also @ TechSpot: Updated Microsoft EULA prohibits class action lawsuits

TechSpot

TechSpot News Products Downloads Forums

Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Solved] Virus removed, working Network Connection but no DNS/Internet

Discussion in 'Virus and Malware Removal' started by jimvski, Nov 11, 2011.

Page 1 of 2

jimvski Newcomer, in training

Hi all, I'm hoping someone can help me here. I've been working on this for 2 days now and I'm very close to having it working but can't get the last piece.

I'm using a Dell Laptop with Windows 7. I was hit with a Google redirect virus the other day. I used Malwarebytes/safe mode several times to remove it. There's a snippit of that log below.

Now that I think I have it removed, I've been jumping through hoops to try to get the internet working again. Several things were broken but I think I've gotten most of them working (ipconfig, netsh commands, etc.). Now I'm down to the point where I can connect to my router but I can't get to the internet by DNS names. If I use an IP address it seems to work OK. nslookup also seems to respond with the proper names/IP. This is my work PC so it is behind a CheckPoint Securemote VPN and had McAfee (useless) running when I was infected. There's a very similar issue here: http://www.techspot.com/vb/topic160312.html I've tried all the netoworking commands in that post with no success. ANY help would be greatly appreciated. Thanks in advance.

Here's my FIRST Malwarebytes log...

Files Infected:
c:\Windows\System32\drivers\csc.sys (Spyware.Password) -> Quarantined and deleted successfully.
c:\Users\DSJWV\AppData\Local\c62704eb\U\80000000.@ (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\DSJWV\AppData\Local\c62704eb\U\800000cb.@ (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\Users\DSJWV\AppData\Local\c62704eb\U\800000cf.@ (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Windows\assembly\GAC_MSIL\Desktop.ini (Trojan.Agent) -> Delete on reboot.
c:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_a04fb2d2ba296321\csc.sys (Spyware.Password) -> Quarantined and deleted successfully.

Here's the latest MALWAREBYTES log (shows clean):

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11/11/2011 12:36:02 AM
mbam-log-2011-11-11 (00-36-02).txt

Scan type: Quick scan
Objects scanned: 207739
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MY GMER LOG:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-11 00:39:30
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-75ZCT2 rev.11.01A11
Running: jx0l5g9i.exe; Driver: C:\Users\DSJWV\AppData\Local\Temp\kxtcrpod.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

My DDS Logs are in the next post....

jimvski, Nov 11, 2011

#1
jimvski Newcomer, in training

Here's my DDS Logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by DSJWV at 0:43:53 on 2011-11-11
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2000.1267 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://o.aolcdn.com/aim/gromit/aim_express/gm/101215.6261.1.en-us/WidgetMain.html
uInternet Settings,ProxyOverride = 170.118.*;10.235.*;*.infores.com;127.0.01;*knowledgroup.com;*iriknowledgegroup.com;*symphonytg.com;*symphonyrpm.com;*symphonysv.com;10.85.226.106;139.61.238.26;ard.acxiom.com;*.cpgnetwork.com;*.iriworldwide.com;datadefense2.ironmountain.com;download.microsoft.com;silverlight.dlservice.microsoft.com;*.shavlik.com;crl.verisign.net;<local>
uInternet Settings,ProxyServer = Proxy.infores.com:8080
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: citi.com\creditcards
Trusted Zone: infores.com\cpgndev2
Trusted Zone: infores.com\cpgnprod
Trusted Zone: infores.com\iriteams
Trusted Zone: infores.com\pricesim
Trusted Zone: infores.com\pricesimp
Trusted Zone: verizon.net\mailbox
Trusted Zone: verizon.net\webmail
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{AF0CF356-AAD1-4B98-AA3E-CD0F046703B5} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{AF0CF356-AAD1-4B98-AA3E-CD0F046703B5}\64C69756273723 : DhcpNameServer = 10.0.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli CPNP
mASetup: {A429C2AE-EBF1-4F81-A221-1C115CAADDAD} - msiexec /fmous {A429C2AE-EBF1-4F81-A221-1C115CAADDAD} /qn
mASetup: {B104C813-FB09-4B7B-B675-5EF0C176AF66} - msiexec /fu {B104C813-FB09-4B7B-B675-5EF0C176AF66} /qn
mASetup: Citrix_ICA_Client_11.2.0.31560_ENG - Msiexec /fu {0BCA9EFD-F2D6-4638-B053-8693BA0404BE} /qn
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe [2011-11-2 81920]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2007-5-24 36368]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2007-5-24 673456]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2011-11-1 33832]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2007-5-24 2234800]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2011-11-1 127488]
S2 !SASCORE;SAS Core Service;"c:\program files\superantispyware\sascore.exe" --> c:\program files\superantispyware\SASCORE.EXE [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;"c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe" /servicestart --> c:\program files\mcafee\managed virusscan\agent\myAgtSvc.Exe [?]
S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2007-5-24 110032]
S3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2011-11-10 223960]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2011-11-1 47104]
S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-11-1 49152]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2011-11-1 38400]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 tcm;tcm;c:\windows\system32\drivers\tcm.sys [2011-11-1 12952]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-2 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-2 1343400]
.
=============== Created Last 30 ================
.
2011-11-11 05:20:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 17:39:45 266440 ----a-w- c:\windows\system32\PROUnstl.exe
2011-11-10 17:39:25 62144 ----a-w- c:\windows\system32\NicInstY.dll
2011-11-10 17:39:25 223960 ----a-w- c:\windows\system32\drivers\e1y6232.sys
2011-11-10 17:35:08 -------- d-----w- c:\program files\Cisco
2011-11-10 17:33:44 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-11-10 17:33:44 58368 ----a-w- c:\windows\system32\bcmwlrmt.dll
2011-11-10 17:33:44 52224 ----a-w- c:\windows\system32\wltrynt.dll
2011-11-10 17:33:44 4517888 ----a-w- c:\windows\system32\bcmttls.dll
2011-11-10 17:33:44 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2011-11-10 17:33:43 7489024 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2011-11-10 17:33:40 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2011-11-10 17:33:40 2707448 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2011-11-10 16:24:29 -------- d-----w- c:\program files\CCleaner
2011-11-10 15:35:26 388096 ----a-w- c:\windows\system32\drivers\csc.sys
2011-11-10 08:10:22 -------- d-----w- c:\windows\system32\BestPractices
2011-11-10 07:38:51 -------- d-----w- C:\inetpub
2011-11-10 04:30:47 23 ----a-w- c:\windows\CIO857E.tmp
2011-11-10 04:11:39 20568 ----a-w- c:\windows\erase_SR.exe
2011-11-10 01:35:30 24550 ----a-w- c:\windows\bcm6289.tmp
2011-11-09 19:53:13 -------- d-----w- c:\users\dsjwv\appdata\roaming\Malwarebytes
2011-11-09 19:53:08 -------- d-----w- c:\programdata\Malwarebytes
2011-11-09 19:53:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-09 19:37:05 6146896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-11-09 19:36:59 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{527dcb8f-9adc-4dfc-80fe-4720fbba5faf}\mpengine.dll
2011-11-09 18:31:33 -------- d-----w- c:\programdata\!SASCORE
2011-11-09 18:31:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-09 18:19:15 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-09 16:16:56 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 16:16:52 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 16:16:48 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 16:15:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-09 15:31:35 -------- d-----w- c:\program files\MSDN
2011-11-09 15:25:03 -------- d-----w- c:\program files\Microsoft Device Emulator
2011-11-09 15:24:05 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2011-11-09 15:15:05 -------- d-----w- c:\programdata\PreEmptive Solutions
2011-11-09 15:04:04 -------- d-----w- c:\program files\HTML Help Workshop
2011-11-09 15:04:04 -------- d-----w- c:\program files\common files\Merge Modules
2011-11-09 15:04:04 -------- d-----w- c:\program files\CE Remote Tools
2011-11-09 15:02:24 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2011-11-09 15:00:19 97296 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1036.dll
2011-11-09 15:00:19 96272 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.3082.dll
2011-11-09 15:00:19 96272 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1031.dll
2011-11-09 15:00:19 95248 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1040.dll
2011-11-09 15:00:19 91152 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1033.dll
2011-11-09 15:00:19 81424 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1041.dll
2011-11-09 15:00:19 79888 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1042.dll
2011-11-09 15:00:19 76304 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1028.dll
2011-11-09 15:00:19 75792 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.2052.dll
2011-11-09 15:00:19 562688 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.exe
2011-11-03 15:59:50 -------- d-----w- c:\windows\WindowsMobile
2011-11-03 12:49:49 1699328 ----a-w- c:\windows\system32\esent.dll
2011-11-03 12:49:48 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-11-03 12:49:47 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-11-03 12:49:46 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-11-03 12:49:44 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-11-03 12:49:42 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-11-03 12:49:41 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-11-03 12:49:40 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-11-03 12:49:39 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-11-03 05:30:32 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-11-03 05:28:07 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-11-03 05:28:07 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-11-03 05:28:07 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-11-03 05:28:07 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-11-03 05:28:07 337408 ----a-w- c:\windows\system32\mssph.dll
2011-11-03 05:28:07 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-11-03 05:28:07 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-11-03 05:28:07 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-11-03 05:28:07 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-11-03 05:11:14 -------- d-----w- c:\windows\system32\SPReview
2011-11-03 05:11:05 -------- d-----w- c:\users\dsjwv\appdata\local\Microsoft Games
2011-11-03 04:44:22 -------- d-----w- c:\windows\system32\EventProviders
2011-11-03 03:59:55 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-11-03 03:58:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-11-03 03:58:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-11-03 03:58:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-11-03 03:58:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-11-03 03:58:15 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-03 03:58:05 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-11-03 03:58:04 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-11-03 03:58:04 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-11-03 03:56:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 03:56:28 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-11-03 03:56:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-11-03 03:56:23 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-11-03 03:56:20 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-11-03 03:56:11 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-11-03 03:56:10 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-11-03 03:56:04 2616320 ----a-w- c:\windows\explorer.exe
2011-11-03 03:56:00 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-11-03 03:48:26 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-11-03 02:35:49 -------- d-----w- c:\users\dsjwv\appdata\local\Apps
2011-11-02 23:48:24 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2011-11-02 23:19:37 527360 ------w- c:\windows\system32\stapi32.dll
2011-11-02 23:19:12 61440 ----a-w- c:\windows\system32\aestaren.dll
2011-11-02 23:19:12 380928 ----a-w- c:\windows\system32\aestecap.dll
2011-11-02 23:19:12 140288 ----a-w- c:\windows\system32\aestacap.dll
2011-11-02 23:19:11 3354624 ----a-w- c:\windows\system32\stlang.dll
2011-11-02 23:19:11 12628060 ----a-w- c:\windows\system32\idtcpl.cpl
2011-11-02 23:18:33 945664 ----a-w- c:\windows\system32\stapo.dll
2011-11-02 23:18:33 423424 ----a-w- c:\windows\system32\drivers\stwrt.sys
2011-11-02 23:18:33 405504 ----a-w- c:\windows\system32\stcplx.dll
2011-11-02 23:18:33 175616 ----a-w- c:\windows\system32\st326274.dll
2011-11-02 19:37:57 -------- d-----w- c:\programdata\Attachmate
2011-11-02 19:37:49 -------- d-----w- c:\program files\Attachmate
2011-11-02 19:37:49 -------- d-----w- C:\DesktopFolder
2011-11-02 19:35:53 -------- d-----w- c:\windows\Downloaded Installations
2011-11-02 19:27:53 -------- d-----w- C:\drvrtmp
2011-11-02 19:27:43 -------- d-----w- C:\dell
2011-11-02 19:13:23 -------- d-----w- c:\users\dsjwv\appdata\local\ElevatedDiagnostics
2011-11-02 18:55:04 -------- d-----w- c:\program files\Microsoft Games
2011-11-02 16:32:05 -------- d-----w- c:\users\dsjwv\appdata\local\Microsoft_Corporation
2011-11-02 16:26:07 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-11-02 16:26:01 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-11-02 16:25:59 -------- d-----w- c:\windows\system32\1033
2011-11-02 16:22:51 -------- d-----w- c:\program files\Microsoft SQL Server
2011-11-02 14:55:35 -------- d-----w- c:\windows\pss
2011-11-02 14:31:16 86016 ----a-w- c:\windows\unvise32.exe
2011-11-02 14:12:41 -------- d-----w- c:\program files\Quake III Arena
2011-11-02 14:12:20 327168 ----a-w- c:\windows\IsUninst.exe
2011-11-02 03:58:49 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2011-11-02 03:58:49 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
2011-11-02 03:57:41 -------- d-----w- c:\program files\common files\McAfee
2011-11-02 03:56:27 -------- d-----w- c:\users\dsjwv\appdata\roaming\McAfee
2011-11-02 03:36:20 33832 ----a-r- c:\windows\system32\drivers\cvusbdrv.sys
2011-11-02 03:33:04 982240 ----a-w- c:\windows\system32\igkrng500.bin
2011-11-02 03:33:04 92356 ----a-w- c:\windows\system32\igfcg500m.bin
2011-11-02 03:33:04 828928 ----a-w- c:\windows\system32\igfxress.dll
2011-11-02 03:33:04 81920 ----a-w- c:\windows\system32\igfxCoIn_v2182.dll
2011-11-02 03:33:04 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-11-02 03:33:04 5120 ----a-w- c:\windows\system32\HdmiCoin.dll
2011-11-02 03:33:04 439308 ----a-w- c:\windows\system32\igcompkrng500.bin
2011-11-02 03:33:04 127488 ----a-w- c:\windows\system32\drivers\IntcHdmi.sys
2011-11-02 03:33:03 95232 ----a-w- c:\windows\system32\hccutils.dll
2011-11-02 03:33:03 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-11-02 03:32:57 28792 ----a-w- c:\windows\system32\NicCo36.dll
2011-11-02 03:32:57 12952 ----a-w- c:\windows\system32\drivers\tcm.sys
2011-11-02 03:32:57 121440 ----a-w- c:\windows\system32\e1000msg.dll
2011-11-02 03:32:56 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-11-02 03:32:43 18344 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2011-11-02 03:32:42 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2011-11-02 03:32:36 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-11-02 03:27:32 -------- d-sh--w- C:\Boot
2011-11-02 01:51:56 -------- d-----w- c:\windows\dell
2011-11-02 01:51:11 -------- d-----w- C:\SymphonyRPM
2011-11-02 01:51:08 -------- d-----w- c:\program files\Information Resources
2011-11-02 01:51:08 -------- d-----w- C:\AS_Install
2011-11-02 01:36:34 -------- d-----w- C:\SvcTools
2011-11-02 01:35:41 55304 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2011-11-02 01:35:01 -------- d-----w- c:\program files\McAfee
2011-11-02 01:34:44 -------- d-----w- c:\windows\system32\Adobe
2011-11-02 01:03:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-11-02 01:03:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-11-02 01:03:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-11-02 01:03:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-11-02 01:03:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-11-02 01:03:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-11-02 01:03:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-11-02 01:01:24 2516 ----a-w- c:\windows\system32\drivers\default.bin
2011-11-02 01:01:24 2516 ----a-w- c:\windows\system32\default.bin
2011-11-02 01:00:52 -------- d-----w- c:\program files\CheckPoint
2011-11-02 00:48:03 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2011-11-02 00:48:03 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2011-11-02 00:48:03 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2011-11-02 00:48:02 90112 ----a-w- c:\windows\system32\snymsico.dll
2011-11-02 00:48:02 49152 ----a-w- c:\windows\system32\drivers\risdpe86.sys
2011-11-02 00:48:02 47104 ----a-w- c:\windows\system32\drivers\rimspe86.sys
2011-11-02 00:48:02 38400 ----a-w- c:\windows\system32\drivers\rixdpe86.sys
2011-11-02 00:48:02 196608 ----a-w- c:\windows\system32\RiSDIcon.dll
2011-11-02 00:48:02 188416 ----a-w- c:\windows\system32\RiMMCIcon.dll
2011-11-02 00:48:02 172032 ----a-w- c:\windows\system32\rixdicon.dll
2011-11-02 00:47:21 -------- d-----w- c:\program files\DellTPad
2011-11-02 00:41:45 -------- d-----w- c:\program files\IDT
2011-11-02 00:41:44 86016 ----a-w- c:\windows\system32\AESTCom.dll
2011-11-02 00:41:41 -------- d-----w- c:\windows\system32\SRSLabs
2011-11-02 00:41:01 -------- d-----w- C:\Intel
2011-11-01 22:47:55 -------- d-----w- C:\DellPCBackup
.
==================== Find3M ====================
.
2011-11-03 05:06:54 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-20 04:31:05 981504 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 04:24:12 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- c:\windows\system32\psisrndr.ax
.
============= FINISH: 0:44:06.47 ===============

AND ATTACH:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/1/2011 8:59:25 PM
System Uptime: 11/10/2011 10:43:58 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0G866N
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Microprocessor | 2535/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 91.203 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: SecuRemote Miniport
Device ID: ROOT\CP_FW1MP\0000
Manufacturer: Check Point
Name: Check Point Virtual Network Adapter For SecureClient - SecuRemote Miniport
PNP Device ID: ROOT\CP_FW1MP\0000
Service: FW1
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: SecuRemote Miniport
Device ID: ROOT\CP_FW1MP\0004
Manufacturer: Check Point
Name: Microsoft Virtual WiFi Miniport Adapter #2 - SecuRemote Miniport
PNP Device ID: ROOT\CP_FW1MP\0004
Service: FW1
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: SecuRemote Miniport
Device ID: ROOT\CP_FW1MP\0005
Manufacturer: Check Point
Name: Microsoft Virtual WiFi Miniport Adapter - SecuRemote Miniport
PNP Device ID: ROOT\CP_FW1MP\0005
Service: FW1
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) 82567LM Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_10F5&SUBSYS_02331028&REV_03\3&2B8E0B4B&0&C8
Manufacturer: Intel
Name: Intel(R) 82567LM Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_10F5&SUBSYS_02331028&REV_03\3&2B8E0B4B&0&C8
Service: e1yexpress
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&3A6DFD66&4&05
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter #3
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&3A6DFD66&4&05
Service: vwifimp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Check Point Virtual Network Adapter For SecureClient
Device ID: ROOT\NET\0000
Manufacturer: Check Point
Name: Check Point Virtual Network Adapter For SecureClient
PNP Device ID: ROOT\NET\0000
Service: VNASC
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Photoshop 6.0
Adobe Reader 9.2
Adobe SVG Viewer
Apple Application Support
Attachmate Reflection Multi-Host, Standard 14.0.5826
CCleaner
Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix online plug-in (Web)
Dell Touchpad
DW WLAN Card Utility
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
IDT Audio
InfraRecorder 0.5
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections Drivers
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 22
JInitiator
Macromedia Authorware Web Player
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007 R2
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Viewer 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
MSDN Library for Visual Studio 2008 - ENU
Quake III Arena
Quake III Arena Point Release 1.32
QuickTime
RICOH Media Driver ver.2.07.01.01
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office system 2007 (KB974234)
Service Pack 1 for SQL Server 2008 R2 (KB2528583)
SQL Server 2008 R2 SP1 Common Files
SQL Server 2008 R2 SP1 Management Studio
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VC Runtimes MSI
VirusScan Enterprise Client
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 x86 Runtime Setup Package
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Windows Driver Package - Broadcom (BCM43XX) Net (01/21/2010 5.60.48.35)
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows Mobile Device Center
WinZip
X7Magic Setup
.
==== Event Viewer Messages From Past Week ========
.
11/10/2011 8:15:34 PM, Error: Service Control Manager [7023] - The DHCP Client service terminated with the following error: Element not found.
11/10/2011 8:15:33 PM, Error: Microsoft-Windows-Dhcp-Client [1004] - Error occurred in stopping the Dhcpv4 Client service. Error code is 0x490. ShutDown Flag value is 1
11/10/2011 8:11:34 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The request is not supported.
11/10/2011 2:29:28 PM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
11/10/2011 10:48:30 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
11/10/2011 10:47:06 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
11/10/2011 10:44:21 PM, Error: Service Control Manager [7000] - The SAS Core Service service failed to start due to the following error: The system cannot find the file specified.
11/10/2011 10:44:21 PM, Error: Service Control Manager [7000] - The McAfee Virus and Spyware Protection Service service failed to start due to the following error: The system cannot find the file specified.
11/10/2011 10:44:21 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain IRI_CORP due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
11/10/2011 10:44:17 PM, Error: Service Control Manager [7023] - The Offline Files service terminated with the following error: The system cannot find the path specified.
11/10/2011 10:44:17 PM, Error: Service Control Manager [7000] - The Check Point Virtual Network Adapter - SecureClient service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/10/2011 10:43:38 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
11/10/2011 1:01:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SAS Core Service service to connect.
11/10/2011 1:01:44 PM, Error: Service Control Manager [7000] - The SAS Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

I have several adapters disabled right now as I've been trying everything I can think of. Again, many thanks for any help you can provide...

Jim

jimvski, Nov 11, 2011

#2
Broni Malware Annihilator
Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================

You're not running any AV program but we'll get back to it later when we reestablish your internet connection.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:

On completion of the scan click "Save log", save it to your desktop and post in your next reply:

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, Nov 11, 2011

#3
jimvski Newcomer, in training

I think it's fixed.

Broni,

Thank you very much for your response. I think I actually have it working ok now. Doing a ton of reading about DNS and the fact that nslookup worked yet ping didn't pointed me to the Windows system dns code. I made an assumption that one of the files was corrupted so I actually uninstalled Windows SP1 hoping that it would overwrite the system DNS files. It apparently did because I'm up and running. I reinstalled a fresh version of SP 1 and all is still fine. As far as AV software - my company pushes out McAfee which I don't put much faith in so I'll be reinstalling MalwareBytes.

Although it seems fixed, do you recommend doing anything else to check?

Thanks again.
Jim

jimvski, Nov 11, 2011

#4
Broni Malware Annihilator

I'd go with a checkup.

Broni, Nov 11, 2011

#5
jimvski Newcomer, in training

NOT FIXED.... So I followed your instructions

Trying to be on the safe side, I decided to run a few different scans. MalwareBytes came up clean but then I ran SuperAntiSpyware and it found an infection. So, with conflicting info, I decided to follow your instructions. I ran aswMBR and it said I was infected with Win32: Alureon-AJI. I then Ran Combofix per your instructions and it found RootKit.ZeroAccess. I got the BSOD a couple times but Combofix seemed to keep going. Both logs are posted below. Seems like so far so good but what's next???

aswMBR Log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-11 15:13:07
-----------------------------
15:13:07.059 OS Version: Windows 6.1.7601 Service Pack 1
15:13:07.059 Number of processors: 2 586 0x170A
15:13:07.059 ComputerName: CHIGYVG4L1L UserName: DSJWV
15:13:27.558 Initialize success
15:13:34.344 AVAST engine defs: 11111100
15:14:34.326 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:14:34.326 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
15:14:36.354 Disk 0 MBR read successfully
15:14:36.354 Disk 0 MBR scan
15:14:36.369 Disk 0 Windows VISTA default MBR code
15:14:36.369 Disk 0 scanning sectors +312578048
15:14:36.463 Disk 0 scanning C:\Windows\system32\drivers
15:14:38.007 File: C:\Windows\system32\drivers\blbdrive.sys **INFECTED** Win32:Alureon-AJI [Rtk]
15:14:47.789 Service scanning
15:14:50.831 Service .blbdrive \* **LOCKED** 123
15:14:51.689 Modules scanning
15:15:01.314 Disk 0 trace - called modules:
15:15:01.345 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
15:15:01.361 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e191a0]
15:15:01.361 3 CLASSPNP.SYS[891ad59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85073908]
15:15:02.733 AVAST engine scan C:\Windows
15:15:05.011 AVAST engine scan C:\Windows\system32
15:16:56.894 AVAST engine scan C:\Windows\system32\drivers
15:16:58.252 File: C:\Windows\system32\drivers\blbdrive.sys **INFECTED** Win32:Alureon-AJI [Rtk]
15:17:09.094 AVAST engine scan C:\Users\DSJWV
15:27:12.518 AVAST engine scan C:\ProgramData
15:27:46.682 Scan finished successfully
15:28:08.616 Disk 0 MBR has been saved successfully to "C:\Users\DSJWV\Desktop\MBR.dat"
15:28:08.616 The log file has been saved successfully to "C:\Users\DSJWV\Desktop\aswMBR.txt"

COMBOFIX LOG:

ComboFix 11-11-11.06 - DSJWV 11/11/2011 15:45:32.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2000.1279 [GMT -5:00]
Running from: c:\users\DSJWV\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
c:\programdata\Microsoft\corecon\1.0\addons\SDKAddonVer.dll
c:\programdata\Microsoft\corecon\1.0\SDKFilesVer.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\windows\$NtUninstallKB15667$\1813779170
c:\windows\system32\
c:\windows\system32\c_49850.nls
c:\windows\system32\drivers\bcm7ED0.tmp
c:\windows\system32\drivers\npf.sys
c:\windows\system32\oem80.inf
c:\windows\system32\oem89.inf
c:\windows\$NtUninstallKB15667$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 19:40 . 2011-11-11 19:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-11 16:05 . 2011-11-11 16:05 -------- d-----w- c:\users\DefaultAppPool
2011-11-11 14:59 . 2011-11-11 14:59 -------- d-----w- c:\program files\Microsoft Network Monitor 3
2011-11-11 05:20 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 17:39 . 2011-01-28 16:19 266440 ----a-w- c:\windows\system32\PROUnstl.exe
2011-11-10 17:39 . 2011-03-23 21:02 223960 ----a-w- c:\windows\system32\drivers\e1y6232.sys
2011-11-10 17:39 . 2009-10-11 05:26 62144 ----a-w- c:\windows\system32\NicInstY.dll
2011-11-10 17:35 . 2011-11-10 17:35 -------- d-----w- c:\program files\Cisco
2011-11-10 17:33 . 2010-02-02 03:20 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-11-10 17:33 . 2010-02-02 03:19 58368 ----a-w- c:\windows\system32\bcmwlrmt.dll
2011-11-10 17:33 . 2010-02-02 03:18 4517888 ----a-w- c:\windows\system32\bcmttls.dll
2011-11-10 17:33 . 2010-02-02 03:18 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2011-11-10 17:33 . 2010-02-02 03:18 7489024 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2011-11-10 17:33 . 2010-02-02 03:20 2707448 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2011-11-10 17:33 . 2010-02-02 03:20 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2011-11-10 16:24 . 2011-11-10 16:24 -------- d-----w- c:\program files\CCleaner
2011-11-10 15:35 . 2011-11-10 15:34 388096 ----a-w- c:\windows\system32\drivers\csc.sys
2011-11-10 08:10 . 2011-11-10 08:10 -------- d-----w- c:\windows\system32\BestPractices
2011-11-10 07:38 . 2011-11-10 08:10 -------- d-----w- C:\inetpub
2011-11-10 04:30 . 2011-11-10 04:30 23 ----a-w- c:\windows\CIO857E.tmp
2011-11-10 04:11 . 2007-05-24 15:13 20568 ----a-w- c:\windows\erase_SR.exe
2011-11-10 01:35 . 2011-11-10 01:36 24550 ----a-w- c:\windows\bcm6289.tmp
2011-11-09 19:53 . 2011-11-09 19:53 -------- d-----w- c:\programdata\Malwarebytes
2011-11-09 19:53 . 2011-11-11 05:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-09 19:36 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{527DCB8F-9ADC-4DFC-80FE-4720FBBA5FAF}\mpengine.dll
2011-11-09 18:31 . 2011-11-09 18:31 -------- d-----w- c:\programdata\!SASCORE
2011-11-09 18:31 . 2011-11-11 19:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-09 18:19 . 2011-11-09 18:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-09 16:16 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 16:16 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 16:15 . 2011-11-09 16:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-09 15:31 . 2011-11-09 15:31 -------- d-----w- c:\program files\MSDN
2011-11-09 15:25 . 2011-11-09 15:25 -------- d-----w- c:\program files\Microsoft Device Emulator
2011-11-09 15:24 . 2011-11-09 15:24 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2011-11-09 15:15 . 2011-11-09 15:15 -------- d-----w- c:\programdata\PreEmptive Solutions
2011-11-09 15:08 . 2011-11-09 15:08 -------- d-----w- c:\windows\symbols
2011-11-09 15:04 . 2011-11-09 15:15 -------- d-----w- c:\program files\Common Files\Merge Modules
2011-11-09 15:04 . 2011-11-09 15:10 -------- d-----w- c:\program files\HTML Help Workshop
2011-11-09 15:04 . 2011-11-09 15:04 -------- d-----w- c:\program files\CE Remote Tools
2011-11-09 15:02 . 2011-11-09 15:02 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2011-11-09 15:00 . 2011-11-09 15:00 97296 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1036.dll
2011-11-09 15:00 . 2011-11-09 15:00 96272 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.3082.dll
2011-11-09 15:00 . 2011-11-09 15:00 96272 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1031.dll
2011-11-09 15:00 . 2011-11-09 15:00 95248 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1040.dll
2011-11-09 15:00 . 2011-11-09 15:00 91152 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1033.dll
2011-11-09 15:00 . 2011-11-09 15:00 81424 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1041.dll
2011-11-09 15:00 . 2011-11-09 15:00 79888 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1042.dll
2011-11-09 15:00 . 2011-11-09 15:00 76304 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1028.dll
2011-11-09 15:00 . 2011-11-09 15:00 75792 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.2052.dll
2011-11-09 15:00 . 2011-11-09 15:00 562688 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
2011-11-03 15:59 . 2011-11-03 16:00 -------- d-----w- c:\windows\WindowsMobile
2011-11-03 12:49 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2011-11-03 12:49 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-11-03 12:49 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-11-03 12:49 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-11-03 12:49 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-11-03 12:49 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-11-03 12:49 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-11-03 12:49 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-11-03 12:49 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-11-03 12:49 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-11-03 12:26 . 2011-11-11 13:45 -------- d-----w- c:\users\User
2011-11-03 05:30 . 2011-08-13 04:18 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-11-03 05:28 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-11-03 05:28 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-11-03 05:28 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-11-03 05:28 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-11-03 05:28 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-11-03 04:46 . 2010-11-20 08:19 296448 ----a-w- c:\windows\system32\mfds.dll
2011-11-03 04:44 . 2011-11-03 04:44 -------- d-----w- c:\windows\system32\EventProviders
2011-11-03 04:00 . 2011-08-20 04:26 860672 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-11-03 04:00 . 2011-08-20 04:26 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-11-03 04:00 . 2011-04-29 04:57 189952 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-11-03 04:00 . 2011-10-01 02:42 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 03:58 . 2011-07-16 04:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-11-03 03:58 . 2011-07-16 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-11-03 03:58 . 2011-07-16 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-11-03 03:58 . 2011-07-16 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-11-03 03:58 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-11-03 03:58 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-11-03 03:58 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-11-03 03:56 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-11-03 03:56 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-11-03 03:56 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-11-03 03:56 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-11-03 03:56 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-11-03 03:56 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2011-11-03 03:48 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-11-03 03:48 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-11-03 03:48 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
2011-11-02 23:49 . 2010-02-02 03:18 1032192 ----a-w- c:\windows\system32\BCMLogon.dll
2011-11-02 23:49 . 2010-02-02 03:18 1032192 ----a-w- c:\windows\system32\bcmCB2E.tmp
2011-11-02 23:49 . 2010-02-02 03:20 6656 ----a-w- c:\windows\system32\bcm7F9C.tmp
2011-11-02 23:49 . 2010-02-02 03:19 58368 ----a-w- c:\windows\system32\bcm79BB.tmp
2011-11-02 23:49 . 2010-02-02 03:18 4517888 ----a-w- c:\windows\system32\bcm7BA0.tmp
2011-11-02 23:49 . 2010-02-02 03:18 18424 ----a-w- c:\windows\system32\drivers\bcm7DB5.tmp
2011-11-02 23:49 . 2010-02-02 03:20 52224 ----a-w- c:\windows\system32\bcm791D.tmp
2011-11-02 23:49 . 2010-02-02 03:20 457 ----a-w- c:\windows\system32\bcm736A.tmp
2011-11-02 23:49 . 2010-02-02 03:20 2682880 ----a-w- c:\windows\system32\bcm72CC.tmp
2011-11-02 23:49 . 2010-02-02 03:18 7489024 ----a-w- c:\windows\system32\bcm7850.tmp
2011-11-02 23:49 . 2011-11-02 23:49 -------- d-----w- c:\program files\Dell
2011-11-02 23:48 . 2010-02-02 03:19 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2011-11-02 23:19 . 2010-01-27 06:28 140288 ----a-w- c:\windows\system32\aestacap.dll
2011-11-02 23:19 . 2009-10-10 04:45 380928 ----a-w- c:\windows\system32\aestecap.dll
2011-11-02 23:19 . 2009-03-03 05:57 61440 ----a-w- c:\windows\system32\aestaren.dll
2011-11-02 23:19 . 2010-03-10 03:56 12628060 ----a-w- c:\windows\system32\idtcpl.cpl
2011-11-02 23:18 . 2010-03-10 03:56 423424 ----a-w- c:\windows\system32\drivers\stwrt.sys
2011-11-02 19:37 . 2011-11-02 19:37 -------- d-----w- c:\programdata\Attachmate
2011-11-02 19:37 . 2011-11-02 19:38 -------- d-----w- C:\DesktopFolder
2011-11-02 19:37 . 2011-11-02 19:37 -------- d-----w- c:\program files\Attachmate
2011-11-02 19:35 . 2011-11-02 19:35 -------- d-----w- c:\windows\Downloaded Installations
2011-11-02 19:27 . 2011-11-10 17:39 -------- d-----w- C:\drvrtmp
2011-11-02 19:27 . 2011-11-11 18:54 -------- d-----w- C:\dell
2011-11-02 18:55 . 2011-11-02 18:55 -------- d-----w- c:\program files\Microsoft Games
2011-11-02 16:26 . 2011-11-02 16:26 -------- d-----w- c:\program files\Microsoft SDKs
2011-11-02 16:26 . 2011-11-09 15:15 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-11-02 16:26 . 2011-11-02 16:26 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-11-02 16:26 . 2011-11-02 16:26 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-11-02 16:25 . 2011-11-09 15:06 -------- d-----w- c:\windows\system32\1033
2011-11-02 16:22 . 2011-11-03 13:35 -------- d-----w- c:\program files\Microsoft SQL Server
2011-11-02 14:31 . 1999-12-17 14:13 86016 ----a-w- c:\windows\unvise32.exe
2011-11-02 14:12 . 2011-11-02 14:31 -------- d-----w- c:\program files\Quake III Arena
2011-11-02 14:12 . 1998-10-02 23:00 327168 ----a-w- c:\windows\IsUninst.exe
2011-11-02 03:58 . 2011-08-03 21:56 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2011-11-02 03:58 . 2011-08-03 21:56 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 18:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-09-29 03:37 . 2011-11-09 16:16 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-08-20 04:31 . 2011-11-03 04:00 981504 ----a-w- c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 488816]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2008-12-17 5160288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-10 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-05 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-05 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-05 172568]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5249024]
"SMA8.4.0.43"="c:\svctools\8.4.0.43\bin\lnchr.exe" [2011-07-11 532480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1487472903-838666396-1598175747-12172\Scripts\Logon\0\0]
"Script"=\\infores.com\netlogon\admin.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1487472903-838666396-1598175747-12172\Scripts\Logon\1\0]
"Script"=\\infores.com\NETLOGON\logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1487472903-838666396-1598175747-12172\Scripts\Logon\2\0]
"Script"=\\infores.com\NETLOGON\logon.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2009-09-13 04:09 103768 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-11-07 18:04 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2011-11-09 130384]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
R3 tcm;tcm;c:\windows\system32\DRIVERS\tcm.sys [2009-04-17 12952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-02 1343400]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S1 FW1;SecuRemote Miniport;c:\windows\system32\DRIVERS\fw.sys [2007-05-24 2234800]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-09 39736]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2011-11-09 81920]
S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2007-05-24 36368]
S2 SMA8.4.0.43;Software Management Agent 8.4.0.43;c:\svctools\8.4.0.43\bin\lnchr.exe [2011-07-11 532480]
S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\DRIVERS\vnasc.sys [2007-05-24 110032]
S2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [2007-05-24 673456]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-06-26 33832]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2011-03-23 223960]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://o.aolcdn.com/aim/gromit/aim_express/gm/101215.6261.1.en-us/WidgetMain.html
uInternet Settings,ProxyOverride = 170.118.*;10.235.*;*.infores.com;127.0.01;*knowledgroup.com;*iriknowledgegroup.com;*symphonytg.com;*symphonyrpm.com;*symphonysv.com;10.85.226.106;139.61.238.26;ard.acxiom.com;*.cpgnetwork.com;*.iriworldwide.com;datadefense2.ironmountain.com;download.microsoft.com;silverlight.dlservice.microsoft.com;*.shavlik.com;crl.verisign.net;<local>
uInternet Settings,ProxyServer = Proxy.infores.com:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: citi.com\creditcards
Trusted Zone: infores.com\cpgndev2
Trusted Zone: infores.com\cpgnprod
Trusted Zone: infores.com\iriteams
Trusted Zone: infores.com\pricesim
Trusted Zone: infores.com\pricesimp
Trusted Zone: verizon.net\mailbox
Trusted Zone: verizon.net\webmail
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-McAfee Managed Services Tray - c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.Exe
HKLM_ActiveSetup-Citrix_ICA_Client_11.2.0.31560_ENG - Msiexec
HKLM_ActiveSetup-{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} - msiexec
HKLM_ActiveSetup-{B104C813-FB09-4B7B-B675-5EF0C176AF66} - msiexec
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.blbdrive]
"ImagePath"="\*"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
c:\windows\system32\WUDFHost.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\taskhost.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
c:\windows\system32\conhost.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-11-11 16:11:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-11 21:11
.
Pre-Run: 96,758,652,928 bytes free
Post-Run: 96,862,679,040 bytes free
.
- - End Of File - - 57C0D36CFB514D4DD589E8506CE13A04

jimvski, Nov 11, 2011

#6
Broni Malware Annihilator

Post fresh aswMBR log.

Broni, Nov 11, 2011

#7
jimvski Newcomer, in training

aswMBR log ...

Still showing an infection of blbdrive.sys...

LOG:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-11 17:55:18
-----------------------------
17:55:18.194 OS Version: Windows 6.1.7601 Service Pack 1
17:55:18.194 Number of processors: 2 586 0x170A
17:55:18.194 ComputerName: CHIGYVG4L1L UserName: DSJWV
17:55:18.740 Initialize success
17:55:49.582 AVAST engine defs: 11111101
17:56:07.568 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:56:07.568 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
17:56:09.596 Disk 0 MBR read successfully
17:56:09.596 Disk 0 MBR scan
17:56:09.612 Disk 0 Windows VISTA default MBR code
17:56:09.612 Disk 0 scanning sectors +312578048
17:56:09.706 Disk 0 scanning C:\Windows\system32\drivers
17:56:11.203 File: C:\Windows\system32\drivers\blbdrive.sys **INFECTED** Win32:Alureon-AJI [Rtk]
17:56:20.906 Service scanning
17:56:22.638 Service .blbdrive \* **LOCKED** 123
17:56:23.496 Modules scanning
17:56:32.918 Disk 0 trace - called modules:
17:56:32.950 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
17:56:32.950 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e1f030]
17:56:32.950 3 CLASSPNP.SYS[891bd59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85948908]
17:56:34.151 AVAST engine scan C:\Windows
17:56:37.364 AVAST engine scan C:\Windows\system32
17:58:30.683 AVAST engine scan C:\Windows\system32\drivers
17:58:33.101 File: C:\Windows\system32\drivers\blbdrive.sys **INFECTED** Win32:Alureon-AJI [Rtk]
17:58:54.317 AVAST engine scan C:\Users\DSJWV
18:08:25.886 AVAST engine scan C:\ProgramData
18:09:05.667 Scan finished successfully
18:09:17.289 Disk 0 MBR has been saved successfully to "C:\Users\DSJWV\Desktop\MBR.dat"
18:09:17.304 The log file has been saved successfully to "C:\Users\DSJWV\Desktop\aswMBR.txt"

jimvski, Nov 11, 2011

#8
Broni Malware Annihilator
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

Double-click SystemLook.exe to run it.

Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator

Copy the content of the following box and paste it into the main textfield:

Code:

:filefind blbdrive.sys

Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
Broni, Nov 11, 2011

#9
jimvski Newcomer, in training

SystemLook Output

Here it is...

SystemLook 30.07.11 by jpshortstuff
Log created at 18:25 on 11/11/2011 by DSJWV
(Limited User)

========== filefind ==========

Searching for "blbdrive.sys"
C:\Windows\System32\drivers\blbdrive.sys --a---- 35328 bytes [23:23 13/07/2009] [23:23 13/07/2009] A6B4C8894619B4BF735DB45108FB0322
C:\Windows\System32\DriverStore\FileRepository\blbdrive.inf_x86_neutral_1aa816fe7dc98c3f\blbdrive.sys --a---- 35328 bytes [23:23 13/07/2009] [23:23 13/07/2009] 2287078ED48FCFC477B05B20CF38F36F
C:\Windows\winsxs\x86_blbdrive.inf_31bf3856ad364e35_6.1.7600.16385_none_8d49fd7c287c0b48\blbdrive.sys --a---- 35328 bytes [23:23 13/07/2009] [23:23 13/07/2009] 2287078ED48FCFC477B05B20CF38F36F

-= EOF =-

jimvski, Nov 11, 2011

#10
Broni Malware Annihilator
1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box

Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

FCopy:: C:\Windows\System32\DriverStore\FileRepository\blbdrive.inf_x86_neutral_1aa816fe7dc98c3f\blbdrive.sys | C:\Windows\System32\drivers\blbdrive.sys

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Post new aswMBR log as well.
Broni, Nov 11, 2011

#11
jimvski Newcomer, in training

New ComboFix & aswMBR logs...

Didn't ask for reboot. aswMBR report service blbdrive LOCKED but nothing infected.

ComboFix:

ComboFix 11-11-11.06 - DSJWV 11/11/2011 18:52:53.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2000.1141 [GMT -5:00]
Running from: c:\users\DSJWV\Desktop\ComboFix.exe
Command switches used :: c:\users\DSJWV\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\System32\DriverStore\FileRepository\blbdrive.inf_x86_neutral_1aa816fe7dc98c3f\blbdrive.sys --> c:\windows\System32\drivers\blbdrive.sys
.
((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 23:57 . 2011-11-11 23:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-11 20:33 . 2011-11-10 15:34 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-11 19:40 . 2011-11-11 19:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-11 18:13 . 2011-11-11 18:13 -------- d-----w- c:\windows\system32\SPReview
2011-11-11 16:05 . 2011-11-11 16:05 -------- d-----w- c:\users\DefaultAppPool
2011-11-11 14:59 . 2011-11-11 14:59 -------- d-----w- c:\program files\Microsoft Network Monitor 3
2011-11-11 05:20 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 17:39 . 2011-01-28 16:19 266440 ----a-w- c:\windows\system32\PROUnstl.exe
2011-11-10 17:39 . 2011-03-23 21:02 223960 ----a-w- c:\windows\system32\drivers\e1y6232.sys
2011-11-10 17:39 . 2009-10-11 05:26 62144 ----a-w- c:\windows\system32\NicInstY.dll
2011-11-10 17:35 . 2011-11-10 17:35 -------- d-----w- c:\program files\Cisco
2011-11-10 17:33 . 2010-02-02 03:20 52224 ----a-w- c:\windows\system32\wltrynt.dll
2011-11-10 17:33 . 2010-02-02 03:20 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-11-10 17:33 . 2010-02-02 03:19 58368 ----a-w- c:\windows\system32\bcmwlrmt.dll
2011-11-10 17:33 . 2010-02-02 03:18 4517888 ----a-w- c:\windows\system32\bcmttls.dll
2011-11-10 17:33 . 2010-02-02 03:18 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2011-11-10 17:33 . 2010-02-02 03:18 7489024 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2011-11-10 17:33 . 2010-02-02 03:20 2707448 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2011-11-10 17:33 . 2010-02-02 03:20 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2011-11-10 16:24 . 2011-11-10 16:24 -------- d-----w- c:\program files\CCleaner
2011-11-10 15:35 . 2011-11-10 15:34 388096 ----a-w- c:\windows\system32\drivers\csc.sys
2011-11-10 08:10 . 2011-11-10 08:10 -------- d-----w- c:\windows\system32\BestPractices
2011-11-10 07:38 . 2011-11-10 08:10 -------- d-----w- C:\inetpub
2011-11-10 04:30 . 2011-11-10 04:30 23 ----a-w- c:\windows\CIO857E.tmp
2011-11-10 04:11 . 2007-05-24 15:13 20568 ----a-w- c:\windows\erase_SR.exe
2011-11-10 01:35 . 2011-11-10 01:36 24550 ----a-w- c:\windows\bcm6289.tmp
2011-11-09 19:53 . 2011-11-09 19:53 -------- d-----w- c:\programdata\Malwarebytes
2011-11-09 19:53 . 2011-11-11 05:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-09 19:36 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{527DCB8F-9ADC-4DFC-80FE-4720FBBA5FAF}\mpengine.dll
2011-11-09 18:31 . 2011-11-09 18:31 -------- d-----w- c:\programdata\!SASCORE
2011-11-09 18:31 . 2011-11-11 19:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-09 18:19 . 2011-11-09 18:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-09 16:16 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 16:16 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 16:16 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 16:15 . 2011-11-09 16:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-09 15:31 . 2011-11-09 15:31 -------- d-----w- c:\program files\MSDN
2011-11-09 15:25 . 2011-11-09 15:25 -------- d-----w- c:\program files\Microsoft Device Emulator
2011-11-09 15:24 . 2011-11-09 15:24 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2011-11-09 15:15 . 2011-11-09 15:15 -------- d-----w- c:\programdata\PreEmptive Solutions
2011-11-09 15:08 . 2011-11-09 15:08 -------- d-----w- c:\windows\symbols
2011-11-09 15:04 . 2011-11-09 15:15 -------- d-----w- c:\program files\Common Files\Merge Modules
2011-11-09 15:04 . 2011-11-09 15:10 -------- d-----w- c:\program files\HTML Help Workshop
2011-11-09 15:04 . 2011-11-09 15:04 -------- d-----w- c:\program files\CE Remote Tools
2011-11-09 15:02 . 2011-11-09 15:02 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2011-11-09 15:00 . 2011-11-09 15:00 97296 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1036.dll
2011-11-09 15:00 . 2011-11-09 15:00 96272 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.3082.dll
2011-11-09 15:00 . 2011-11-09 15:00 96272 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1031.dll
2011-11-09 15:00 . 2011-11-09 15:00 95248 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1040.dll
2011-11-09 15:00 . 2011-11-09 15:00 91152 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1033.dll
2011-11-09 15:00 . 2011-11-09 15:00 81424 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1041.dll
2011-11-09 15:00 . 2011-11-09 15:00 79888 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1042.dll
2011-11-09 15:00 . 2011-11-09 15:00 76304 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1028.dll
2011-11-09 15:00 . 2011-11-09 15:00 75792 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.2052.dll
2011-11-09 15:00 . 2011-11-09 15:00 562688 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
2011-11-03 15:59 . 2011-11-03 16:00 -------- d-----w- c:\windows\WindowsMobile
2011-11-03 12:49 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2011-11-03 12:49 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-11-03 12:49 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-11-03 12:49 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-11-03 12:49 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-11-03 12:49 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-11-03 12:49 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-11-03 12:49 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-11-03 12:49 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-11-03 12:49 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-11-03 12:26 . 2011-11-11 13:45 -------- d-----w- c:\users\User
2011-11-03 05:30 . 2011-08-13 04:18 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-11-03 05:28 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-11-03 05:28 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-11-03 05:28 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-11-03 05:28 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-11-03 05:28 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-11-03 05:28 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-11-03 05:28 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-11-03 05:28 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-11-03 05:28 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-11-03 04:46 . 2010-11-20 08:19 296448 ----a-w- c:\windows\system32\mfds.dll
2011-11-03 04:44 . 2011-11-03 04:44 -------- d-----w- c:\windows\system32\EventProviders
2011-11-03 03:59 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-11-03 03:58 . 2011-07-16 04:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-11-03 03:58 . 2011-07-16 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-11-03 03:58 . 2011-07-16 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-11-03 03:58 . 2011-07-16 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-11-03 03:58 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-11-03 03:58 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-11-03 03:58 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-11-03 03:56 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 03:56 . 2011-02-18 05:43 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-11-03 03:56 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-11-03 03:56 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-11-03 03:56 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-11-03 03:56 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-11-03 03:56 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-11-03 03:56 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2011-11-03 03:56 . 2011-03-12 11:23 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-11-03 03:48 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-11-03 03:48 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-11-03 03:48 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
2011-11-02 23:48 . 2010-02-02 03:19 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2011-11-02 23:19 . 2010-03-10 03:56 527360 ------w- c:\windows\system32\stapi32.dll
2011-11-02 23:19 . 2010-01-27 06:28 140288 ----a-w- c:\windows\system32\aestacap.dll
2011-11-02 23:19 . 2009-10-10 04:45 380928 ----a-w- c:\windows\system32\aestecap.dll
2011-11-02 23:19 . 2009-03-03 05:57 61440 ----a-w- c:\windows\system32\aestaren.dll
2011-11-02 23:19 . 2010-03-10 03:56 3354624 ----a-w- c:\windows\system32\stlang.dll
2011-11-02 23:19 . 2010-03-10 03:56 12628060 ----a-w- c:\windows\system32\idtcpl.cpl
2011-11-02 23:18 . 2010-03-10 03:56 945664 ----a-w- c:\windows\system32\stapo.dll
2011-11-02 23:18 . 2010-03-10 03:56 423424 ----a-w- c:\windows\system32\drivers\stwrt.sys
2011-11-02 23:18 . 2010-03-10 03:56 405504 ----a-w- c:\windows\system32\stcplx.dll
2011-11-02 23:18 . 2010-03-10 03:56 175616 ----a-w- c:\windows\system32\st326274.dll
2011-11-02 19:37 . 2011-11-02 19:37 -------- d-----w- c:\programdata\Attachmate
2011-11-02 19:37 . 2011-11-02 19:38 -------- d-----w- C:\DesktopFolder
2011-11-02 19:37 . 2011-11-02 19:37 -------- d-----w- c:\program files\Attachmate
2011-11-02 19:35 . 2011-11-02 19:35 -------- d-----w- c:\windows\Downloaded Installations
2011-11-02 19:27 . 2011-11-10 17:39 -------- d-----w- C:\drvrtmp
2011-11-02 19:27 . 2011-11-11 18:54 -------- d-----w- C:\dell
2011-11-02 18:55 . 2011-11-02 18:55 -------- d-----w- c:\program files\Microsoft Games
2011-11-02 16:26 . 2011-11-02 16:26 -------- d-----w- c:\program files\Microsoft SDKs
2011-11-02 16:26 . 2011-11-09 15:15 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-11-02 16:26 . 2011-11-02 16:26 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-11-02 16:26 . 2011-11-02 16:26 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-11-02 16:25 . 2011-11-09 15:06 -------- d-----w- c:\windows\system32\1033
2011-11-02 16:22 . 2011-11-03 13:35 -------- d-----w- c:\program files\Microsoft SQL Server
2011-11-02 14:31 . 1999-12-17 14:13 86016 ----a-w- c:\windows\unvise32.exe
2011-11-02 14:12 . 2011-11-02 14:31 -------- d-----w- c:\program files\Quake III Arena
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 18:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 488816]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2008-12-17 5160288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-10 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-05 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-05 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-05 172568]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5249024]
"SMA8.4.0.43"="c:\svctools\8.4.0.43\bin\lnchr.exe" [2011-07-11 532480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1487472903-838666396-1598175747-12172\Scripts\Logon\0\0]
"Script"=\\infores.com\netlogon\admin.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1487472903-838666396-1598175747-12172\Scripts\Logon\1\0]
"Script"=\\infores.com\NETLOGON\logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1487472903-838666396-1598175747-12172\Scripts\Logon\2\0]
"Script"=\\infores.com\NETLOGON\logon.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2009-09-13 04:09 103768 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-11-07 18:04 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2011-11-09 130384]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
R3 tcm;tcm;c:\windows\system32\DRIVERS\tcm.sys [2009-04-17 12952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-02 1343400]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S1 FW1;SecuRemote Miniport;c:\windows\system32\DRIVERS\fw.sys [2007-05-24 2234800]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-09 39736]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2011-11-09 81920]
S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2007-05-24 36368]
S2 SMA8.4.0.43;Software Management Agent 8.4.0.43;c:\svctools\8.4.0.43\bin\lnchr.exe [2011-07-11 532480]
S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\DRIVERS\vnasc.sys [2007-05-24 110032]
S2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [2007-05-24 673456]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-06-26 33832]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2011-03-23 223960]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://o.aolcdn.com/aim/gromit/aim_express/gm/101215.6261.1.en-us/WidgetMain.html
uInternet Settings,ProxyOverride = 170.118.*;10.235.*;*.infores.com;127.0.01;*knowledgroup.com;*iriknowledgegroup.com;*symphonytg.com;*symphonyrpm.com;*symphonysv.com;10.85.226.106;139.61.238.26;ard.acxiom.com;*.cpgnetwork.com;*.iriworldwide.com;datadefense2.ironmountain.com;download.microsoft.com;silverlight.dlservice.microsoft.com;*.shavlik.com;crl.verisign.net;<local>
uInternet Settings,ProxyServer = Proxy.infores.com:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: citi.com\creditcards
Trusted Zone: infores.com\cpgndev2
Trusted Zone: infores.com\cpgnprod
Trusted Zone: infores.com\iriteams
Trusted Zone: infores.com\pricesim
Trusted Zone: infores.com\pricesimp
Trusted Zone: verizon.net\mailbox
Trusted Zone: verizon.net\webmail
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 10.0.0.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.blbdrive]
"ImagePath"="\*"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-11 18:59:59
ComboFix-quarantined-files.txt 2011-11-11 23:59
ComboFix2.txt 2011-11-11 21:11
.
Pre-Run: 96,647,892,992 bytes free
Post-Run: 96,574,177,280 bytes free
.
- - End Of File - - B53F52EA843A4179C87D6E803EB7D86B

aswMBR Log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-11 19:01:13
-----------------------------
19:01:13.332 OS Version: Windows 6.1.7601 Service Pack 1
19:01:13.332 Number of processors: 2 586 0x170A
19:01:13.332 ComputerName: CHIGYVG4L1L UserName: DSJWV
19:01:13.846 Initialize success
19:01:46.045 AVAST engine defs: 11111101
19:02:04.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:02:04.562 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
19:02:06.621 Disk 0 MBR read successfully
19:02:06.621 Disk 0 MBR scan
19:02:06.621 Disk 0 Windows VISTA default MBR code
19:02:06.637 Disk 0 scanning sectors +312578048
19:02:06.777 Disk 0 scanning C:\Windows\system32\drivers
19:02:29.070 Service scanning
19:02:29.881 Service .blbdrive \* **LOCKED** 123
19:02:30.552 Modules scanning
19:02:58.850 Disk 0 trace - called modules:
19:02:58.881 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
19:02:58.881 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e1f030]
19:02:58.881 3 CLASSPNP.SYS[891bd59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85948908]
19:03:00.145 AVAST engine scan C:\Windows
19:03:12.531 AVAST engine scan C:\Windows\system32
19:06:56.563 AVAST engine scan C:\Windows\system32\drivers
19:07:10.432 AVAST engine scan C:\Users\DSJWV
19:17:25.135 AVAST engine scan C:\ProgramData
19:18:16.428 Scan finished successfully
19:19:13.306 Disk 0 MBR has been saved successfully to "C:\Users\DSJWV\Desktop\MBR.dat"
19:19:13.322 The log file has been saved successfully to "C:\Users\DSJWV\Desktop\aswMBR.txt"

jimvski, Nov 11, 2011

#12
Broni Malware Annihilator
Very well

Any current issues?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Nov 11, 2011

#13
jimvski Newcomer, in training

So far so good.....

No issues yet....

OTL.txt:

OTL logfile created on: 11/11/2011 7:29:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\DSJWV\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.95 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 53.25% Memory free
3.91 Gb Paging File | 2.92 Gb Available in Paging File | 74.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 90.04 Gb Free Space | 60.41% Space Free | Partition Type: NTFS
Drive E: | 490.73 Mb Total Space | 425.53 Mb Free Space | 86.71% Space Free | Partition Type: FAT

Computer Name: CHIGYVG4L1L | User Name: DSJWV | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/11 19:26:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DSJWV\Desktop\OTL.exe
PRC - [2011/11/09 13:18:47 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe
PRC - [2011/11/09 13:18:40 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/11 18:49:04 | 000,532,480 | ---- | M] (Dell Inc.) -- c:\SvcTools\8.4.0.43\bin\lnchr.exe
PRC - [2011/07/11 18:49:04 | 000,532,480 | ---- | M] (Dell Inc.) -- C:\SvcTools\8.4.0.43\bin\lnchr.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/04 16:48:12 | 000,488,816 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/11/20 03:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/09 05:55:18 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/07/06 21:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2010/03/09 22:56:02 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/02/01 22:20:46 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
PRC - [2010/02/01 22:20:44 | 005,249,024 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
PRC - [2010/02/01 22:19:10 | 004,539,392 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
PRC - [2008/12/16 23:05:00 | 005,160,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2007/05/24 10:13:54 | 002,691,158 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
PRC - [2007/05/24 10:13:50 | 000,036,955 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
PRC - [2007/05/24 10:13:48 | 000,106,586 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/11 13:21:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2011/11/11 13:21:51 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll
MOD - [2011/11/11 13:21:25 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2011/11/11 13:20:57 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (myAgtSvc)
SRV - [2011/11/09 13:18:47 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe -- (AESTFilters)
SRV - [2011/11/09 13:18:40 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe -- (STacSV)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/11 18:49:04 | 000,532,480 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\SvcTools\8.4.0.43\bin\lnchr.exe -- (SMA8.4.0.43)
SRV - [2010/11/20 03:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 03:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 03:18:04 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/02 10:34:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/01 22:20:46 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/24 10:13:50 | 000,036,955 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_Watchdog)
SRV - [2007/05/24 10:13:48 | 000,106,586 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/23 16:02:00 | 000,223,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) Intel(R)
DRV - [2011/01/05 19:42:14 | 000,284,792 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/11/20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/09 17:05:38 | 000,039,736 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nm3.sys -- (nm3)
DRV - [2010/03/15 12:44:48 | 000,127,488 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2010/03/09 22:56:02 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/01 22:18:24 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/08/06 08:50:06 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\WinUSB.SYS -- (WinUsb)
DRV - [2009/07/13 18:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009/07/04 18:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 08:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 19:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
DRV - [2009/06/26 11:28:04 | 000,033,832 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\system32\DRIVERS\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/17 03:50:16 | 000,012,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\tcm.sys -- (tcm)
DRV - [2007/05/24 10:13:58 | 000,036,368 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\omdrv.sys -- (CP_OMDRV)
DRV - [2007/05/24 10:13:54 | 002,234,800 | ---- | M] (Check Point Software Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\fw.sys -- (FW1)
DRV - [2007/05/24 10:13:52 | 000,110,032 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vnasc.sys -- (VNASC)
DRV - [2007/05/24 10:13:50 | 000,673,456 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vpn.sys -- (VPN-1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;10.235.*.*;10.85.226.106;139.61.238.26;170.118.*.*;ard.acxiom.com;iri.cpgnetwork.co.uk;*.cpgnetwork.com;*.i.com;*.infores.com;*.iriknowledgegroup.com;*.iriworldwide.com;*.knowledgroup.com;*.symphonyrpm.com;shoppersights.symphonyiri.com;datadefense2.ironmountain.com;*efm.surveys.homescan.com;www.symphonyiri.com;70.34.34.140;*.pgimeet.com;*.mosaic-infoforce.com;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.infores.com:8080

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 170.118.*;10.235.*;*.infores.com;127.0.01;*knowledgroup.com;*iriknowledgegroup.com;*symphonytg.com;*symphonyrpm.com;*symphonysv.com;10.85.226.106;139.61.238.26;ard.acxiom.com;*.cpgnetwork.com;*.iriworldwide.com;datadefense2.ironmountain.com;download.microsoft.com;silverlight.dlservice.microsoft.com;*.shavlik.com;crl.verisign.net;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = Proxy.infores.com:8080

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 170.118.*;10.235.*;*.infores.com;127.0.01;*knowledgroup.com;*iriknowledgegroup.com;*symphonytg.com;*symphonyrpm.com;*symphonysv.com;10.85.226.106;139.61.238.26;ard.acxiom.com;*.cpgnetwork.com;*.iriworldwide.com;datadefense2.ironmountain.com;download.microsoft.com;silverlight.dlservice.microsoft.com;*.shavlik.com;crl.verisign.net;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = Proxy.infores.com:8080

IE - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://o.aolcdn.com/aim/gromit/aim_express/gm/101215.6261.1.en-us/WidgetMain.html
IE - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 DB 82 66 A3 7A CB 01 [binary data]
IE - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 170.118.*;10.235.*;*.infores.com;127.0.01;*knowledgroup.com;*iriknowledgegroup.com;*symphonytg.com;*symphonyrpm.com;*symphonysv.com;10.85.226.106;139.61.238.26;ard.acxiom.com;*.cpgnetwork.com;*.iriworldwide.com;datadefense2.ironmountain.com;download.microsoft.com;silverlight.dlservice.microsoft.com;*.shavlik.com;crl.verisign.net;<local>
IE - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = Proxy.infores.com:8080

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/11/10 12:25:22 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/11/11 16:05:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SMA8.4.0.43] c:\SvcTools\8.4.0.43\bin\lnchr.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: citi.com ([creditcards] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([cpgndev2] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([cpgndev2] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([cpgnprod] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([iriteams] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([pricesim] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([pricesimp] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: verizon.net ([mailbox] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: verizon.net ([webmail] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: citi.com ([creditcards] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([cpgndev2] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([cpgndev2] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([cpgnprod] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([iriteams] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([pricesim] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([pricesimp] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: verizon.net ([mailbox] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: verizon.net ([webmail] http in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: citi.com ([creditcards] https in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([cpgndev2] http in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([cpgndev2] https in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([cpgnprod] http in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([iriteams] https in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([pricesim] http in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([pricesimp] http in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: verizon.net ([mailbox] http in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: verizon.net ([webmail] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = infores.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5212B01F-8573-4217-A41B-6115817FB081}: DhcpNameServer = 170.118.24.149 170.118.24.135 170.118.1.42
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF0CF356-AAD1-4B98-AA3E-CD0F046703B5}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\myrm - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/11 19:26:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\DSJWV\Desktop\OTL.exe
[2011/11/11 19:00:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/11 18:58:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/11 15:52:43 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\temp
[2011/11/11 15:31:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/11 15:31:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/11 15:31:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/11 15:31:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/11 15:31:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/11 15:28:43 | 004,290,913 | R--- | C] (Swearware) -- C:\Users\DSJWV\Desktop\ComboFix.exe
[2011/11/11 15:11:10 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/11 15:07:52 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\DSJWV\Desktop\aswMBR.exe
[2011/11/11 14:40:44 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/11 14:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/11 14:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/11 13:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point VPN-1 SecureClient
[2011/11/11 13:13:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/11/11 09:59:54 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Documents\Network Monitor 3
[2011/11/11 09:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
[2011/11/11 09:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Network Monitor 3
[2011/11/11 00:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/11 00:20:04 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/10 12:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011/11/10 12:34:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DW WLAN
[2011/11/10 11:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/11/10 11:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/10 03:10:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\BestPractices
[2011/11/10 02:38:51 | 000,000,000 | ---D | C] -- C:\inetpub
[2011/11/09 14:53:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\Malwarebytes
[2011/11/09 14:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/09 14:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/09 13:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/11/09 13:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/09 13:19:15 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/11/09 10:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSDN
[2011/11/09 10:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Emulator
[2011/11/09 10:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Mobile 5.0 SDK R2
[2011/11/09 10:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2011/11/09 10:08:12 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2011/11/09 10:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2011/11/09 10:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2011/11/09 10:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\CE Remote Tools
[2011/11/09 10:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Web Designer Tools
[2011/11/09 09:05:47 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Desktop\Josh GV Pix
[2011/11/03 10:59:50 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2011/11/03 00:11:05 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\Microsoft Games
[2011/11/02 23:47:39 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011/11/02 23:44:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/11/02 21:35:49 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\Apps
[2011/11/02 18:49:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\vs08
[2011/11/02 18:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2011/11/02 18:22:39 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/11/02 18:19:37 | 000,527,360 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2011/11/02 18:19:11 | 012,628,060 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtcpl.cpl
[2011/11/02 18:19:11 | 003,354,624 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stlang.dll
[2011/11/02 18:18:33 | 000,945,664 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2011/11/02 18:18:33 | 000,423,424 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2011/11/02 18:18:33 | 000,405,504 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2011/11/02 18:18:33 | 000,175,616 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\st326274.dll
[2011/11/02 14:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Attachmate Reflection
[2011/11/02 14:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Attachmate
[2011/11/02 14:37:49 | 000,000,000 | ---D | C] -- C:\DesktopFolder
[2011/11/02 14:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Attachmate
[2011/11/02 14:35:53 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011/11/02 14:27:53 | 000,000,000 | ---D | C] -- C:\drvrtmp
[2011/11/02 14:27:43 | 000,000,000 | ---D | C] -- C:\dell
[2011/11/02 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\ElevatedDiagnostics
[2011/11/02 13:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/11/02 12:58:55 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Documents\Backup
[2011/11/02 11:32:05 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\Microsoft_Corporation
[2011/11/02 11:30:58 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Documents\Integration Services Script Component
[2011/11/02 11:30:23 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Documents\Integration Services Script Task
[2011/11/02 11:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/11/02 11:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2011/11/02 11:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/11/02 11:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/11/02 11:25:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033
[2011/11/02 11:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2011/11/02 10:37:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web
[2011/11/02 10:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Database
[2011/11/02 10:30:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia
[2011/11/02 10:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Development
[2011/11/02 10:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Messaging
[2011/11/02 10:28:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
[2011/11/02 09:55:35 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/11/02 09:31:16 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2011/11/02 09:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Quake III Arena
[2011/11/02 08:55:43 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\Macromedia
[2011/11/01 22:58:49 | 000,074,848 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\MfeOtlkAddin.dll
[2011/11/01 22:58:49 | 000,022,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\MFEOtlk.dll
[2011/11/01 22:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011/11/01 22:56:27 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\McAfee
[2011/11/01 22:27:32 | 000,000,000 | ---D | C] -- C:\Boot
[2011/11/01 20:51:56 | 000,000,000 | ---D | C] -- C:\Windows\dell
[2011/11/01 20:51:11 | 000,000,000 | ---D | C] -- C:\SymphonyRPM
[2011/11/01 20:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\Information Resources
[2011/11/01 20:51:08 | 000,000,000 | ---D | C] -- C:\AS_Install
[2011/11/01 20:46:43 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\Apple Computer
[2011/11/01 20:46:26 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Documents\Outlook
[2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\AppData\Local\Temporary Internet Files
[2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Templates
[2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Start Menu
[2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\SendTo
[2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Recent
[2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\PrintHood
[2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\NetHood
[2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Documents\My Videos
[2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Documents\My Pictures
[2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Documents\My Music
[2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\My Documents
[2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Local Settings
[2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\AppData\Local\History
[2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Cookies
[2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Application Data
[2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\AppData\Local\Application Data
[2011/11/01 20:45:13 | 000,000,000 | --SD | C] -- C:\Users\DSJWV\AppData\Roaming\Microsoft
[2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Videos
[2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Searches
[2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Saved Games
[2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Pictures
[2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Music
[2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Links
[2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Favorites
[2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Downloads
[2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Documents
[2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Desktop
[2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Contacts
[2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/11/01 20:45:13 | 000,000,000 | -H-D | C] -- C:\Users\DSJWV\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/11/01 20:45:13 | 000,000,000 | -H-D | C] -- C:\Users\DSJWV\AppData
[2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\WindowsUpdate
[2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Tracing
[2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\Sun
[2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Documents\My Meetings
[2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\Microsoft Help
[2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\Microsoft
[2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\Media Center Programs
[2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\InfraRecorder
[2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\Identities
[2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\ICAClient
[2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\Citrix
[2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\Apple Computer
[2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\Adobe
[2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\Adobe
[2011/11/01 20:36:34 | 000,000,000 | ---D | C] -- C:\SvcTools
[2011/11/01 20:35:41 | 000,055,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys
[2011/11/01 20:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/11/01 20:34:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2011/11/01 20:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/11/01 19:58:00 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/11/01 19:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/11/01 19:48:03 | 000,048,128 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2011/11/01 19:48:03 | 000,044,544 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
[2011/11/01 19:48:03 | 000,038,400 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys
[2011/11/01 19:48:02 | 000,196,608 | ---- | C] (RICOH) -- C:\Windows\System32\RiSDIcon.dll
[2011/11/01 19:48:02 | 000,188,416 | ---- | C] (RICOH) -- C:\Windows\System32\RiMMCIcon.dll
[2011/11/01 19:48:02 | 000,172,032 | ---- | C] (Ricoh Company,Ltd) -- C:\Windows\System32\rixdicon.dll
[2011/11/01 19:48:02 | 000,049,152 | ---- | C] (REDC) -- C:\Windows\System32\drivers\risdpe86.sys
[2011/11/01 19:48:02 | 000,047,104 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimspe86.sys
[2011/11/01 19:48:02 | 000,038,400 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdpe86.sys
[2011/11/01 19:48:02 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/11/01 19:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/11/01 19:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2011/11/01 19:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/11/01 19:41:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\SRSLabs
[2011/11/01 19:41:01 | 000,000,000 | ---D | C] -- C:\Intel
[2011/11/01 19:39:34 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2011/11/01 17:47:55 | 000,000,000 | ---D | C] -- C:\DellPCBackup
[2011/11/01 15:52:53 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Documents\Favorites
[2011/11/01 15:11:19 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Documents\Advanced Proxy Manager
[2011/10/21 07:34:43 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Documents\Music
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/11 19:26:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DSJWV\Desktop\OTL.exe
[2011/11/11 19:19:13 | 000,000,512 | ---- | M] () -- C:\Users\DSJWV\Desktop\MBR.dat
[2011/11/11 18:24:08 | 000,139,264 | ---- | M] () -- C:\Users\DSJWV\Desktop\SystemLook.exe
[2011/11/11 18:09:17 | 000,000,512 | ---- | M] () -- C:\Users\DSJWV\Desktop\MBR2.dat
[2011/11/11 17:59:17 | 000,718,014 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/11 17:59:17 | 000,136,230 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/11 17:59:13 | 000,024,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/11 17:59:13 | 000,024,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/11 17:51:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/11 17:51:46 | 288,998,555 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/11 17:51:38 | 1572,798,464 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/11 16:05:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/11 15:31:22 | 004,290,913 | R--- | M] (Swearware) -- C:\Users\DSJWV\Desktop\ComboFix.exe
[2011/11/11 15:28:08 | 000,000,512 | ---- | M] () -- C:\Users\DSJWV\Desktop\MBR1.dat
[2011/11/11 15:07:56 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\DSJWV\Desktop\aswMBR.exe
[2011/11/11 14:40:25 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/11 13:17:53 | 000,413,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/10 02:27:44 | 000,007,603 | ---- | M] () -- C:\Users\DSJWV\AppData\Local\resmon.resmoncfg
[2011/11/09 16:20:45 | 000,000,000 | ---- | M] () -- C:\Windows\3942918086
[2011/11/09 12:48:24 | 000,002,046 | -H-- | M] () -- C:\Users\DSJWV\Documents\Default.rdp
[2011/11/09 08:49:48 | 000,002,040 | RHS- | M] () -- C:\Users\DSJWV\ntuser.pol
[2011/11/08 12:19:29 | 229,843,968 | ---- | M] () -- C:\Users\DSJWV\Desktop\Outlook.pst
[2011/11/08 12:19:29 | 111,756,288 | ---- | M] () -- C:\Users\DSJWV\Desktop\archive.pst
[2011/11/03 11:01:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2011/11/03 09:05:23 | 000,000,990 | ---- | M] () -- C:\Users\DSJWV\Desktop\TSHP1.lnk
[2011/11/03 08:56:59 | 000,001,113 | ---- | M] () -- C:\Users\DSJWV\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/11/02 18:27:41 | 000,015,200 | ---- | M] () -- C:\Windows\System32\results.xml
[2011/11/02 18:22:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2011/11/02 09:25:57 | 000,009,449 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/11/02 09:16:27 | 000,000,871 | ---- | M] () -- C:\Windows\QIII.INI
[2011/11/01 22:58:11 | 000,001,417 | ---- | M] () -- C:\Users\DSJWV\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/01 22:58:10 | 000,000,901 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/11/01 20:51:31 | 000,025,608 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2011/11/01 19:47:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2011/11/01 19:42:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_cvusbdrv_01005.Wdf
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

jimvski, Nov 11, 2011

#14
jimvski Newcomer, in training

Rest of Logs...

========== Files Created - No Company Name ==========

[2011/11/11 19:19:13 | 000,000,512 | ---- | C] () -- C:\Users\DSJWV\Desktop\MBR.dat
[2011/11/11 18:24:05 | 000,139,264 | ---- | C] () -- C:\Users\DSJWV\Desktop\SystemLook.exe
[2011/11/11 18:09:17 | 000,000,512 | ---- | C] () -- C:\Users\DSJWV\Desktop\MBR2.dat
[2011/11/11 15:31:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/11 15:31:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/11 15:31:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/11 15:31:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/11 15:31:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/11 15:28:08 | 000,000,512 | ---- | C] () -- C:\Users\DSJWV\Desktop\MBR1.dat
[2011/11/11 15:11:05 | 288,998,555 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/11 14:40:25 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/10 12:39:45 | 000,001,904 | ---- | C] () -- C:\Windows\System32\SetupBD.din
[2011/11/10 12:33:44 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011/11/09 23:37:07 | 000,002,516 | ---- | C] () -- C:\Windows\System32\drivers\default.bin.old
[2011/11/09 23:37:07 | 000,002,516 | ---- | C] () -- C:\Windows\System32\default.bin.old
[2011/11/09 16:20:45 | 000,000,000 | ---- | C] () -- C:\Windows\3942918086
[2011/11/08 11:00:53 | 111,756,288 | ---- | C] () -- C:\Users\DSJWV\Desktop\archive.pst
[2011/11/08 11:00:45 | 229,843,968 | ---- | C] () -- C:\Users\DSJWV\Desktop\Outlook.pst
[2011/11/03 11:01:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2011/11/02 23:47:37 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/11/02 23:47:29 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/11/02 23:47:08 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/11/02 23:47:08 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/11/02 18:49:09 | 000,000,457 | ---- | C] () -- C:\Windows\System32\vcredist_x86.bat
[2011/11/02 18:22:40 | 000,051,636 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2011/11/02 18:22:38 | 000,189,494 | ---- | C] () -- C:\Windows\System32\Gfxres.th-TH.resources
[2011/11/02 18:22:38 | 000,178,349 | ---- | C] () -- C:\Windows\System32\Gfxres.el-GR.resources
[2011/11/02 18:22:38 | 000,165,337 | ---- | C] () -- C:\Windows\System32\Gfxres.ru-RU.resources
[2011/11/02 18:22:38 | 000,139,851 | ---- | C] () -- C:\Windows\System32\Gfxres.ar-SA.resources
[2011/11/02 18:22:38 | 000,136,343 | ---- | C] () -- C:\Windows\System32\Gfxres.ja-JP.resources
[2011/11/02 18:22:38 | 000,133,688 | ---- | C] () -- C:\Windows\System32\Gfxres.he-IL.resources
[2011/11/02 18:22:38 | 000,125,500 | ---- | C] () -- C:\Windows\System32\Gfxres.it-IT.resources
[2011/11/02 18:22:38 | 000,123,172 | ---- | C] () -- C:\Windows\System32\Gfxres.ko-KR.resources
[2011/11/02 18:22:38 | 000,122,869 | ---- | C] () -- C:\Windows\System32\Gfxres.es-ES.resources
[2011/11/02 18:22:38 | 000,122,651 | ---- | C] () -- C:\Windows\System32\Gfxres.de-DE.resources
[2011/11/02 18:22:38 | 000,121,115 | ---- | C] () -- C:\Windows\System32\Gfxres.tr-TR.resources
[2011/11/02 18:22:38 | 000,120,742 | ---- | C] () -- C:\Windows\System32\Gfxres.fr-FR.resources
[2011/11/02 18:22:38 | 000,120,308 | ---- | C] () -- C:\Windows\System32\Gfxres.pt-BR.resources
[2011/11/02 18:22:38 | 000,119,558 | ---- | C] () -- C:\Windows\System32\Gfxres.hu-HU.resources
[2011/11/02 18:22:38 | 000,119,528 | ---- | C] () -- C:\Windows\System32\Gfxres.nl-NL.resources
[2011/11/02 18:22:38 | 000,119,302 | ---- | C] () -- C:\Windows\System32\Gfxres.sv-SE.resources
[2011/11/02 18:22:38 | 000,119,009 | ---- | C] () -- C:\Windows\System32\Gfxres.pt-PT.resources
[2011/11/02 18:22:38 | 000,118,687 | ---- | C] () -- C:\Windows\System32\Gfxres.cs-CZ.resources
[2011/11/02 18:22:38 | 000,118,639 | ---- | C] () -- C:\Windows\System32\Gfxres.fi-FI.resources
[2011/11/02 18:22:38 | 000,118,351 | ---- | C] () -- C:\Windows\System32\Gfxres.pl-PL.resources
[2011/11/02 18:22:38 | 000,118,000 | ---- | C] () -- C:\Windows\System32\Gfxres.sk-SK.resources
[2011/11/02 18:22:38 | 000,114,794 | ---- | C] () -- C:\Windows\System32\Gfxres.nb-NO.resources
[2011/11/02 18:22:38 | 000,114,314 | ---- | C] () -- C:\Windows\System32\Gfxres.sl-SI.resources
[2011/11/02 18:22:38 | 000,114,203 | ---- | C] () -- C:\Windows\System32\Gfxres.da-DK.resources
[2011/11/02 18:22:38 | 000,103,986 | ---- | C] () -- C:\Windows\System32\Gfxres.zh-TW.resources
[2011/11/02 18:22:38 | 000,102,825 | ---- | C] () -- C:\Windows\System32\Gfxres.zh-CN.resources
[2011/11/02 18:22:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2011/11/02 14:25:32 | 000,007,603 | ---- | C] () -- C:\Users\DSJWV\AppData\Local\resmon.resmoncfg
[2011/11/02 09:12:14 | 000,000,871 | ---- | C] () -- C:\Windows\QIII.INI
[2011/11/02 08:40:06 | 000,002,040 | RHS- | C] () -- C:\Users\DSJWV\ntuser.pol
[2011/11/01 22:41:14 | 000,009,449 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/11/01 22:33:04 | 001,921,265 | ---- | C] () -- C:\Windows\System32\iglhxa32.cpa
[2011/11/01 22:33:04 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/11/01 22:33:04 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/11/01 22:33:04 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/11/01 22:33:04 | 000,060,254 | ---- | C] () -- C:\Windows\System32\iglhxg32.vp
[2011/11/01 22:33:04 | 000,060,226 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
[2011/11/01 22:33:04 | 000,060,015 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2011/11/01 22:33:04 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2011/11/01 22:33:04 | 000,001,090 | ---- | C] () -- C:\Windows\System32\iglhxa32.vp
[2011/11/01 22:33:03 | 000,110,156 | ---- | C] () -- C:\Windows\System32\Gfxres.en-US.resources
[2011/11/01 22:33:03 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/11/01 22:32:57 | 000,012,952 | ---- | C] () -- C:\Windows\System32\drivers\tcm.sys
[2011/11/01 22:32:57 | 000,003,313 | ---- | C] () -- C:\Windows\System32\e1y6232.din
[2011/11/01 22:27:32 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2011/11/01 20:51:31 | 000,025,608 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/11/01 20:45:14 | 000,000,290 | ---- | C] () -- C:\Users\DSJWV\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/11/01 20:45:14 | 000,000,272 | ---- | C] () -- C:\Users\DSJWV\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/11/01 20:01:24 | 000,002,516 | ---- | C] () -- C:\Windows\System32\drivers\default.bin
[2011/11/01 20:01:24 | 000,002,516 | ---- | C] () -- C:\Windows\System32\default.bin
[2011/11/01 20:00:05 | 000,015,200 | ---- | C] () -- C:\Windows\System32\results.xml
[2011/11/01 19:47:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2011/11/01 19:42:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_cvusbdrv_01005.Wdf
[2011/11/01 19:38:00 | 1572,798,464 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,413,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,718,014 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,136,230 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 17:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/05/24 10:14:02 | 000,004,133 | ---- | C] () -- C:\Windows\entrust.ini
[2007/05/24 10:13:48 | 000,106,584 | ---- | C] () -- C:\Windows\System32\fwnetcfg.dll
[2002/10/03 13:42:27 | 000,000,034 | ---- | C] () -- C:\Windows\Q3version.ini
[2001/09/19 15:16:22 | 000,051,712 | ---- | C] () -- C:\Windows\System32\JinPanel.dll

========== LOP Check ==========

[2010/11/02 14:28:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICAClient
[2010/11/02 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InfraRecorder
[2010/11/02 14:28:43 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ICAClient
[2010/11/02 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\InfraRecorder
[2010/11/02 14:28:43 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ICAClient
[2010/11/02 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\InfraRecorder
[2010/11/02 14:28:43 | 000,000,000 | ---D | M] -- C:\Users\DefaultAppPool\AppData\Roaming\ICAClient
[2010/11/02 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\DefaultAppPool\AppData\Roaming\InfraRecorder
[2010/11/02 14:28:43 | 000,000,000 | ---D | M] -- C:\Users\DSJWV\AppData\Roaming\ICAClient
[2010/11/02 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\DSJWV\AppData\Roaming\InfraRecorder
[2011/11/11 15:44:37 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/02/08 17:58:41 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/11/20 03:40:08 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2011/11/11 18:59:59 | 000,021,528 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/11/11 17:51:38 | 1572,798,464 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/10 11:41:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/10 11:41:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/02/18 18:05:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/11/11 17:51:46 | 2097,065,984 | -HS- | M] () -- C:\pagefile.sys
[2011/11/01 19:48:25 | 000,000,187 | ---- | M] () -- C:\setup.log

< %systemroot%\Fonts\*.com >
[2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/09/20 15:43:48 | 000,081,224 | ---- | M] (Microsoft Corporation.) -- C:\Windows\system32\spool\prtprocs\w32x86\lmdippr8.dll
[2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
[2010/11/20 03:21:38 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/11/01 22:58:11 | 000,000,221 | -HS- | M] () -- C:\Users\DSJWV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/11/11 15:07:56 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\DSJWV\Desktop\aswMBR.exe
[2011/11/11 08:34:00 | 072,025,120 | ---- | M] (Dell Inc.) -- C:\Users\DSJWV\Desktop\CMSetup.exe
[2011/11/11 15:31:22 | 004,290,913 | R--- | M] (Swearware) -- C:\Users\DSJWV\Desktop\ComboFix.exe
[2011/11/11 19:26:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DSJWV\Desktop\OTL.exe
[2004/01/30 13:24:42 | 000,471,040 | ---- | M] (IRI) -- C:\Users\DSJWV\Desktop\StandardQuery.exe
[2011/11/11 18:24:08 | 000,139,264 | ---- | M] () -- C:\Users\DSJWV\Desktop\SystemLook.exe
[2011/11/09 11:33:07 | 000,548,376 | ---- | M] (Microsoft Corporation) -- C:\Users\DSJWV\Desktop\VS90sp1-KB945140-ENU.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/11/11 13:19:40 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/11/11 13:19:40 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/11/11 11:49:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/11/11 11:49:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/11/11 13:19:40 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/11/03 01:06:26 | 000,000,402 | -HS- | M] () -- C:\Users\DSJWV\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/11/02 09:25:57 | 000,009,449 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

Extras.Txt:

OTL Extras logfile created on: 11/11/2011 7:29:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\DSJWV\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.95 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 53.25% Memory free
3.91 Gb Paging File | 2.92 Gb Available in Paging File | 74.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 90.04 Gb Free Space | 60.41% Space Free | Partition Type: NTFS
Drive E: | 490.73 Mb Total Space | 425.53 Mb Free Space | 86.71% Space Free | Partition Type: FAT

Computer Name: CHIGYVG4L1L | User Name: DSJWV | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 SP1 Management Studio
"{057f6911-35fd-4c8d-883f-11b8814480c9}" = Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 SP1 Management Studio
"{185292F7-7C0A-4F72-B2CC-CBEBD40B050E}" = Microsoft SQL Server 2008 R2 Native Client
"{20612488-5719-4593-B6EB-EFB51756532B}" = Attachmate Reflection Multi-Host, Standard 14.0.5826
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.01
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{37FC45D0-8F43-44D5-A298-F4BDE8EBA3F2}" = WinZip
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4850B023-A9C0-4D15-8DE6-326028CAB499}" = Visual C++ 8.0 x86 Runtime Setup Package
"{48B08845-0CB0-45EC-893C-15319ADDA312}" = Microsoft SQL Server 2008 R2 Setup (English)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{539DC5DE-9F3F-4AE4-8085-5E902D5DC75B}" = InfraRecorder 0.5
"{5A1A9AB2-2F68-462D-A67D-7C855DFF5EEB}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2F2C44A-869E-4C32-9CEC-E22B1CC91F06}" = Microsoft Network Monitor 3.4
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B104C813-FB09-4B7B-B675-5EF0C176AF66}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{BE66348A-E83F-4982-941F-DFF2F742B851}" = Microsoft Office Live Meeting 2007
"{C7A6B436-2B89-497E-8DA0-E92B53ED52EE}" = JInitiator
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 SP1 Common Files
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3CF1394-F93A-449E-BE06-489E9278F5A6}" = VirusScan Enterprise Client
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4616B4B-700B-46D9-9F3B-46B986B49B36}" = X7Magic Setup
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 SP1 Common Files
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"757814832EF420BB8813DC68391D9A6DFF9E5FE9" = Windows Driver Package - Broadcom (BCM43XX) Net (01/21/2010 5.60.48.35)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"CCleaner" = CCleaner
"DW WLAN Card Utility" = DW WLAN Card Utility
"Macromedia Authorware Web Player" = Macromedia Authorware Web Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) Network Connections Drivers
"Quake III Arena" = Quake III Arena
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WinZip" = WinZip

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2011 8:27:02 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sip.Symphonyiri.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sip.Symphonyiri.com because it could not be resolved.

Error - 11/11/2011 8:27:02 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sip.Symphonyiri.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sip.Symphonyiri.com because it could not be resolved.

Error - 11/11/2011 8:27:02 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipexternal.Symphonyiri.com. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sipexternal.Symphonyiri.com because
it could not be resolved.

Error - 11/11/2011 8:27:02 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipexternal.Symphonyiri.com. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sipexternal.Symphonyiri.com because
it could not be resolved.

Error - 11/11/2011 8:32:19 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipinternal.Symphonyiri.com. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sipinternal.Symphonyiri.com because
it could not be resolved.

Error - 11/11/2011 8:32:19 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipinternal.Symphonyiri.com. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sipinternal.Symphonyiri.com because
it could not be resolved.

Error - 11/11/2011 8:32:19 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sip.Symphonyiri.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sip.Symphonyiri.com because it could not be resolved.

Error - 11/11/2011 8:32:19 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sip.Symphonyiri.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sip.Symphonyiri.com because it could not be resolved.

Error - 11/11/2011 8:32:19 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipexternal.Symphonyiri.com. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sipexternal.Symphonyiri.com because
it could not be resolved.

Error - 11/11/2011 8:32:19 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipexternal.Symphonyiri.com. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sipexternal.Symphonyiri.com because
it could not be resolved.

[ System Events ]
Error - 11/11/2011 8:31:03 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
Description = FW1: FW-1: fwconn_get_bits: failed to get bit value o-->

Error - 11/11/2011 8:31:03 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
Description = FW1: -->f bit category 6

Error - 11/11/2011 8:31:03 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
Description = FW1: FW-1: fwconn_chain_get_something: fwconn_chain_l-->

Error - 11/11/2011 8:31:03 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
Description = FW1: -->ookup failed (19)

Error - 11/11/2011 8:31:03 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
Description = FW1: FW-1: fwconn_get_bits: failed to get bit value o-->

Error - 11/11/2011 8:31:03 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
Description = FW1: -->f bit category 6

Error - 11/11/2011 8:31:06 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
Description = FW1: FW-1: fwconn_chain_get_something: fwconn_chain_l-->

Error - 11/11/2011 8:31:06 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
Description = FW1: -->ookup failed (19)

Error - 11/11/2011 8:31:06 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
Description = FW1: FW-1: fwconn_get_bits: failed to get bit value o-->

Error - 11/11/2011 8:31:06 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
Description = FW1: -->f bit category 6

< End of report >

jimvski, Nov 11, 2011

#15

Broni Malware Annihilator

I don't see any AV program running.

Please install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html (make sure to opt out from installing Ask Toolbar - it comes pre-checked)
Update, run full scan, report on any findings.

====================================================================

Are you familiar with infores.com?

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

=====================================================================

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [Auto | Stopped] -- -- (myAgtSvc)
DRV - [2009/08/06 08:50:06 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/11/10 12:25:22 | 000,000,000 | ---D | M]
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: citi.com ([creditcards] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([cpgndev2] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([cpgndev2] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([cpgnprod] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([iriteams] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([pricesim] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([pricesimp] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: verizon.net ([mailbox] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: verizon.net ([webmail] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: citi.com ([creditcards] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([cpgndev2] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([cpgndev2] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([cpgnprod] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([iriteams] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([pricesim] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([pricesimp] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: verizon.net ([mailbox] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: verizon.net ([webmail] http in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: citi.com ([creditcards] https in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([cpgndev2] http in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([cpgndev2] https in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([cpgnprod] http in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([iriteams] https in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([pricesim] http in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([pricesimp] http in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: verizon.net ([mailbox] http in Trusted sites)
O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: verizon.net ([webmail] http in Trusted sites)
[2011/11/01 22:58:49 | 000,074,848 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\MfeOtlkAddin.dll
[2011/11/01 22:58:49 | 000,022,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\MFEOtlk.dll
[2011/11/01 22:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011/11/01 22:56:27 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\McAfee
[2011/11/01 20:35:41 | 000,055,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys
[2011/11/01 20:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Broni, Nov 11, 2011

#16

jimvski Newcomer, in training

Avast results...

OK, Avast found some threats.

C:\Qoobox\Quarantine\C\Windows\$NtuninstallKB15667$\1813779170.vir (Incorrect function)
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\blbdrive.sys.vir - Win32:Alureon - AJI [Rtk]
C:\Users\DSJWV\Documents\Music\Ciccone Youth\The Whitey Album\02-(Silence).mp3 - WMA:Wimad [Drp]

Should I do anything (Move to Chest,delete, etc) or just do the rest of the steps you sent?

Thanks,
Jim

jimvski, Nov 11, 2011

#17
Broni Malware Annihilator

First two are already quarantined by Combofix and the third one......P2P user?
Delete all three.

Go on....

Broni, Nov 11, 2011

#18
jimvski Newcomer, in training

Think it's looking pretty good.

Alright. First to answer your questions. infores.com is my employer's corporate domain so that should be OK. As far as P2P, I rarely use it and when I do I scan all files that come down. I suspect that file was in a group of MP3's that a friend gave me when we did a swap of some music.

Avast still found one file saying it couldn't be scanned.

C:\Qoobox\Quarantine\C\Windows\$NtuninstallKB15667$\1813779170.vir (Incorrect function)

I suspect because it's a locked file - is it OK to delete ALL .vir files (I see several) in that Qoobox dir? I think I can use Malwarebytes to delete them with the locked file utility.

I got BSOD a couple times on reboots but seems OK now. Java update scheduler keeps shutting down too but I'll reinstall if all viruses are gone.

ESET found nothing so no logs but my other logs are posted below:

OTL:
All processes killed
========== OTL ==========
Service myAgtSvc stopped successfully!
Service myAgtSvc deleted successfully!
Service mfetdik stopped successfully!
Service mfetdik deleted successfully!
C:\Windows\System32\drivers\mfetdik.sys moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\citi.com\creditcards\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgndev2\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgndev2\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgnprod\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\iriteams\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\pricesim\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\pricesimp\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\verizon.net\mailbox\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\verizon.net\webmail\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\citi.com\creditcards\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgndev2\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgndev2\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgnprod\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\iriteams\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\pricesim\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\pricesimp\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\verizon.net\mailbox\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\verizon.net\webmail\ not found.
Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\citi.com\creditcards\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgndev2\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgndev2\ not found.
Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgnprod\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\iriteams\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\pricesim\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\pricesimp\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\verizon.net\mailbox\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\verizon.net\webmail\ deleted successfully.
C:\Windows\System32\MfeOtlkAddin.dll moved successfully.
C:\Windows\System32\MFEOtlk.dll moved successfully.
C:\Program Files\Common Files\McAfee\SystemCore folder moved successfully.
C:\Program Files\Common Files\McAfee folder moved successfully.
C:\Users\DSJWV\AppData\Roaming\McAfee\Common Framework\DB\Support DLL\DebugTraceFiles folder moved successfully.
C:\Users\DSJWV\AppData\Roaming\McAfee\Common Framework\DB\Support DLL folder moved successfully.
C:\Users\DSJWV\AppData\Roaming\McAfee\Common Framework\DB folder moved successfully.
C:\Users\DSJWV\AppData\Roaming\McAfee\Common Framework folder moved successfully.
C:\Users\DSJWV\AppData\Roaming\McAfee folder moved successfully.
File C:\Windows\System32\drivers\mfetdik.sys not found.
C:\Windows\System32\bcm72CC.tmp deleted successfully.
C:\Windows\System32\bcm736A.tmp deleted successfully.
C:\Windows\System32\bcm7850.tmp deleted successfully.
C:\Windows\System32\bcm791D.tmp deleted successfully.
C:\Windows\System32\bcm79BB.tmp deleted successfully.
C:\Windows\System32\bcm7BA0.tmp deleted successfully.
C:\Windows\System32\bcm7F9C.tmp deleted successfully.
C:\Windows\System32\bcmCB2E.tmp deleted successfully.
C:\Windows\bcm6289.tmp deleted successfully.
C:\Windows\CIO857E.tmp deleted successfully.
C:\Windows\System32\drivers\bcm7DB5.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes

User: DSJWV
->Temp folder emptied: 50089614 bytes
->Temporary Internet Files folder emptied: 3823132 bytes
->Java cache emptied: 2027 bytes
->Flash cache emptied: 1313 bytes

User: McAfeeMVSUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1514352 bytes
RecycleBin emptied: 910112 bytes

Total Files Cleaned = 54.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: DSJWV
->Flash cache emptied: 0 bytes

User: McAfeeMVSUser

User: Public

User: User

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 11122011_005102

Files\Folders moved on Reboot...
C:\Users\DSJWV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYBZBAQ5\net[1].htm moved successfully.
C:\Users\DSJWV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYBZBAQ5\partner[1].htm moved successfully.
C:\Users\DSJWV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARC8K1AV\partner[1].htm moved successfully.
C:\Users\DSJWV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARC8K1AV\topic173282[1].html moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Security Check log:

Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
VirusScan Enterprise Client
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 29
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

jimvski, Nov 12, 2011

#19
Broni Malware Annihilator
C:\Qoobox\Quarantine\C\Windows\$NtuninstallKB15667$\1813779170.vir (Incorrect function)

The above has been quarantined by Combofix and it'll be removed in our last steps.

Disable jusched.exe as a startup: http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/

==================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL :Commands [purity] [emptytemp] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
Broni, Nov 12, 2011

#20

(You must log in or sign up to reply here.)

Page 1 of 2

TechSpot | Technology News and Analysis
Copyright © 1998-2012, TechSpot, Inc.
Forum software by XenForo™
TechSpot is a registered trademark
All Rights Reserved