.814 AVAST engine defs: 12092501
    21:55:45.439 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:55:45.439 Disk 0 Vendor: Hitachi_ ECBO Size: 238475MB BusType: 3
    21:55:45.439 Disk 0 MBR read successfully
    21:55:45.439 Disk 0 MBR scan
    21:55:45.501 Disk 0 unknown MBR code
    21:55:45.501 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS 238472 MB offset 63
    21:55:45.532 Disk 0 scanning sectors +488392065
    21:55:45.642 Disk 0 scanning C:\WINDOWS\system32\drivers
    21:55:45.657 Service scanning
    21:56:28.354 Modules scanning
    21:56:28.557 Disk 0 trace - called modules:
    21:56:28.573 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStor.sys hal.dll
    21:56:28.573 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8adfbab8]
    21:56:28.573 3 CLASSPNP.SYS[b98f8fd7] -> nt!IofCallDriver -> [0x8ad32bf8]
    21:56:28.573 5 stdcfltn.sys[b9cc9896] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8adec028]
    21:56:29.635 AVAST engine scan C:\WINDOWS
    21:56:29.698 AVAST engine scan C:\WINDOWS\system32
    21:56:29.807 AVAST engine scan C:\WINDOWS\system32\drivers
    21:56:29.885 AVAST engine scan C:\Documents and Settings\qu54112
    21:56:29.948 AVAST engine scan C:\Documents and Settings\All Users
    21:56:29.948 Scan finished successfully
    21:56:57.069 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\qu54112\Desktop\MBR.dat"
    21:56:57.069 The log file has been saved successfully to "C:\Documents and Settings\qu54112\Desktop\aswMBR.txt"

  6. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Please do NOT change font in your replies.

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  7. Boscoe

    Boscoe Newcomer, in training Topic Starter

    ComboFix 12-09-26.02 - QU54112 09/26/2012 14:37:25.1.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3241.2606 [GMT -4:00]
    Running from: c:\documents and settings\qu54112\Desktop\ComboFix.exe
    * Created a new restore point
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
    c:\documents and settings\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk
    C:\Install.exe
    c:\windows\$NtUninstallKB31108$
    c:\windows\$NtUninstallKB31108$\1887111679\@
    c:\windows\$NtUninstallKB31108$\1887111679\cfg.ini
    c:\windows\$NtUninstallKB31108$\1887111679\Desktop.ini
    c:\windows\$NtUninstallKB31108$\1887111679\L\diweszan
    c:\windows\$NtUninstallKB31108$\1887111679\U\00000001.@
    c:\windows\$NtUninstallKB31108$\1887111679\U\00000002.@
    c:\windows\$NtUninstallKB31108$\1887111679\U\00000004.@
    c:\windows\$NtUninstallKB31108$\1887111679\U\80000000.@
    c:\windows\$NtUninstallKB31108$\1887111679\U\80000004.@
    c:\windows\$NtUninstallKB31108$\1887111679\U\80000032.@
    c:\windows\$NtUninstallKB31108$\1887111679\version
    c:\windows\$NtUninstallKB31108$\3413047790
    c:\windows\EventSystem.log
    c:\windows\system32\dds_trash_log.cmd
    c:\windows\system32\SET354.tmp
    c:\windows\system32\SET355.tmp
    c:\windows\system32\SET35F.tmp
    c:\windows\system32\SET363.tmp
    c:\windows\system32\SET364.tmp
    c:\windows\system32\SET365.tmp
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_npf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-26 to 2012-09-26 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-26 00:21 . 2012-09-26 00:21 -------- d-----w- c:\documents and settings\qu54112\Application Data\Malwarebytes
    2012-09-26 00:20 . 2012-09-26 00:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-09-26 00:20 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-13 14:35 . 2012-05-01 12:48 109056 ----a-w- c:\windows\system32\EPUICpl.cpl
    2012-09-13 14:34 . 2012-05-01 13:30 139504 ----a-w- c:\windows\system32\eps.sys
    2012-09-13 14:34 . 2012-05-01 13:30 139504 ----a-w- c:\windows\system32\drivers\eps.sys
    2012-09-13 14:33 . 2012-09-13 14:42 -------- d-----w- c:\program files\Lumension
    2012-09-13 14:33 . 2012-09-13 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Lumension
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-29 00:24 . 2012-05-16 13:18 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-29 00:24 . 2010-08-19 19:45 473072 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-28 22:39 . 2012-05-16 13:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-08-22 12:13 . 2012-05-08 10:16 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-22 12:13 . 2011-10-04 21:42 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-06 13:58 . 2008-04-13 23:00 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05 . 2010-08-19 17:53 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 13:40 . 2008-04-13 23:00 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:49 . 2008-04-13 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:49 . 2008-04-13 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-07-02 17:49 . 2008-04-13 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05 . 2008-04-13 23:00 385024 ----a-w- c:\windows\system32\html.iec
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2010-10-16 20:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
    @="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
    [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
    2011-05-09 19:04 1056888 ----a-w- c:\windows\system32\PGPfsshl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2010-10-16 20:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
    "PTIM.exe"="c:\program files\WebEx\Productivity Tools\PTIM.exe" [2012-08-16 407632]
    "PTOneClick"="c:\program files\WebEx\Productivity Tools\ptoneclk.exe" [2012-08-16 368720]
    "Akamai NetSession Interface"="c:\documents and settings\qu54112\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-08-10 4440896]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntellisyncLotus"="/J" [X]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-07 536668]
    "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-04 142360]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-04 176152]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-04 145944]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 488816]
    "FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-15 686704]
    "IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-12-03 112152]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-12-27 2879488]
    "Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2012-05-15 5164120]
    "NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2009-10-07 1086760]
    "SAP_WUS_UNT"="c:\program files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe" [2010-02-25 226672]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
    "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
    "dleamon.exe"="c:\program files\Dell V310-V510 Series\dleamon.exe" [2009-07-10 766632]
    "EzPrint"="c:\program files\Dell V310-V510 Series\ezprint.exe" [2009-07-10 139944]
    "Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-05-19 161088]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-01 124224]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    .
    c:\documents and settings\qu54112\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-6 1469296]
    GRIP Desktop.lnk - c:\windows\Installer\{58D3349D-849E-4215-870E-66349CEC47F9}\_188652DA885AB9DE3230E7.exe [2011-12-6 3638]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoStartMenuEjectPC"= 1 (0x1)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "MemCheckBoxInRunDlg"= 1 (0x1)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
    "1"= 386.exe
    "2"= chrome.exe
    "3"= ChromeSetup.exe
    "4"= Elite.exe
    "5"= Explorer32.exe
    "6"= googledesktop.exe
    "7"= usb.exe
    "8"= usb32.exe
    "9"= windrvl32.exe
    "10"= winshost.exe
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
    2010-09-15 15:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth
    Notification Packages REG_MULTI_SZ scecli PGPpwflt
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-113007714-1801674531-102151\Scripts\Logon\0\0]
    "Script"=\\naatlncscelfs1\Shared\Corporate\Software\PGP\PGPDesktop.vbs
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eps.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Avaya\\Avaya one-X Communicator\\SparkEmulator.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    "1399:TCP"= 1399:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [6/29/2010 2:56 PM 218112]
    R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [6/29/2010 2:56 PM 48140]
    R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [6/29/2010 2:56 PM 204800]
    R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [6/29/2010 2:56 PM 187960]
    R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [6/29/2010 2:56 PM 19200]
    R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [5/9/2011 3:04 PM 136824]
    R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [5/9/2011 3:04 PM 13432]
    R0 sisraid4;sisraid4;c:\windows\system32\drivers\sisraid4.sys [6/29/2010 2:56 PM 63872]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [7/7/2011 7:06 AM 17648]
    R1 EPS;EPS;c:\windows\system32\drivers\eps.sys [9/13/2012 10:34 AM 139504]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/24/2011 5:30 PM 89624]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [10/25/2010 8:33 AM 826272]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [10/25/2010 8:33 AM 32160]
    R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [1/6/2011 11:56 AM 378224]
    R2 DDM Usage Monitoring;DDM Usage Monitoring;c:\svctools\pkg\SLM-Usage\eSMARTUM.exe [7/15/2011 1:14 PM 52224]
    R2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
    R2 LEMSS Agent;LEMSS Agent;c:\program files\Lumension\LEMSSAgent\LMAgent.exe [5/1/2012 9:29 AM 467280]
    R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [5/12/2011 12:48 PM 324928]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [8/31/2011 8:07 PM 22816]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/14/2011 5:34 PM 148520]
    R2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [8/20/2010 2:55 PM 263536]
    R2 PGP RDD Service;PGP RDD Service;c:\program files\PGP Corporation\PGP Desktop\RDDService.exe [5/9/2011 3:04 PM 166520]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [7/7/2011 9:00 AM 2656280]
    R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [7/7/2011 8:34 AM 43888]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/7/2011 7:04 AM 113664]
    R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [7/7/2011 8:23 AM 33832]
    R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c5132.sys [7/7/2011 7:04 AM 174248]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [7/7/2011 7:04 AM 260864]
    R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [7/7/2011 7:04 AM 41088]
    R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfvst.sys [7/7/2011 7:04 AM 60904]
    R3 Patch Agent;Patch Agent;c:\program files\Lumension\Patch Agent\GravitixService.exe [9/20/2011 5:23 PM 95584]
    S0 cerc6;cerc6; [x]
    S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?]
    S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleaserv.exe [7/26/2011 1:25 PM 98984]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/8/2012 6:16 AM 250568]
    S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [11/4/2011 1:18 PM 352256]
    S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [11/4/2011 1:18 PM 33792]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y5132.sys --> c:\windows\system32\DRIVERS\e1y5132.sys [?]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/14/2011 5:34 PM 87808]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    MSTAPE
    snapman380
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 12:14]
    .
    .
    ------- Supplementary Scan -------
    .
    uWindow Title = Microsoft Internet Explorer provided by Newell-Rubbermaid
    uStart Page = hxxp://www-I.nwlconnect.com/
    uDefault_Page_URL = hxxp://www-I.nwlconnect.com/
    uInternet Settings,ProxyOverride = *.local;<local>
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    LSP: c:\windows\system32\PGPlsp.dll
    Trusted Zone: appreciatehub.com
    Trusted Zone: btslearning.com\www
    Trusted Zone: Contentserver.elementh.com
    Trusted Zone: Dell.com
    Trusted Zone: my-totalrewards.com
    Trusted Zone: newellco.com
    Trusted Zone: newellcotraining.com
    Trusted Zone: octanner.com\*.recognition
    Trusted Zone: outlook.com
    Trusted Zone: retireonline.com\www
    Trusted Zone: scorm.com
    Trusted Zone: Staples.com
    Trusted Zone: staplesadvantage.com
    Trusted Zone: taleo.net
    Trusted Zone: unisourcelink.com
    Trusted Zone: workforcehosting.com
    TCP: DhcpNameServer = 10.5.153.22 10.5.153.23
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
    DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://virtualkitchenshowroom.homedepot.com/VS/Core/Player/2020PlayerAX_WEB_Win32.cab
    DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://qc.newellco.com:8080/qcbin/ALM-Platform-Loader.11.cab
    DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://mqc.sap.newellco.com:8080/qcbin/Spider10.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-msbui - (no file)
    HKLM-Run-wpcof - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-09-26 14:51
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1656)
    c:\program files\Common Files\SPBA\homefus2.dll
    c:\program files\Common Files\SPBA\infql2.dll
    c:\program files\Common Files\SPBA\homepass.dll
    c:\program files\Common Files\SPBA\bio.dll
    c:\program files\Common Files\SPBA\qlbase.dll
    c:\program files\Common Files\SPBA\vtapipql.dll
    .
    - - - - - - - > 'lsass.exe'(1712)
    c:\windows\system32\wvauth.dll
    c:\windows\system32\WININET.dll
    c:\windows\system32\PGPlsp.dll
    .
    - - - - - - - > 'explorer.exe'(5200)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    c:\windows\System32\PGPfsshl.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\windows\system32\ieframe.dll
    c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
    c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
    c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\program files\IDT\WDM\stacsv.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Cisco Systems\VPN Client\cvpnd.exe
    c:\windows\system32\dleacoms.exe
    c:\windows\SYSTEM32\DNTUS26.EXE
    c:\program files\Juniper Networks\Common Files\dsNcService.exe
    c:\program files\Avaya\Avaya one-X Communicator\QosServM.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files\McAfee\Common Framework\FrameworkService.exe
    c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\DRIVERS\o2flash.exe
    c:\windows\system32\PGPserv.exe
    c:\program files\McAfee\Common Framework\naPrdMgr.exe
    c:\windows\system32\IoctlSvc.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
    c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Lumension\LEMSSAgent\epui\epui.exe
    c:\program files\Lumension\Patch Agent\pddm.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\program files\DellTPad\Apntex.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\McAfee\Common Framework\McTray.exe
    c:\program files\WebEx\Productivity Tools\ptSrv.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Jordan Lawrence\GRIP Desktop\GRIP Desktop.exe
    c:\windows\system32\igfxext.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Lumension\Patch Agent\DAGENT.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-09-26 14:58:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-26 18:57
    .
    Pre-Run: 158,742,073,344 bytes free
    Post-Run: 159,599,824,896 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - A3AF2988627D85C577FB04D8FCD8CC3D
  8. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Looks good :)

    Any current issues?

    =======================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  9. Boscoe

    Boscoe Newcomer, in training Topic Starter

    Things seem to be working
    OTL logfile created on: 9/26/2012 3:08:08 PM - Run 1
    OTL by OldTimer - Version 3.2.68.0 Folder = C:\Documents and Settings\qu54112\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.16 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 74.30% Memory free
    5.00 Gb Paging File | 4.31 Gb Available in Paging File | 86.12% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 148.67 Gb Free Space | 63.84% Space Free | Partition Type: NTFS
    Drive H: | 132874.10 Gb Total Space | 41830.93 Gb Free Space | 31.48% Space Free | Partition Type: NTFS
    Drive S: | 132874.10 Gb Total Space | 41830.93 Gb Free Space | 31.48% Space Free | Partition Type: NTFS

    Computer Name: NC-ATL14010 | User Name: QU54112 | NOT logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/26 15:06:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\qu54112\Desktop\OTL.exe
    PRC - [2012/08/16 13:08:40 | 000,097,360 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptsrv.exe
    PRC - [2012/08/16 13:08:38 | 000,368,720 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
    PRC - [2012/08/16 13:08:37 | 000,407,632 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptim.exe
    PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\qu54112\Local Settings\Application Data\Akamai\netsession_win.exe
    PRC - [2012/05/01 09:29:46 | 000,191,304 | ---- | M] (Lumension Security, Inc.) -- C:\Program Files\Lumension\LEMSSAgent\EPUI\EPUI.exe
    PRC - [2012/05/01 09:29:28 | 000,467,280 | ---- | M] (Lumension Security, Inc.) -- C:\Program Files\Lumension\LEMSSAgent\LMAgent.exe
    PRC - [2012/04/12 18:51:46 | 000,683,080 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    PRC - [2012/01/20 21:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    PRC - [2011/11/17 18:03:00 | 000,052,224 | ---- | M] () -- c:\SvcTools\pkg\SLM-Usage\eSMARTUM.exe
    PRC - [2011/09/20 17:23:46 | 000,439,648 | ---- | M] (Lumension Security, Inc.) -- C:\Program Files\Lumension\Patch Agent\pddm.exe
    PRC - [2011/09/20 17:23:42 | 000,095,584 | ---- | M] (Lumension Security, Inc.) -- C:\Program Files\Lumension\Patch Agent\GravitixService.exe
    PRC - [2011/09/01 18:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2011/08/31 20:07:00 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
    PRC - [2011/08/31 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    PRC - [2011/08/31 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    PRC - [2011/08/31 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    PRC - [2011/05/19 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    PRC - [2011/05/19 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    PRC - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    PRC - [2011/05/19 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
    PRC - [2011/05/12 12:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
    PRC - [2011/05/10 20:07:00 | 000,150,032 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    PRC - [2011/05/09 15:04:44 | 000,166,520 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe
    PRC - [2011/05/09 15:04:44 | 000,135,288 | ---- | M] (PGP Corporation) -- C:\WINDOWS\system32\PGPserv.exe
    PRC - [2011/01/06 21:32:52 | 000,536,668 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2011/01/06 21:32:52 | 000,266,322 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
    PRC - [2011/01/06 12:00:18 | 001,469,296 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
    PRC - [2011/01/06 11:56:30 | 000,378,224 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
    PRC - [2011/01/05 10:48:12 | 000,488,816 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2010/12/22 15:53:06 | 000,081,920 | ---- | M] (Jordan Lawrence Group) -- C:\Program Files\Jordan Lawrence\GRIP Desktop\GRIP Desktop.exe
    PRC - [2010/12/21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    PRC - [2010/12/15 10:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    PRC - [2010/12/03 17:20:18 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/03 17:20:16 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/09 23:55:18 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2010/10/25 08:33:04 | 000,826,272 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    PRC - [2010/10/25 08:33:04 | 000,032,160 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    PRC - [2010/10/16 16:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    PRC - [2010/10/01 16:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
    PRC - [2010/07/07 15:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2010/05/31 16:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2010/02/25 08:04:00 | 000,263,536 | ---- | M] (SAP AG) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
    PRC - [2010/02/25 08:04:00 | 000,226,672 | ---- | M] (SAP AG) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe
    PRC - [2010/02/10 19:50:50 | 000,072,296 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\drivers\o2flash.exe
    PRC - [2009/10/07 05:12:22 | 001,086,760 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
    PRC - [2009/07/10 10:06:49 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\ezprint.exe
    PRC - [2009/07/10 10:06:46 | 000,766,632 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe
    PRC - [2009/07/07 04:06:46 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
    PRC - [2009/07/01 09:13:31 | 000,602,792 | ---- | M] ( ) -- C:\WINDOWS\system32\dleacoms.exe
    PRC - [2009/03/12 05:00:26 | 000,233,472 | ---- | M] (AVAYA Communication) -- C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe
    PRC - [2008/07/23 18:36:20 | 000,114,688 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DNTUS26.EXE
    PRC - [2008/04/13 19:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/15 13:33:41 | 001,356,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll
    MOD - [2012/06/15 13:33:11 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
    MOD - [2012/06/14 15:22:58 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 15:22:47 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
    MOD - [2012/05/11 08:31:18 | 001,706,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll
    MOD - [2012/05/11 08:28:10 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
    MOD - [2012/05/11 08:28:02 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
    MOD - [2012/05/11 08:27:50 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
    MOD - [2012/05/11 08:27:28 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
    MOD - [2012/05/11 08:27:21 | 001,070,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
    MOD - [2012/05/11 08:15:07 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
    MOD - [2012/05/11 08:13:31 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
    MOD - [2012/05/11 08:12:50 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
    MOD - [2012/05/01 08:45:04 | 000,072,192 | ---- | M] () -- C:\Program Files\Lumension\LEMSSAgent\tinyxml.dll
    MOD - [2012/05/01 08:44:10 | 000,111,616 | ---- | M] () -- C:\Program Files\Lumension\LEMSSAgent\pugixml-vc90-32.dll
    MOD - [2011/11/17 18:03:00 | 000,052,224 | ---- | M] () -- c:\SvcTools\pkg\SLM-Usage\eSMARTUM.exe
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/05/19 16:05:00 | 000,070,976 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
    MOD - [2011/02/04 13:17:20 | 000,111,616 | R--- | M] () -- C:\Program Files\Lumension\LEMSSAgent\EPUI\pugixml-vc90-32.dll
    MOD - [2010/12/27 18:23:16 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
    MOD - [2010/12/27 18:23:05 | 000,761,856 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
    MOD - [2010/12/22 15:53:04 | 000,053,760 | ---- | M] () -- C:\Program Files\Jordan Lawrence\GRIP Desktop\GRIP.Desktop.Business.dll
    MOD - [2010/12/22 15:53:04 | 000,023,040 | ---- | M] () -- C:\Program Files\Jordan Lawrence\GRIP Desktop\GRIP.Core.dll
    MOD - [2010/12/22 15:53:04 | 000,018,944 | ---- | M] () -- C:\Program Files\Jordan Lawrence\GRIP Desktop\GRIP.Desktop.UI.dll
    MOD - [2010/12/15 10:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    MOD - [2010/02/22 10:16:06 | 000,839,680 | ---- | M] () -- C:\Program Files\Lumension\LEMSSAgent\EPUI\js3250.dll
    MOD - [2009/07/10 10:06:49 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\ezprint.exe
    MOD - [2009/07/10 10:06:46 | 000,766,632 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe
    MOD - [2009/06/22 09:08:44 | 000,196,608 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epoemdll.dll
    MOD - [2009/06/22 09:08:43 | 000,045,056 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epstring.dll
    MOD - [2009/06/22 09:08:41 | 002,203,648 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epwizres.dll
    MOD - [2009/06/22 09:08:27 | 000,708,608 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epwizard.dll
    MOD - [2009/06/22 09:06:32 | 000,159,744 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\customui.dll
    MOD - [2009/06/22 09:06:09 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epfunct.dll
    MOD - [2009/06/22 09:06:03 | 000,114,688 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\eputil.dll
    MOD - [2009/06/22 09:05:49 | 000,139,264 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\imagutil.dll
    MOD - [2009/06/19 04:58:00 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dleadrpp.dll
    MOD - [2009/05/29 10:09:48 | 001,159,168 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleadrs.dll
    MOD - [2009/05/29 10:08:53 | 000,389,120 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleascw.dll
    MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dleadatr.dll
    MOD - [2009/05/26 16:17:13 | 000,086,118 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\DLEAcfg.dll
    MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\iptk.dll
    MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleacaps.dll
    MOD - [2009/03/05 13:55:33 | 000,059,904 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleacnv4.dll
    MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleaptp.dll
    MOD - [2009/02/20 04:50:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\DLEAsmr.dll
    MOD - [2009/02/20 04:49:37 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\DLEAsm.dll
    MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll
    MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll
    MOD - [2007/04/03 16:18:26 | 000,197,672 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
    MOD - [2003/02/25 17:19:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\statusagent4.dll -- (MSTAPE)
    SRV - [2012/08/22 08:14:05 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/05/01 09:29:28 | 000,467,280 | ---- | M] (Lumension Security, Inc.) [Auto | Running] -- C:\Program Files\Lumension\LEMSSAgent\LMAgent.exe -- (LEMSS Agent)
    SRV - [2012/04/12 18:51:46 | 000,683,080 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
    SRV - [2011/11/17 18:03:00 | 000,052,224 | ---- | M] () [Auto | Running] -- c:\SvcTools\pkg\SLM-Usage\eSMARTUM.exe -- (DDM Usage Monitoring)
    SRV - [2011/09/20 17:23:42 | 000,095,584 | ---- | M] (Lumension Security, Inc.) [On_Demand | Running] -- C:\Program Files\Lumension\Patch Agent\GravitixService.exe -- (Patch Agent)
    SRV - [2011/08/31 20:07:00 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
    SRV - [2011/08/31 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
    SRV - [2011/08/31 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
    SRV - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2011/05/12 12:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
    SRV - [2011/05/10 20:07:00 | 000,150,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
    SRV - [2011/05/09 15:04:44 | 000,166,520 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service)
    SRV - [2011/05/09 15:04:44 | 000,135,288 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\WINDOWS\system32\PGPserv.exe -- (PGPserv)
    SRV - [2011/01/06 21:32:52 | 000,266,322 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
    SRV - [2011/01/06 11:56:30 | 000,378,224 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
    SRV - [2010/12/03 17:20:18 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/03 17:20:16 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/11/03 16:12:58 | 001,477,632 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
    SRV - [2010/10/25 08:33:04 | 000,826,272 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
    SRV - [2010/10/25 08:33:04 | 000,032,160 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
    SRV - [2010/10/16 16:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
    SRV - [2010/07/13 14:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
    SRV - [2010/02/25 08:04:00 | 000,263,536 | ---- | M] (SAP AG) [Auto | Running] -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe -- (NWSAPAutoWorkstationUpdateSvc)
    SRV - [2010/02/10 19:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
    SRV - [2009/07/01 09:13:31 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\dleacoms.exe -- (dlea_device)
    SRV - [2009/07/01 09:13:25 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe -- (dleaCATSCustConnectService)
    SRV - [2009/03/12 05:00:26 | 000,233,472 | ---- | M] (AVAYA Communication) [Auto | Running] -- C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe -- (iClarityQoSService)
    SRV - [2008/07/23 18:36:20 | 000,114,688 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINDOWS\system32\DNTUS26.EXE -- (DNTUS26)
    SRV - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\vmscsi.sys -- (vmscsi)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\qu54112\LOCALS~1\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1y5132.sys -- (e1yexpress)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2012/05/01 09:30:34 | 000,139,504 | ---- | M] (Lumension Security, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eps.sys -- (EPS)
    DRV - [2012/04/12 18:28:28 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
    DRV - [2011/08/31 20:07:00 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2011/08/31 20:07:00 | 000,180,072 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2011/08/31 20:07:00 | 000,119,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2011/08/31 20:07:00 | 000,089,624 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2011/08/31 20:07:00 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2011/08/31 20:07:00 | 000,065,960 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2011/08/31 20:07:00 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2011/07/15 13:14:50 | 000,006,757 | ---- | M] () [Kernel | On_Demand | Running] -- c:\SvcTools\pkg\SLM-Usage\ProcObsrv.sys -- (ProcObsrv)
    DRV - [2011/05/09 15:04:44 | 000,301,688 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\PGPwded.sys -- (PGPwded)
    DRV - [2011/05/09 15:04:44 | 000,243,832 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PGPdisk.sys -- (PGPdisk)
    DRV - [2011/05/09 15:04:44 | 000,040,568 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PGPsdk.sys -- (PGPsdkDriver)
    DRV - [2011/05/09 15:04:44 | 000,013,432 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PGPwdefs.sys -- (Pgpwdefs)
    DRV - [2011/05/09 15:04:42 | 000,136,824 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PGPfsfd.sys -- (pgpfs)
    DRV - [2011/01/06 21:32:52 | 001,660,451 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2011/01/06 13:42:14 | 000,284,792 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2011/01/04 15:43:38 | 000,060,904 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mdfvst.sys -- (O2MDFRDR)
    DRV - [2010/12/27 18:23:15 | 003,360,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2010/12/27 18:23:14 | 000,033,664 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS -- (BCMWLNPF)
    DRV - [2010/12/13 09:33:36 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelern.sys -- (Acceler)
    DRV - [2010/10/19 13:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)
    DRV - [2010/10/15 04:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
    DRV - [2010/10/13 17:39:04 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)
    DRV - [2010/08/24 14:46:00 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
    DRV - [2010/08/20 11:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stdcfltn.sys -- (stdcfltn)
    DRV - [2009/10/06 09:49:48 | 000,187,960 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ahcix86.sys -- (ahcix86)
    DRV - [2009/06/03 10:01:28 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2009/06/03 10:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
    DRV - [2009/06/03 10:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
    DRV - [2009/05/21 05:48:10 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
    DRV - [2009/04/22 00:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
    DRV - [2008/07/30 17:20:30 | 000,352,256 | R--- | M] (BEHRINGER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BUSB2902.sys -- (BEHRINGER_2902)
    DRV - [2008/07/30 17:20:30 | 000,033,792 | R--- | M] (BEHRINGER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\busbwdm.sys -- (BUSB_AUDIO_WDM)
    DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
    DRV - [2007/12/19 19:25:40 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
    DRV - [2007/09/07 01:18:46 | 000,100,096 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
    DRV - [2007/04/03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
    DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2005/05/17 20:12:40 | 000,204,800 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aarich.sys -- (aarich)
    DRV - [2005/02/17 22:05:16 | 000,218,112 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a320raid.sys -- (a320raid)
    DRV - [2005/01/26 08:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2004/04/07 16:14:30 | 000,048,140 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aac.sys -- (aac)
    DRV - [2003/04/28 10:15:38 | 000,140,544 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fasttx2k.sys -- (fasttx2k)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www-I.nwlconnect.com/
    IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes,DefaultScope = {7E8AFCFE-AEB1-4939-AAD1-DCEFFD25C6FB}
    IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes\{480F1D9C-C4E5-4A10-8E0C-9CBB98E58E55}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
    IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes\{526EC8C4-28E3-4E55-B762-F526B7B4FD13}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
    IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes\{7AAB69DC-4632-40D8-B0D0-15DD096D42B4}: "URL" = http://delicious.com/search?p={searchTerms}
    IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes\{7E8AFCFE-AEB1-4939-AAD1-DCEFFD25C6FB}: "URL" = http://www.google.com/search?q={sea...x?}&startPage={startPage}&rlz=1I7ADFA_enUS452
    IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes\{894B46F1-DC47-44E5-8407-8D8931330F5C}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
    IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes\{9D191F83-C8D9-402A-9175-D30281C31649}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
    IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes\{C2DA2625-5188-44FB-B286-504D7CEC3A83}: "URL" = http://www.flickr.com/search/?q={searchTerms}
    IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Documents and Settings\qu54112\Local Settings\Application Data\DIRECTV Player\npPCShowPlugin.dll (NDS)
    FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Documents and Settings\qu54112\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll (NDS)
    FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Documents and Settings\qu54112\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll (NDS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2012/01/18 11:05:44 | 000,000,000 | ---D | M]
  10. Boscoe

    Boscoe Newcomer, in training Topic Starter

    O1 HOSTS File: ([2012/09/26 14:51:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
    O3 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\Toolbar\ShellBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
    O3 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\Toolbar\WebBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
    O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [dleamon.exe] C:\Program Files\Dell V310-V510 Series\dleamon.exe ()
    O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V310-V510 Series\ezprint.exe ()
    O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
    O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntellisyncLotus] " /J File not found
    O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
    O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
    O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
    O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKU\S-1-5-21-507921405-113007714-1801674531-102151..\Run: [Akamai NetSession Interface] C:\Documents and Settings\qu54112\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKU\S-1-5-21-507921405-113007714-1801674531-102151..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
    O4 - HKU\S-1-5-21-507921405-113007714-1801674531-102151..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\ptim.exe (Cisco WebEx LLC)
    O4 - HKU\S-1-5-21-507921405-113007714-1801674531-102151..\Run: [PTOneClick] C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe (Cisco WebEx LLC)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell System Manager.lnk = C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GRIP Desktop.lnk = C:\WINDOWS\Installer\{58D3349D-849E-4215-870E-66349CEC47F9}\_188652DA885AB9DE3230E7.exe ()
    O4 - Startup: C:\Documents and Settings\qu54112\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
    O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = 386.exe
    O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = chrome.exe
    O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = ChromeSetup.exe
    O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = Elite.exe
    O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = Explorer32.exe
    O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = googledesktop.exe
    O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = usb.exe
    O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = usb32.exe
    O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = windrvl32.exe
    O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = winshost.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\PGPlsp.dll (PGP Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\PGPlsp.dll (PGP Corporation)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: appreciatehub.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: appreciatehub.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: btslearning.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: Contentserver.elementh.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: Dell.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: mynwlconnect.com ([]* in Local intranet)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: mynwlconnect.com ([]http in Local intranet)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: my-totalrewards.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: nafepncsubpm1 ([]https in Local intranet)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: nafepncsxm01 ([]https in Local intranet)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellco.com ([]* in Local intranet)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellco.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellco.com ([*.nr.ad] * in Local intranet)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellco.com ([*.nr.ad] http in Local intranet)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellcotraining.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellrubbermaid.com ([]* in Local intranet)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellrubbermaid.com ([]http in Local intranet)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: nwlconnect.com ([]* in Local intranet)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: nwlconnect.com ([]http in Local intranet)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: octanner.com ([*.recognition] * in Trusted sites)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: outlook.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: retireonline.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: scorm.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: Staples.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: staplesadvantage.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: taleo.net ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: taleo.net ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: unisourcelink.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: workforcehosting.com ([]https in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} http://mqc.sap.newellco.com:8080/qcbin/capicom.dll (Certificates Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1282248966734 (MUWebControl Class)
    O16 - DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} http://community.weightwatchers.com/Scripts/ImageUploader6.cab (Image Uploader Control)
    O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://virtualkitchenshowroom.homedepot.com/VS/Core/Player/2020PlayerAX_WEB_Win32.cab (20-20 3D Viewer for WEB)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://newell.webex.com/client/upgradeserver/client/ptool/T27L10NSP11_ASRRLS6-4838/ieatgpc.cab (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} http://qc.newellco.com:8080/qcbin/ALM-Platform-Loader.11.cab (ALM Platfrom Loader v11)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://bond.newellco.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O16 - DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} http://mqc.sap.newellco.com:8080/qcbin/Spider10.cab (Loader Class v5)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.5.153.22 10.5.153.23
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nr.ad.newellco.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08D8C993-1EFD-45F3-BA04-5EF873521FF3}: DhcpNameServer = 10.5.153.22 10.5.153.23
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
    O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\qu54112\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\qu54112\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/08/19 13:57:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/26 15:06:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\qu54112\Desktop\OTL.exe
    [2012/09/26 14:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDVD 9.5
    [2012/09/26 14:24:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/09/26 14:22:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/09/26 14:22:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/09/26 14:22:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/09/26 14:22:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/09/26 14:21:36 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/26 14:21:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/09/26 14:11:25 | 004,757,076 | R--- | C] (Swearware) -- C:\Documents and Settings\qu54112\Desktop\ComboFix.exe
    [2012/09/25 21:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\qu54112\Desktop\VirusRemoval
    [2012/09/25 20:58:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\qu54112\Start Menu\Programs\Administrative Tools
    [2012/09/25 20:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\qu54112\Application Data\Malwarebytes
    [2012/09/25 20:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/25 20:20:40 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/09/25 20:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/09/13 10:35:08 | 000,109,056 | ---- | C] (Lumension) -- C:\WINDOWS\System32\EPUICpl.cpl
    [2012/09/13 10:34:52 | 000,139,504 | ---- | C] (Lumension Security, Inc.) -- C:\WINDOWS\System32\eps.sys
    [2012/09/13 10:34:51 | 000,139,504 | ---- | C] (Lumension Security, Inc.) -- C:\WINDOWS\System32\drivers\eps.sys
    [2012/09/13 10:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Lumension
    [2012/09/13 10:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lumension
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/26 15:06:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\qu54112\Desktop\OTL.exe
    [2012/09/26 14:54:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/09/26 14:53:24 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GRIP Desktop.lnk
    [2012/09/26 14:51:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/09/26 14:51:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/09/26 14:50:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/09/26 14:50:23 | 3398,426,624 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/26 14:25:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/09/26 14:11:36 | 004,757,076 | R--- | M] (Swearware) -- C:\Documents and Settings\qu54112\Desktop\ComboFix.exe
    [2012/09/25 21:56:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\qu54112\Desktop\MBR.dat
    [2012/09/24 20:00:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/09/24 16:06:31 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\qu54112\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2012/09/22 18:36:31 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
    [2012/09/22 18:36:20 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
    [2012/09/17 14:49:38 | 001,357,305 | ---- | M] () -- C:\Documents and Settings\qu54112\My Documents\OTC200BR_Exercise_2.udc
    [2012/09/17 14:46:57 | 001,357,264 | ---- | M] () -- C:\Documents and Settings\qu54112\My Documents\OTC250BR_Exercise_2.udc
    [2012/09/17 10:52:07 | 000,022,732 | RHS- | M] () -- C:\Documents and Settings\qu54112\ntuser.pol
    [2012/09/15 14:58:34 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\qu54112\Desktop\Shortcut to COMM215.lnk
    [2012/09/14 09:40:01 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
    [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/09/07 11:05:45 | 000,000,216 | ---- | M] () -- C:\WINDOWS\NkMEdit.INI
    [2012/09/05 16:53:23 | 001,196,544 | ---- | M] () -- C:\Documents and Settings\qu54112\My Documents\BR_OTC_VT03N.udc
    [2012/09/05 16:00:47 | 001,269,448 | ---- | M] () -- C:\Documents and Settings\qu54112\My Documents\BR_OTC_VL06T.udc
    [2012/08/30 17:39:44 | 000,019,365 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/26 14:25:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012/09/26 14:25:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/09/26 14:22:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/09/26 14:22:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/09/26 14:22:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/09/26 14:22:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/09/26 14:22:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/09/25 21:56:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\qu54112\Desktop\MBR.dat
    [2012/09/17 14:48:24 | 001,357,305 | ---- | C] () -- C:\Documents and Settings\qu54112\My Documents\OTC200BR_Exercise_2.udc
    [2012/09/17 13:45:54 | 001,357,264 | ---- | C] () -- C:\Documents and Settings\qu54112\My Documents\OTC250BR_Exercise_2.udc
    [2012/09/15 14:58:34 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\qu54112\Desktop\Shortcut to COMM215.lnk
    [2012/09/07 11:05:45 | 000,000,216 | ---- | C] () -- C:\WINDOWS\NkMEdit.INI
    [2012/09/05 16:05:20 | 001,196,544 | ---- | C] () -- C:\Documents and Settings\qu54112\My Documents\BR_OTC_VT03N.udc
    [2012/09/05 14:50:02 | 001,269,448 | ---- | C] () -- C:\Documents and Settings\qu54112\My Documents\BR_OTC_VL06T.udc
    [2012/06/07 00:58:11 | 001,186,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2012/05/18 14:58:51 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
    [2012/02/16 15:19:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/30 08:01:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/10/22 10:03:34 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\qu54112\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/09/28 07:22:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\sapshortcut.ini
    [2011/08/26 16:46:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
    [2011/08/26 15:25:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Soundtrack
    [2011/08/26 15:25:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sounds
    [2011/08/26 15:25:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sound Effects
    [2011/08/26 15:25:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\qu54112\Application Data\Smooth Strings
    [2011/08/26 15:25:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\qu54112\Application Data\SingleFiles
    [2011/08/26 15:25:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\qu54112\Application Data\Services
    [2011/08/26 15:25:42 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
    [2011/08/26 15:25:42 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
    [2011/08/26 15:25:42 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
    [2011/08/01 23:29:08 | 000,000,256 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
    [2011/07/26 23:10:43 | 000,292,762 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-507921405-113007714-1801674531-102151-0.dat
    [2011/07/26 23:10:42 | 000,292,762 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/07/26 13:25:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dleavs.dll
    [2011/07/26 13:25:11 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacoin.dll
    [2011/07/26 13:25:04 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dleagcfg.dll
    [2011/07/26 13:25:03 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dleacui.dll
    [2011/07/26 13:25:03 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dleacuir.dll
    [2011/07/26 13:24:24 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\DLEAwupd.dll
    [2011/07/26 13:24:24 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\DLEAwupd.exe
    [2011/07/26 13:23:15 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\DLEAhcp.dll
    [2011/07/26 13:23:15 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\DLEAinst.dll
    [2011/07/26 13:23:15 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dleainpa.dll
    [2011/07/26 13:23:14 | 001,056,768 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaserv.dll
    [2011/07/26 13:23:14 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dleausb1.dll
    [2011/07/26 13:23:14 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dleapmui.dll
    [2011/07/26 13:23:14 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaiesc.dll
    [2011/07/26 13:23:13 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dleahbn3.dll
    [2011/07/26 13:23:13 | 000,581,632 | ---- | C] ( ) -- C:\WINDOWS\System32\dlealmpm.dll
    [2011/07/26 13:23:13 | 000,328,360 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaih.exe
    [2011/07/26 13:23:13 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\dleains.dll
    [2011/07/26 13:23:13 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\dleainsb.dll
    [2011/07/26 13:23:13 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dleainsr.dll
    [2011/07/26 13:23:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dleajswr.dll
    [2011/07/26 13:23:12 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacomc.dll
    [2011/07/26 13:23:12 | 000,602,792 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacoms.exe
    [2011/07/26 13:23:12 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacomm.dll
    [2011/07/26 13:23:12 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\dleacu.dll
  11. Boscoe

    Boscoe Newcomer, in training Topic Starter

    [2011/07/26 13:23:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dleagrd.dll
    [2011/07/26 13:23:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dleacub.dll
    [2011/07/26 13:23:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dleacur.dll
    [2011/07/26 13:23:11 | 000,369,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacfg.exe
    [2011/07/26 13:23:11 | 000,086,118 | ---- | C] () -- C:\WINDOWS\System32\DLEAcfg.dll
    [2011/07/26 13:16:49 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DLEAsmr.dll
    [2011/07/26 13:16:48 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\DLEAsm.dll
    [2011/07/23 16:12:56 | 000,065,336 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/07/08 12:33:45 | 000,000,255 | ---- | C] () -- C:\WINDOWS\mercury.ini
    [2011/07/08 07:02:35 | 000,022,732 | RHS- | C] () -- C:\Documents and Settings\qu54112\ntuser.pol
    [2011/07/07 10:58:31 | 000,019,365 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2011/07/07 09:03:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2011/07/07 09:01:19 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2011/07/07 09:01:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2011/07/07 09:01:19 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
    [2011/07/07 09:00:57 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll
    [2011/07/07 08:23:47 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
    [2011/07/07 08:23:06 | 000,205,192 | ---- | C] () -- C:\WINDOWS\System32\bipbsp.dll
    [2011/07/07 08:23:05 | 000,308,624 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
    [2011/07/07 07:04:59 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
    [2011/07/07 07:04:58 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
    [2011/07/07 07:04:58 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
    [2011/07/07 07:04:58 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
    [2011/07/07 07:04:57 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
    [2011/07/07 06:54:21 | 000,000,264 | ---- | C] () -- C:\WINDOWS\WMIInfo.ini
    [2011/07/07 06:53:02 | 000,000,132 | ---- | C] () -- C:\WINDOWS\ProcessorDetector.ini
    [2011/05/24 12:18:10 | 000,004,231 | ---- | C] () -- C:\WINDOWS\HARDTACK.INI
    [2011/05/24 12:17:47 | 000,000,252 | ---- | C] () -- C:\WINDOWS\IB.ini
    [2011/05/20 11:50:29 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
    [2011/05/20 11:50:29 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
    [2011/05/20 11:50:28 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
    [2011/05/20 11:50:28 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
    [2011/05/20 11:50:28 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
    [2011/05/09 15:04:44 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\PGPsdk.dll.sig
    [2010/10/01 15:56:28 | 000,087,040 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_th.dll
    [2010/10/01 15:56:28 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-HK.dll
    [2010/10/01 15:56:26 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sl.dll
    [2010/10/01 15:56:24 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sk.dll
    [2010/10/01 15:56:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hr.dll
    [2010/10/01 15:56:20 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
    [2010/10/01 15:56:18 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
    [2010/10/01 15:56:18 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
    [2010/10/01 15:56:16 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
    [2010/10/01 15:56:14 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
    [2010/10/01 15:56:12 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
    [2010/10/01 15:56:10 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
    [2010/10/01 15:56:10 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
    [2010/10/01 15:56:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
    [2010/10/01 15:56:06 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
    [2010/10/01 15:56:06 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
    [2010/10/01 15:56:04 | 000,090,624 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
    [2010/10/01 15:56:02 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
    [2010/10/01 15:56:00 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
    [2010/10/01 15:56:00 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
    [2010/10/01 15:55:58 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
    [2010/10/01 15:55:56 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
    [2010/10/01 15:55:56 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
    [2010/10/01 15:55:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
    [2010/10/01 15:55:52 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
    [2010/10/01 15:55:50 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
    [2010/10/01 15:55:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
    [2010/10/01 15:55:46 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
    [2010/10/01 15:55:44 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
    [2010/09/30 08:49:10 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll

    ========== ZeroAccess Check ==========

    [2010/08/19 16:03:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2010/06/24 08:10:44 | 001,509,888 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2010/08/20 15:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
    [2011/05/20 12:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avaya Modular Messaging
    [2012/04/29 17:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\B7E858A7000BD0CF012726D5D151FC4E
    [2012/05/16 17:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
    [2011/07/07 08:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broadcom
    [2011/08/26 15:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    [2011/07/07 11:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
    [2011/07/08 20:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
    [2012/09/13 10:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lumension
    [2012/01/21 21:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
    [2011/08/28 21:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
    [2011/07/07 08:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
    [2011/12/07 10:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PGP Corporation
    [2012/01/16 05:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2011/08/26 15:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StatusSheet
    [2011/08/26 15:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportPrinters
    [2011/08/26 15:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System Image Utility
    [2011/08/26 15:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    [2011/07/07 08:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
    [2011/07/08 10:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
    [2011/07/15 16:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/05/20 12:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Avaya
    [2010/08/20 14:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Avaya Modular Messaging
    [2010/08/19 17:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Jolly Giant Software
    [2011/02/11 15:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Uniblue
    [2011/02/08 17:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
    [2011/02/08 17:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Search
    [2011/05/20 12:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my14548\Application Data\Avaya
    [2010/08/20 14:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my14548\Application Data\Avaya Modular Messaging
    [2010/08/19 17:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my14548\Application Data\Jolly Giant Software
    [2011/02/11 15:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my14548\Application Data\Uniblue
    [2011/02/08 17:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my14548\Application Data\Windows Desktop Search
    [2011/02/08 17:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my14548\Application Data\Windows Search
    [2011/05/20 12:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nrlaa\Application Data\Avaya
    [2010/08/20 14:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nrlaa\Application Data\Avaya Modular Messaging
    [2010/08/19 17:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nrlaa\Application Data\Jolly Giant Software
    [2011/02/11 15:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nrlaa\Application Data\Uniblue
    [2011/07/07 08:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nrlaa\Application Data\Wave Systems Corp
    [2011/02/08 17:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nrlaa\Application Data\Windows Desktop Search
    [2011/02/08 17:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nrlaa\Application Data\Windows Search
    [2012/01/30 07:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Avaya
    [2010/08/20 14:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Avaya Modular Messaging
    [2011/10/13 21:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\com.Shutterfly.ExpressUploader
    [2012/04/24 03:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\DTV
    [2011/07/26 12:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\GARMIN
    [2010/08/19 17:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Jolly Giant Software
    [2012/07/09 13:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Juniper Networks
    [2012/05/24 13:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Leadertech
    [2012/07/14 11:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Musicnotes
    [2011/08/26 16:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Nikon
    [2011/12/07 10:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\PGP Corporation
    [2012/01/16 05:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Research In Motion
    [2011/09/27 03:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\RWD
    [2012/02/29 16:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\SAP
    [2011/02/11 15:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Uniblue
    [2012/08/15 09:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\WebEx
    [2012/05/08 12:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Windows Desktop Search
    [2011/02/08 17:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Windows Search

    ========== Purity Check ==========



    < End of report >
    OTL Extras logfile created on: 9/26/2012 3:08:08 PM - Run 1
    OTL by OldTimer - Version 3.2.68.0 Folder = C:\Documents and Settings\qu54112\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.16 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 74.30% Memory free
    5.00 Gb Paging File | 4.31 Gb Available in Paging File | 86.12% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 148.67 Gb Free Space | 63.84% Space Free | Partition Type: NTFS
    Drive H: | 132874.10 Gb Total Space | 41830.93 Gb Free Space | 31.48% Space Free | Partition Type: NTFS
    Drive S: | 132874.10 Gb Total Space | 41830.93 Gb Free Space | 31.48% Space Free | Partition Type: NTFS

    Computer Name: NC-ATL14010 | User Name: QU54112 | NOT logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    "4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
    "4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    "4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
    "1132:TCP" = 1132:TCP:*:Enabled:Akamai NetSession Interface
    "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "1399:TCP" = 1399:TCP:*:Enabled:Akamai NetSession Interface
    "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\QWS3270 PLUS\QWS3270p.exe" = C:\Program Files\QWS3270 PLUS\QWS3270p.exe:*:Enabled:QWS3270 PLUS -- (Jolly Giant Software Inc.)
    "C:\Program Files\QWS3270 PLUS\lpd.exe" = C:\Program Files\QWS3270 PLUS\lpd.exe:*:Enabled:JGS Line Printer Daemon -- (Jolly Giant Software Inc.)
    "C:\Program Files\QWS3270 PLUS\AutoUpdt.exe" = C:\Program Files\QWS3270 PLUS\AutoUpdt.exe:*:Enabled:JGS Automatic Update Utility -- (Jolly Giant Software Inc.)
    "C:\Program Files\QWS3270 PLUS\QWS3287p.exe" = C:\Program Files\QWS3270 PLUS\QWS3287p.exe:*:Enabled:QWS3287 Printer -- (Jolly Giant Software Inc.)
    "C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
    "C:\WINDOWS\system32\dleacoms.exe" = C:\WINDOWS\system32\dleacoms.exe:*:Enabled:V310-V510 Series Server -- ( )
    "C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
    "C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 R2 -- (Microsoft Corporation)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Office Communicator -- (Microsoft Corporation)
    "C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "C:\Program Files\Avaya\Avaya one-X Communicator\SparkEmulator.exe" = C:\Program Files\Avaya\Avaya one-X Communicator\SparkEmulator.exe:*:Enabled:Spark Endpoint Emulator R1.1 (14) -- (Avaya, Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

     
  12. Boscoe

    Boscoe Newcomer, in training Topic Starter

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00FC3F65-86EB-475E-881F-A5B1CF731320}" = McAfee SiteAdvisor Enterprise Plus
    "{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
    "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
    "{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "{0CCAF47C-E428-48C2-82B2-5F25CE1D67DA}" = Gemalto
    "{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{13AD702E-412D-43CE-8D63-C8B1AA06310D}" = RWD uPerform Client
    "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
    "{1ACE4833-28F0-45BB-ACA2-4D3FF8646421}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
    "{20EB202D-6D74-49AC-8785-C80342911940}" = LM Agent
    "{242F338C-1DCE-4282-9E83-AE1DDA4C3FB2}" = Program Files
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35
    "{2833FCFE-3D65-4FB4-AB62-17937B57163E}" = Avaya one-X Communicator
    "{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
    "{397F4DE2-3C5A-415C-9A36-1D8C2B30B92D}" = McAfee Agent
    "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
    "{45408D2E-180E-4F84-BBB1-E95090B06A1C}" = Dell Image Preparation Tool
    "{48E3B002-74C0-48A6-A463-85C0F96E2D7E}" = WebEx Productivity Tools
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
    "{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
    "{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
    "{542DC8F4-C0E1-4129-962C-49F2333B497A}" = NRAtlanta-DDM8
    "{58D3349D-849E-4215-870E-66349CEC47F9}" = GRIP Desktop
    "{5B094D3F-FAAF-454B-BA90-6230248E0743}" = QWS3270 PLUS 4.2
    "{5F3783B7-F809-45A7-8A92-A44B441FDA7C}" = DIRECTV Player
    "{6315D12F-EEB9-4F45-95A1-D543E810A925}" = MM Client
    "{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
    "{694226CF-FBE2-4015-865C-17703E06B312}" = Font - Trade Gothic 6.03-B
    "{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
    "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
    "{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BA5CB2D-F497-4AB6-8206-C24A7D67750F}" = PGP Desktop
    "{7D487E97-6D60-4DCD-9B6D-A400D4069992}" = Dell Data Protection | Access | Prerequisites
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
    "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
    "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
    "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{83F46219-7837-41A4-A84D-5F9E5159FA48}" =
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
    "{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIO_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    "{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
    "{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{93327046-571E-4CA5-950A-9669FB47A949}" = CyberSafe TrustBroker Secure Client for Workstations
    "{963FC8D7-91F9-4AB2-B580-B6E2F74F97A7}" = Lumension Patch Agent for Windows
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A32F592F-AA0E-49AF-8E85-A0A25AF83314}" = Wave Infrastructure Installer
    "{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
    "{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
    "{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = vcredist_x86
    "{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{DA846E79-1C13-4AB0-8DEB-77935469CD9A}" = Mobile Broadband Generic Drivers
    "{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
    "{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
    "{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
    "{E3142E10-4734-4425-A0CB-4CDFB436FF20}" = Dell System Manager
    "{E40A8BEF-FD8B-48A4-9463-2FD7C4082F76}" = FormsWizard
    "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
    "{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
    "{FBF81222-8404-4FCF-B76A-7CFAD7BB1451}" = PC CCID
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFFE5DAD-27EF-40C8-9C13-546224F9A2D3}" = Dell ControlVault Host Components Installer
    "9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    "ActiveTouchMeetingClient" = Cisco WebEx Meetings
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Audacity_is1" = Audacity 1.2.6
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
    "com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
    "Dell V310-V510 Series" = Dell V310-V510 Series
    "DW WLAN Card Utility" = DW WLAN Card Utility
    "energyXT_is1" = energyXT2.5
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
    "Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
    "Juniper Network Connect 7.2.0" = Juniper Networks Network Connect 7.2.0
    "LMAgent" = LM Agent
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
    "Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.6.0
    "Musicnotes Player_is1" = Musicnotes Player V1.31.6 and Viewer V1.19.0
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Office14.VISIO" = Microsoft Visio Premium 2010
    "Picasa 3" = Picasa 3
    "SAP_ECL" = ECL Viewer
    "SAP_WUS" = SAPSetup Automatic Workstation Update Service
    "SAPBI" = SAP Business Explorer
    "SAPGUI710" = SAP GUI for Windows 7.20
    "USB_AUDIO_DEusb-audio.deBehringer2902" = BEHRINGER USB AUDIO DRIVER
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "YTdetect" = Yahoo! Detect

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/26/2012 2:33:14 PM | Computer Name = NC-ATL14010 | Source = Application Error | ID = 1000
    Description = Faulting application rmbr.3xe, version 0.0.0.0, faulting module ntdll.dll,
    version 5.1.2600.6055, fault address 0x00002128.

    Error - 9/26/2012 2:35:00 PM | Computer Name = NC-ATL14010 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 9/26/2012 2:35:00 PM | Computer Name = NC-ATL14010 | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 9/26/2012 2:35:03 PM | Computer Name = NC-ATL14010 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 9/26/2012 2:35:31 PM | Computer Name = NC-ATL14010 | Source = UserInit | ID = 1000
    Description = Could not execute the following script \\naatlncscelfs1\Shared\Corporate\Software\PGP\PGPDesktop.vbs.
    The network location cannot be reached. For information about network troubleshooting,
    see Windows Help. .

    Error - 9/26/2012 2:37:26 PM | Computer Name = NC-ATL14010 | Source = McLogEvent | ID = 259
    Description = The file C:\Documents and Settings\qu54112\Local Settings\Temp\Av-test.txt
    contains the EICAR test file Test. No cleaner available, file deleted successfully.
    Detected using Scan engine version 5400.1158 DAT version 6847.0000.

    Error - 9/26/2012 2:50:29 PM | Computer Name = NC-ATL14010 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 9/26/2012 2:50:29 PM | Computer Name = NC-ATL14010 | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 9/26/2012 2:50:32 PM | Computer Name = NC-ATL14010 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 9/26/2012 2:51:05 PM | Computer Name = NC-ATL14010 | Source = UserInit | ID = 1000
    Description = Could not execute the following script \\naatlncscelfs1\Shared\Corporate\Software\PGP\PGPDesktop.vbs.
    The network location cannot be reached. For information about network troubleshooting,
    see Windows Help. .

    [ Lumension Events ]
    Error - 9/24/2012 12:02:33 PM | Computer Name = NC-ATL14010 | Source = Lumension Detection Agent | ID = 2
    Description = Error uploading inventory results - error code = -20

    Error - 9/25/2012 8:21:49 AM | Computer Name = NC-ATL14010 | Source = Lumension Detection Agent | ID = 2
    Description = Error uploading inventory results - error code = -20

    Error - 9/25/2012 6:29:36 PM | Computer Name = NC-ATL14010 | Source = Lumension Detection Agent | ID = 2
    Description = Error uploading inventory results - error code = -20

    Error - 9/26/2012 9:17:01 AM | Computer Name = NC-ATL14010 | Source = Lumension Detection Agent | ID = 2
    Description = Error occurred posting detection to PLUS (incremental diff) -
    error code = -30 error msg = 'Error: Invalid CheckSum'

    [ System Events ]
    Error - 9/26/2012 2:36:05 PM | Computer Name = NC-ATL14010 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.

    Error - 9/26/2012 2:36:46 PM | Computer Name = NC-ATL14010 | Source = Service Control Manager | ID = 7034
    Description = The O2FLASH service terminated unexpectedly. It has done this 1 time(s).

    Error - 9/26/2012 2:37:20 PM | Computer Name = NC-ATL14010 | Source = Service Control Manager | ID = 7034
    Description = The DW WLAN Tray Service service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 9/26/2012 2:37:20 PM | Computer Name = NC-ATL14010 | Source = Service Control Manager | ID = 7034
    Description = The DDM Usage Monitoring service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 9/26/2012 2:50:29 PM | Computer Name = NC-ATL14010 | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain NRADNEWELLCO due to the
    following: %%1311. Make sure that the computer is connected to the network and try
    again.
    If the problem persists, please contact your domain administrator.

    Error - 9/26/2012 2:51:01 PM | Computer Name = NC-ATL14010 | Source = Service Control Manager | ID = 7009
    Description = Timeout (300000 milliseconds) waiting for the dleaCATSCustConnectService
    service to connect.

    Error - 9/26/2012 2:51:01 PM | Computer Name = NC-ATL14010 | Source = Service Control Manager | ID = 7000
    Description = The dleaCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 9/26/2012 2:51:01 PM | Computer Name = NC-ATL14010 | Source = Service Control Manager | ID = 7023
    Description = The Wtcls2k service terminated with the following error: %%126

    Error - 9/26/2012 2:51:01 PM | Computer Name = NC-ATL14010 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    vmscsi

    Error - 9/26/2012 2:51:41 PM | Computer Name = NC-ATL14010 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.


    < End of report >
  13. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    I asked before....
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: appreciatehub.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: appreciatehub.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: btslearning.com ([www] http in Trusted sites)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: Contentserver.elementh.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: Dell.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: mynwlconnect.com ([]* in Local intranet)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: mynwlconnect.com ([]http in Local intranet)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: my-totalrewards.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: nafepncsubpm1 ([]https in Local intranet)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: nafepncsxm01 ([]https in Local intranet)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellco.com ([]* in Local intranet)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellco.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellco.com ([*.nr.ad] * in Local intranet)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellco.com ([*.nr.ad] http in Local intranet)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellcotraining.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellrubbermaid.com ([]* in Local intranet)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellrubbermaid.com ([]http in Local intranet)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: nwlconnect.com ([]* in Local intranet)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: nwlconnect.com ([]http in Local intranet)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: octanner.com ([*.recognition] * in Trusted sites)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: outlook.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: retireonline.com ([www] https in Trusted sites)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: scorm.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: Staples.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: staplesadvantage.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: taleo.net ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: taleo.net ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: unisourcelink.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: workforcehosting.com ([]https in Trusted sites)
      O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
      [2010/08/19 16:03:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shdocvw.dll -- [2010/06/24 08:10:44 | 001,509,888 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  14. Boscoe

    Boscoe Newcomer, in training Topic Starter

    I apologize - I did not change my fonts. I did cut and paste them numerous times trying to get them broke into pieces small enough to fit the 50,000 character limit - if the font was changed it was unintentional. I'm sorry.
  15. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Fair enough :)
  16. Boscoe

    Boscoe Newcomer, in training Topic Starter

    Ok, here are the first few files. I was an ***** and got ahead of myself.. I ran the AdwCleaner and it rebooted but then I uninstalled the application before copying the .txt file - I looked for the C:\AdwCleaner[S1].txt but it wasn't there. Do I need to re-install AdwCleaner and do it again?

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-507921405-113007714-1801674531-102151\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\appreciatehub.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\appreciatehub.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\btslearning.com\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\Contentserver.elementh.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\Dell.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mynwlconnect.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mynwlconnect.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-totalrewards.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nafepncsubpm1\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nafepncsxm01\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newellco.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newellco.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newellco.com\*.nr.ad\ not found.
    Invalid CLSID key: *.nr.ad
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newellco.com\*.nr.ad\ not found.
    Invalid CLSID key: *.nr.ad
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newellcotraining.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newellrubbermaid.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newellrubbermaid.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nwlconnect.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nwlconnect.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\octanner.com\*.recognition\ deleted successfully.
    Invalid CLSID key: *.recognition
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\outlook.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\retireonline.com\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scorm.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\Staples.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\staplesadvantage.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\taleo.net\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\taleo.net\ not found.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\unisourcelink.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\workforcehosting.com\ deleted successfully.
    Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
    C:\WINDOWS\Downloaded Program Files\swdir.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control Garmin Communicator Plug-In
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    C:\WINDOWS\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 56931 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 98983 bytes
    ->Flash cache emptied: 343 bytes

    User: my14548
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: nrlaa
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: qu54112
    ->Temp folder emptied: 5318691 bytes
    ->Temporary Internet Files folder emptied: 40146745 bytes
    ->Java cache emptied: 679264 bytes
    ->Flash cache emptied: 57098 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2413727 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 240640 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 33775 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 1899538 bytes

    Total Files Cleaned = 49.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default User
    ->Java cache emptied: 0 bytes

    User: LocalService

    User: my14548
    ->Java cache emptied: 0 bytes

    User: NetworkService

    User: nrlaa
    ->Java cache emptied: 0 bytes

    User: qu54112
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: my14548
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: nrlaa
    ->Flash cache emptied: 0 bytes

    User: qu54112
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.68.0 log created on 09262012_183034

    Files\Folders moved on Reboot...
    C:\WINDOWS\temp\Perflib_Perfdata_8f4.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    Results of screen317's Security Check version 0.99.51
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Disabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    McAfee AntiSpyware Enterprise Module
    McAfee SiteAdvisor Enterprise Plus
    Malwarebytes Anti-Malware version 1.65.0.1400
    Java(TM) 6 Update 35
    Java version out of Date!
    Adobe Reader X (10.1.4)
    ````````Process Check: objlist.exe by Laurent````````
    McAfee VirusScan Enterprise EngineServer.exe
    McAfee VirusScan Enterprise VsTskMgr.exe
    McAfee VirusScan Enterprise Mcshield.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Version: 19-09-2012
    Ran by QU54112 (administrator) on 26-09-2012 at 18:41:01
    Running from "C:\Documents and Settings\qu54112\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error: Google IP is offline
    Attempt to access Google.com returned error: Google.com is offline
    Attempt to access Yahoo IP returned error: Yahoo IP is offline
    Attempt to access Yahoo.com returned error: Yahoo.com is offline


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    DNE(9) Gpc(3) IPSec(5) mfetdi2k(8) mfetdik(8) NetBT(6) PSched(7) Tcpip(4)
    0x09000000050000000100000002000000030000000400000008000000060000000700000009000000
    IpSec Tag value is correct.

    **** End of log ****
  17. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    You're fine :)
  18. Boscoe

    Boscoe Newcomer, in training Topic Starter

    Here is the final log from ESETScan.

    C:\Documents and Settings\qu54112\Local Settings\Application Data\SubSystems\jnvfxtgq.dll Win32/Kryptik.AJDT.Gen trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{9A1B4DE7-EC31-4E0F-9A3C-DA66AEC0E712}\RP299\A0053242.dll Win32/Kryptik.AJDT.Gen trojan cleaned by deleting - quarantined
  19. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.
  20. Boscoe

    Boscoe Newcomer, in training Topic Starter

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33685 bytes
    ->Flash cache emptied: 0 bytes

    User: my14548
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: nrlaa
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: qu54112
    ->Temp folder emptied: 37033183 bytes
    ->Temporary Internet Files folder emptied: 39538800 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 506 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 66543 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 73.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: my14548
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: nrlaa
    ->Flash cache emptied: 0 bytes

    User: qu54112
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default User
    ->Java cache emptied: 0 bytes

    User: LocalService

    User: my14548
    ->Java cache emptied: 0 bytes

    User: NetworkService

    User: nrlaa
    ->Java cache emptied: 0 bytes

    User: qu54112
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.68.0 log created on 09272012_205805
    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\qu54112\Local Settings\Temporary Internet Files\Content.IE5\TKLN00ZZ\bk-static[1].js not found!
    C:\WINDOWS\temp\Perflib_Perfdata_858.dat moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
  21. Broni

    Broni Malware Annihilator Posts: 46,177   +251

  22. Boscoe

    Boscoe Newcomer, in training Topic Starter

    Hi Broni,

    First, let me THANK YOU so very much. I greatly appreciate your assistance and the fact that my computer is doing very well. I have not seen any more instances of the ads from google links and have not been getting the "in private" tabs when clicking on links in Microsoft Outlook. So, thank you very much. I am NOT enjoying changing all these passwords - I may be back on here in a few days asking how to get into all my accounts since I can't remember the passwords ;)
  23. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.