TechSpot

Virus removed, working Network Connection but no DNS/Internet

By jimvski
Nov 11, 2011
  1. Hi all, I'm hoping someone can help me here. I've been working on this for 2 days now and I'm very close to having it working but can't get the last piece.

    I'm using a Dell Laptop with Windows 7. I was hit with a Google redirect virus the other day. I used Malwarebytes/safe mode several times to remove it. There's a snippit of that log below.

    Now that I think I have it removed, I've been jumping through hoops to try to get the internet working again. Several things were broken but I think I've gotten most of them working (ipconfig, netsh commands, etc.). Now I'm down to the point where I can connect to my router but I can't get to the internet by DNS names. If I use an IP address it seems to work OK. nslookup also seems to respond with the proper names/IP. This is my work PC so it is behind a CheckPoint Securemote VPN and had McAfee (useless) running when I was infected. There's a very similar issue here: http://www.techspot.com/vb/topic160312.html I've tried all the netoworking commands in that post with no success. ANY help would be greatly appreciated. Thanks in advance.


    Here's my FIRST Malwarebytes log...

    Files Infected:
    c:\Windows\System32\drivers\csc.sys (Spyware.Password) -> Quarantined and deleted successfully.
    c:\Users\DSJWV\AppData\Local\c62704eb\U\80000000.@ (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\DSJWV\AppData\Local\c62704eb\U\800000cb.@ (Backdoor.0Access) -> Quarantined and deleted successfully.
    c:\Users\DSJWV\AppData\Local\c62704eb\U\800000cf.@ (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Windows\assembly\GAC_MSIL\Desktop.ini (Trojan.Agent) -> Delete on reboot.
    c:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_a04fb2d2ba296321\csc.sys (Spyware.Password) -> Quarantined and deleted successfully.


    Here's the latest MALWAREBYTES log (shows clean):

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7622

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    11/11/2011 12:36:02 AM
    mbam-log-2011-11-11 (00-36-02).txt

    Scan type: Quick scan
    Objects scanned: 207739
    Time elapsed: 3 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    MY GMER LOG:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-11 00:39:30
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-75ZCT2 rev.11.01A11
    Running: jx0l5g9i.exe; Driver: C:\Users\DSJWV\AppData\Local\Temp\kxtcrpod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----


    My DDS Logs are in the next post....
     
  2. jimvski

    jimvski TS Rookie Topic Starter

    Here's my DDS Logs:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514
    Run by DSJWV at 0:43:53 on 2011-11-11
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2000.1267 [GMT -5:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Microsoft Office Communicator\communicator.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://o.aolcdn.com/aim/gromit/aim_express/gm/101215.6261.1.en-us/WidgetMain.html
    uInternet Settings,ProxyOverride = 170.118.*;10.235.*;*.infores.com;127.0.01;*knowledgroup.com;*iriknowledgegroup.com;*symphonytg.com;*symphonyrpm.com;*symphonysv.com;10.85.226.106;139.61.238.26;ard.acxiom.com;*.cpgnetwork.com;*.iriworldwide.com;datadefense2.ironmountain.com;download.microsoft.com;silverlight.dlservice.microsoft.com;*.shavlik.com;crl.verisign.net;<local>
    uInternet Settings,ProxyServer = Proxy.infores.com:8080
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: HideFastUserSwitching = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    Trusted Zone: citi.com\creditcards
    Trusted Zone: infores.com\cpgndev2
    Trusted Zone: infores.com\cpgnprod
    Trusted Zone: infores.com\iriteams
    Trusted Zone: infores.com\pricesim
    Trusted Zone: infores.com\pricesimp
    Trusted Zone: verizon.net\mailbox
    Trusted Zone: verizon.net\webmail
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{AF0CF356-AAD1-4B98-AA3E-CD0F046703B5} : DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{AF0CF356-AAD1-4B98-AA3E-CD0F046703B5}\64C69756273723 : DhcpNameServer = 10.0.0.1
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Notification Packages = scecli CPNP
    mASetup: {A429C2AE-EBF1-4F81-A221-1C115CAADDAD} - msiexec /fmous {A429C2AE-EBF1-4F81-A221-1C115CAADDAD} /qn
    mASetup: {B104C813-FB09-4B7B-B675-5EF0C176AF66} - msiexec /fu {B104C813-FB09-4B7B-B675-5EF0C176AF66} /qn
    mASetup: Citrix_ICA_Client_11.2.0.31560_ENG - Msiexec /fu {0BCA9EFD-F2D6-4638-B053-8693BA0404BE} /qn
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe [2011-11-2 81920]
    R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2007-5-24 36368]
    R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2007-5-24 673456]
    R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2011-11-1 33832]
    R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2007-5-24 2234800]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2011-11-1 127488]
    S2 !SASCORE;SAS Core Service;"c:\program files\superantispyware\sascore.exe" --> c:\program files\superantispyware\SASCORE.EXE [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 myAgtSvc;McAfee Virus and Spyware Protection Service;"c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe" /servicestart --> c:\program files\mcafee\managed virusscan\agent\myAgtSvc.Exe [?]
    S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2007-5-24 110032]
    S3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2011-11-10 223960]
    S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2011-11-1 47104]
    S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-11-1 49152]
    S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2011-11-1 38400]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 tcm;tcm;c:\windows\system32\drivers\tcm.sys [2011-11-1 12952]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-2 52224]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-2 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-11-11 05:20:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-10 17:39:45 266440 ----a-w- c:\windows\system32\PROUnstl.exe
    2011-11-10 17:39:25 62144 ----a-w- c:\windows\system32\NicInstY.dll
    2011-11-10 17:39:25 223960 ----a-w- c:\windows\system32\drivers\e1y6232.sys
    2011-11-10 17:35:08 -------- d-----w- c:\program files\Cisco
    2011-11-10 17:33:44 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
    2011-11-10 17:33:44 58368 ----a-w- c:\windows\system32\bcmwlrmt.dll
    2011-11-10 17:33:44 52224 ----a-w- c:\windows\system32\wltrynt.dll
    2011-11-10 17:33:44 4517888 ----a-w- c:\windows\system32\bcmttls.dll
    2011-11-10 17:33:44 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
    2011-11-10 17:33:43 7489024 ----a-w- c:\windows\system32\BCMWLCPL.CPL
    2011-11-10 17:33:40 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
    2011-11-10 17:33:40 2707448 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
    2011-11-10 16:24:29 -------- d-----w- c:\program files\CCleaner
    2011-11-10 15:35:26 388096 ----a-w- c:\windows\system32\drivers\csc.sys
    2011-11-10 08:10:22 -------- d-----w- c:\windows\system32\BestPractices
    2011-11-10 07:38:51 -------- d-----w- C:\inetpub
    2011-11-10 04:30:47 23 ----a-w- c:\windows\CIO857E.tmp
    2011-11-10 04:11:39 20568 ----a-w- c:\windows\erase_SR.exe
    2011-11-10 01:35:30 24550 ----a-w- c:\windows\bcm6289.tmp
    2011-11-09 19:53:13 -------- d-----w- c:\users\dsjwv\appdata\roaming\Malwarebytes
    2011-11-09 19:53:08 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-09 19:53:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-09 19:37:05 6146896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
    2011-11-09 19:36:59 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{527dcb8f-9adc-4dfc-80fe-4720fbba5faf}\mpengine.dll
    2011-11-09 18:31:33 -------- d-----w- c:\programdata\!SASCORE
    2011-11-09 18:31:31 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-11-09 18:19:15 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2011-11-09 16:16:56 708608 ----a-w- c:\program files\common files\system\wab32.dll
    2011-11-09 16:16:52 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 16:16:48 2341888 ----a-w- c:\windows\system32\win32k.sys
    2011-11-09 16:15:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-09 15:31:35 -------- d-----w- c:\program files\MSDN
    2011-11-09 15:25:03 -------- d-----w- c:\program files\Microsoft Device Emulator
    2011-11-09 15:24:05 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
    2011-11-09 15:15:05 -------- d-----w- c:\programdata\PreEmptive Solutions
    2011-11-09 15:04:04 -------- d-----w- c:\program files\HTML Help Workshop
    2011-11-09 15:04:04 -------- d-----w- c:\program files\common files\Merge Modules
    2011-11-09 15:04:04 -------- d-----w- c:\program files\CE Remote Tools
    2011-11-09 15:02:24 -------- d-----w- c:\program files\Microsoft Web Designer Tools
    2011-11-09 15:00:19 97296 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1036.dll
    2011-11-09 15:00:19 96272 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.3082.dll
    2011-11-09 15:00:19 96272 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1031.dll
    2011-11-09 15:00:19 95248 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1040.dll
    2011-11-09 15:00:19 91152 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1033.dll
    2011-11-09 15:00:19 81424 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1041.dll
    2011-11-09 15:00:19 79888 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1042.dll
    2011-11-09 15:00:19 76304 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1028.dll
    2011-11-09 15:00:19 75792 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.2052.dll
    2011-11-09 15:00:19 562688 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.exe
    2011-11-03 15:59:50 -------- d-----w- c:\windows\WindowsMobile
    2011-11-03 12:49:49 1699328 ----a-w- c:\windows\system32\esent.dll
    2011-11-03 12:49:48 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-11-03 12:49:47 148864 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-11-03 12:49:46 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-11-03 12:49:44 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-11-03 12:49:42 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-11-03 12:49:41 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-11-03 12:49:40 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-11-03 12:49:39 74240 ----a-w- c:\windows\system32\fsutil.exe
    2011-11-03 05:30:32 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
    2011-11-03 05:28:07 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
    2011-11-03 05:28:07 666624 ----a-w- c:\windows\system32\mssvp.dll
    2011-11-03 05:28:07 59392 ----a-w- c:\windows\system32\msscntrs.dll
    2011-11-03 05:28:07 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
    2011-11-03 05:28:07 337408 ----a-w- c:\windows\system32\mssph.dll
    2011-11-03 05:28:07 197120 ----a-w- c:\windows\system32\mssphtb.dll
    2011-11-03 05:28:07 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
    2011-11-03 05:28:07 1549312 ----a-w- c:\windows\system32\tquery.dll
    2011-11-03 05:28:07 1401344 ----a-w- c:\windows\system32\mssrch.dll
    2011-11-03 05:11:14 -------- d-----w- c:\windows\system32\SPReview
    2011-11-03 05:11:05 -------- d-----w- c:\users\dsjwv\appdata\local\Microsoft Games
    2011-11-03 04:44:22 -------- d-----w- c:\windows\system32\EventProviders
    2011-11-03 03:59:55 123904 ----a-w- c:\windows\system32\poqexec.exe
    2011-11-03 03:58:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-11-03 03:58:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-11-03 03:58:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-11-03 03:58:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-11-03 03:58:15 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-11-03 03:58:05 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-11-03 03:58:04 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-11-03 03:58:04 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-11-03 03:56:58 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-03 03:56:28 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-11-03 03:56:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-11-03 03:56:23 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-11-03 03:56:20 31232 ----a-w- c:\windows\system32\prevhost.exe
    2011-11-03 03:56:11 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-11-03 03:56:10 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-11-03 03:56:04 2616320 ----a-w- c:\windows\explorer.exe
    2011-11-03 03:56:00 870912 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-11-03 03:48:26 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-11-03 02:35:49 -------- d-----w- c:\users\dsjwv\appdata\local\Apps
    2011-11-02 23:48:24 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
    2011-11-02 23:19:37 527360 ------w- c:\windows\system32\stapi32.dll
    2011-11-02 23:19:12 61440 ----a-w- c:\windows\system32\aestaren.dll
    2011-11-02 23:19:12 380928 ----a-w- c:\windows\system32\aestecap.dll
    2011-11-02 23:19:12 140288 ----a-w- c:\windows\system32\aestacap.dll
    2011-11-02 23:19:11 3354624 ----a-w- c:\windows\system32\stlang.dll
    2011-11-02 23:19:11 12628060 ----a-w- c:\windows\system32\idtcpl.cpl
    2011-11-02 23:18:33 945664 ----a-w- c:\windows\system32\stapo.dll
    2011-11-02 23:18:33 423424 ----a-w- c:\windows\system32\drivers\stwrt.sys
    2011-11-02 23:18:33 405504 ----a-w- c:\windows\system32\stcplx.dll
    2011-11-02 23:18:33 175616 ----a-w- c:\windows\system32\st326274.dll
    2011-11-02 19:37:57 -------- d-----w- c:\programdata\Attachmate
    2011-11-02 19:37:49 -------- d-----w- c:\program files\Attachmate
    2011-11-02 19:37:49 -------- d-----w- C:\DesktopFolder
    2011-11-02 19:35:53 -------- d-----w- c:\windows\Downloaded Installations
    2011-11-02 19:27:53 -------- d-----w- C:\drvrtmp
    2011-11-02 19:27:43 -------- d-----w- C:\dell
    2011-11-02 19:13:23 -------- d-----w- c:\users\dsjwv\appdata\local\ElevatedDiagnostics
    2011-11-02 18:55:04 -------- d-----w- c:\program files\Microsoft Games
    2011-11-02 16:32:05 -------- d-----w- c:\users\dsjwv\appdata\local\Microsoft_Corporation
    2011-11-02 16:26:07 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2011-11-02 16:26:01 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2011-11-02 16:25:59 -------- d-----w- c:\windows\system32\1033
    2011-11-02 16:22:51 -------- d-----w- c:\program files\Microsoft SQL Server
    2011-11-02 14:55:35 -------- d-----w- c:\windows\pss
    2011-11-02 14:31:16 86016 ----a-w- c:\windows\unvise32.exe
    2011-11-02 14:12:41 -------- d-----w- c:\program files\Quake III Arena
    2011-11-02 14:12:20 327168 ----a-w- c:\windows\IsUninst.exe
    2011-11-02 03:58:49 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
    2011-11-02 03:58:49 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
    2011-11-02 03:57:41 -------- d-----w- c:\program files\common files\McAfee
    2011-11-02 03:56:27 -------- d-----w- c:\users\dsjwv\appdata\roaming\McAfee
    2011-11-02 03:36:20 33832 ----a-r- c:\windows\system32\drivers\cvusbdrv.sys
    2011-11-02 03:33:04 982240 ----a-w- c:\windows\system32\igkrng500.bin
    2011-11-02 03:33:04 92356 ----a-w- c:\windows\system32\igfcg500m.bin
    2011-11-02 03:33:04 828928 ----a-w- c:\windows\system32\igfxress.dll
    2011-11-02 03:33:04 81920 ----a-w- c:\windows\system32\igfxCoIn_v2182.dll
    2011-11-02 03:33:04 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
    2011-11-02 03:33:04 5120 ----a-w- c:\windows\system32\HdmiCoin.dll
    2011-11-02 03:33:04 439308 ----a-w- c:\windows\system32\igcompkrng500.bin
    2011-11-02 03:33:04 127488 ----a-w- c:\windows\system32\drivers\IntcHdmi.sys
    2011-11-02 03:33:03 95232 ----a-w- c:\windows\system32\hccutils.dll
    2011-11-02 03:33:03 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
    2011-11-02 03:32:57 28792 ----a-w- c:\windows\system32\NicCo36.dll
    2011-11-02 03:32:57 12952 ----a-w- c:\windows\system32\drivers\tcm.sys
    2011-11-02 03:32:57 121440 ----a-w- c:\windows\system32\e1000msg.dll
    2011-11-02 03:32:56 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
    2011-11-02 03:32:43 18344 ----a-w- c:\windows\system32\drivers\btwrchid.sys
    2011-11-02 03:32:42 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
    2011-11-02 03:32:36 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
    2011-11-02 03:27:32 -------- d-sh--w- C:\Boot
    2011-11-02 01:51:56 -------- d-----w- c:\windows\dell
    2011-11-02 01:51:11 -------- d-----w- C:\SymphonyRPM
    2011-11-02 01:51:08 -------- d-----w- c:\program files\Information Resources
    2011-11-02 01:51:08 -------- d-----w- C:\AS_Install
    2011-11-02 01:36:34 -------- d-----w- C:\SvcTools
    2011-11-02 01:35:41 55304 ----a-w- c:\windows\system32\drivers\mfetdik.sys
    2011-11-02 01:35:01 -------- d-----w- c:\program files\McAfee
    2011-11-02 01:34:44 -------- d-----w- c:\windows\system32\Adobe
    2011-11-02 01:03:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2011-11-02 01:03:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2011-11-02 01:03:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2011-11-02 01:03:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2011-11-02 01:03:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2011-11-02 01:03:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2011-11-02 01:03:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2011-11-02 01:01:24 2516 ----a-w- c:\windows\system32\drivers\default.bin
    2011-11-02 01:01:24 2516 ----a-w- c:\windows\system32\default.bin
    2011-11-02 01:00:52 -------- d-----w- c:\program files\CheckPoint
    2011-11-02 00:48:03 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
    2011-11-02 00:48:03 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
    2011-11-02 00:48:03 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
    2011-11-02 00:48:02 90112 ----a-w- c:\windows\system32\snymsico.dll
    2011-11-02 00:48:02 49152 ----a-w- c:\windows\system32\drivers\risdpe86.sys
    2011-11-02 00:48:02 47104 ----a-w- c:\windows\system32\drivers\rimspe86.sys
    2011-11-02 00:48:02 38400 ----a-w- c:\windows\system32\drivers\rixdpe86.sys
    2011-11-02 00:48:02 196608 ----a-w- c:\windows\system32\RiSDIcon.dll
    2011-11-02 00:48:02 188416 ----a-w- c:\windows\system32\RiMMCIcon.dll
    2011-11-02 00:48:02 172032 ----a-w- c:\windows\system32\rixdicon.dll
    2011-11-02 00:47:21 -------- d-----w- c:\program files\DellTPad
    2011-11-02 00:41:45 -------- d-----w- c:\program files\IDT
    2011-11-02 00:41:44 86016 ----a-w- c:\windows\system32\AESTCom.dll
    2011-11-02 00:41:41 -------- d-----w- c:\windows\system32\SRSLabs
    2011-11-02 00:41:01 -------- d-----w- C:\Intel
    2011-11-01 22:47:55 -------- d-----w- C:\DellPCBackup
    .
    ==================== Find3M ====================
    .
    2011-11-03 05:06:54 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-20 04:31:05 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-08-17 04:24:12 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2011-08-17 04:19:27 75776 ----a-w- c:\windows\system32\psisrndr.ax
    .
    ============= FINISH: 0:44:06.47 ===============




    AND ATTACH:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/1/2011 8:59:25 PM
    System Uptime: 11/10/2011 10:43:58 PM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0G866N
    Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Microprocessor | 2535/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 91.203 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: SecuRemote Miniport
    Device ID: ROOT\CP_FW1MP\0000
    Manufacturer: Check Point
    Name: Check Point Virtual Network Adapter For SecureClient - SecuRemote Miniport
    PNP Device ID: ROOT\CP_FW1MP\0000
    Service: FW1
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: SecuRemote Miniport
    Device ID: ROOT\CP_FW1MP\0004
    Manufacturer: Check Point
    Name: Microsoft Virtual WiFi Miniport Adapter #2 - SecuRemote Miniport
    PNP Device ID: ROOT\CP_FW1MP\0004
    Service: FW1
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: SecuRemote Miniport
    Device ID: ROOT\CP_FW1MP\0005
    Manufacturer: Check Point
    Name: Microsoft Virtual WiFi Miniport Adapter - SecuRemote Miniport
    PNP Device ID: ROOT\CP_FW1MP\0005
    Service: FW1
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) 82567LM Gigabit Network Connection
    Device ID: PCI\VEN_8086&DEV_10F5&SUBSYS_02331028&REV_03\3&2B8E0B4B&0&C8
    Manufacturer: Intel
    Name: Intel(R) 82567LM Gigabit Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_10F5&SUBSYS_02331028&REV_03\3&2B8E0B4B&0&C8
    Service: e1yexpress
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&3A6DFD66&4&05
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter #3
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&3A6DFD66&4&05
    Service: vwifimp
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0000
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter
    PNP Device ID: ROOT\*ISATAP\0000
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Check Point Virtual Network Adapter For SecureClient
    Device ID: ROOT\NET\0000
    Manufacturer: Check Point
    Name: Check Point Virtual Network Adapter For SecureClient
    PNP Device ID: ROOT\NET\0000
    Service: VNASC
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 11 ActiveX
    Adobe Photoshop 6.0
    Adobe Reader 9.2
    Adobe SVG Viewer
    Apple Application Support
    Attachmate Reflection Multi-Host, Standard 14.0.5826
    CCleaner
    Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Citrix online plug-in (Web)
    Dell Touchpad
    DW WLAN Card Utility
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    IDT Audio
    InfraRecorder 0.5
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Network Connections Drivers
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 22
    JInitiator
    Macromedia Authorware Web Player
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Conferencing Add-in for Microsoft Office Outlook
    Microsoft Device Emulator version 3.0 - ENU
    Microsoft Document Explorer 2008
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Communicator 2007 R2
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Meeting 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio Viewer 2007
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft Silverlight
    Microsoft SQL Server 2008 R2
    Microsoft SQL Server 2008 R2 Native Client
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server 2008 R2 Setup (English)
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 Design Tools ENU
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft SQL Server Database Publishing Wizard 1.2
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Professional Edition - ENU
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Web Authoring Component
    Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    Microsoft Windows SDK for Visual Studio 2008 Tools
    Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    MSDN Library for Visual Studio 2008 - ENU
    Quake III Arena
    Quake III Arena Point Release 1.32
    QuickTime
    RICOH Media Driver ver.2.07.01.01
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office system 2007 (KB974234)
    Service Pack 1 for SQL Server 2008 R2 (KB2528583)
    SQL Server 2008 R2 SP1 Common Files
    SQL Server 2008 R2 SP1 Management Studio
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Visual Studio Web Authoring Component (KB945140)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    VC Runtimes MSI
    VirusScan Enterprise Client
    Visual C++ 2008 IA64 Runtime - (v9.0.30729)
    Visual C++ 2008 IA64 Runtime - v9.0.30729.01
    Visual C++ 2008 x64 Runtime - (v9.0.30729)
    Visual C++ 2008 x64 Runtime - v9.0.30729.01
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 8.0 x86 Runtime Setup Package
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio Tools for the Office system 3.0 Runtime
    Windows Driver Package - Broadcom (BCM43XX) Net (01/21/2010 5.60.48.35)
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    Windows Mobile Device Center
    WinZip
    X7Magic Setup
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/10/2011 8:15:34 PM, Error: Service Control Manager [7023] - The DHCP Client service terminated with the following error: Element not found.
    11/10/2011 8:15:33 PM, Error: Microsoft-Windows-Dhcp-Client [1004] - Error occurred in stopping the Dhcpv4 Client service. Error code is 0x490. ShutDown Flag value is 1
    11/10/2011 8:11:34 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The request is not supported.
    11/10/2011 2:29:28 PM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
    11/10/2011 10:48:30 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    11/10/2011 10:47:06 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
    11/10/2011 10:44:21 PM, Error: Service Control Manager [7000] - The SAS Core Service service failed to start due to the following error: The system cannot find the file specified.
    11/10/2011 10:44:21 PM, Error: Service Control Manager [7000] - The McAfee Virus and Spyware Protection Service service failed to start due to the following error: The system cannot find the file specified.
    11/10/2011 10:44:21 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain IRI_CORP due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    11/10/2011 10:44:17 PM, Error: Service Control Manager [7023] - The Offline Files service terminated with the following error: The system cannot find the path specified.
    11/10/2011 10:44:17 PM, Error: Service Control Manager [7000] - The Check Point Virtual Network Adapter - SecureClient service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    11/10/2011 10:43:38 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    11/10/2011 1:01:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SAS Core Service service to connect.
    11/10/2011 1:01:44 PM, Error: Service Control Manager [7000] - The SAS Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================

    I have several adapters disabled right now as I've been trying everything I can think of. Again, many thanks for any help you can provide...

    Jim
     
  3. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    You're not running any AV program but we'll get back to it later when we reestablish your internet connection.

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  4. jimvski

    jimvski TS Rookie Topic Starter

    I think it's fixed.

    Broni,

    Thank you very much for your response. I think I actually have it working ok now. Doing a ton of reading about DNS and the fact that nslookup worked yet ping didn't pointed me to the Windows system dns code. I made an assumption that one of the files was corrupted so I actually uninstalled Windows SP1 hoping that it would overwrite the system DNS files. It apparently did because I'm up and running. I reinstalled a fresh version of SP 1 and all is still fine. As far as AV software - my company pushes out McAfee which I don't put much faith in so I'll be reinstalling MalwareBytes.

    Although it seems fixed, do you recommend doing anything else to check?

    Thanks again.
    Jim
     
  5. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I'd go with a checkup.
     
  6. jimvski

    jimvski TS Rookie Topic Starter

    NOT FIXED.... So I followed your instructions

    Trying to be on the safe side, I decided to run a few different scans. MalwareBytes came up clean but then I ran SuperAntiSpyware and it found an infection. So, with conflicting info, I decided to follow your instructions. I ran aswMBR and it said I was infected with Win32: Alureon-AJI. I then Ran Combofix per your instructions and it found RootKit.ZeroAccess. I got the BSOD a couple times but Combofix seemed to keep going. Both logs are posted below. Seems like so far so good but what's next???

    aswMBR Log:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-11 15:13:07
    -----------------------------
    15:13:07.059 OS Version: Windows 6.1.7601 Service Pack 1
    15:13:07.059 Number of processors: 2 586 0x170A
    15:13:07.059 ComputerName: CHIGYVG4L1L UserName: DSJWV
    15:13:27.558 Initialize success
    15:13:34.344 AVAST engine defs: 11111100
    15:14:34.326 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    15:14:34.326 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
    15:14:36.354 Disk 0 MBR read successfully
    15:14:36.354 Disk 0 MBR scan
    15:14:36.369 Disk 0 Windows VISTA default MBR code
    15:14:36.369 Disk 0 scanning sectors +312578048
    15:14:36.463 Disk 0 scanning C:\Windows\system32\drivers
    15:14:38.007 File: C:\Windows\system32\drivers\blbdrive.sys **INFECTED** Win32:Alureon-AJI [Rtk]
    15:14:47.789 Service scanning
    15:14:50.831 Service .blbdrive \* **LOCKED** 123
    15:14:51.689 Modules scanning
    15:15:01.314 Disk 0 trace - called modules:
    15:15:01.345 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
    15:15:01.361 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e191a0]
    15:15:01.361 3 CLASSPNP.SYS[891ad59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85073908]
    15:15:02.733 AVAST engine scan C:\Windows
    15:15:05.011 AVAST engine scan C:\Windows\system32
    15:16:56.894 AVAST engine scan C:\Windows\system32\drivers
    15:16:58.252 File: C:\Windows\system32\drivers\blbdrive.sys **INFECTED** Win32:Alureon-AJI [Rtk]
    15:17:09.094 AVAST engine scan C:\Users\DSJWV
    15:27:12.518 AVAST engine scan C:\ProgramData
    15:27:46.682 Scan finished successfully
    15:28:08.616 Disk 0 MBR has been saved successfully to "C:\Users\DSJWV\Desktop\MBR.dat"
    15:28:08.616 The log file has been saved successfully to "C:\Users\DSJWV\Desktop\aswMBR.txt"



    COMBOFIX LOG:

    ComboFix 11-11-11.06 - DSJWV 11/11/2011 15:45:32.1.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2000.1279 [GMT -5:00]
    Running from: c:\users\DSJWV\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
    c:\programdata\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll
    c:\programdata\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
    c:\programdata\Microsoft\corecon\1.0\addons\SDKAddonVer.dll
    c:\programdata\Microsoft\corecon\1.0\SDKFilesVer.dll
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
    c:\windows\$NtUninstallKB15667$\1813779170
    c:\windows\system32\
    c:\windows\system32\c_49850.nls
    c:\windows\system32\drivers\bcm7ED0.tmp
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\oem80.inf
    c:\windows\system32\oem89.inf
    c:\windows\$NtUninstallKB15667$ . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-11 19:40 . 2011-11-11 19:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-11-11 16:05 . 2011-11-11 16:05 -------- d-----w- c:\users\DefaultAppPool
    2011-11-11 14:59 . 2011-11-11 14:59 -------- d-----w- c:\program files\Microsoft Network Monitor 3
    2011-11-11 05:20 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-10 17:39 . 2011-01-28 16:19 266440 ----a-w- c:\windows\system32\PROUnstl.exe
    2011-11-10 17:39 . 2011-03-23 21:02 223960 ----a-w- c:\windows\system32\drivers\e1y6232.sys
    2011-11-10 17:39 . 2009-10-11 05:26 62144 ----a-w- c:\windows\system32\NicInstY.dll
    2011-11-10 17:35 . 2011-11-10 17:35 -------- d-----w- c:\program files\Cisco
    2011-11-10 17:33 . 2010-02-02 03:20 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
    2011-11-10 17:33 . 2010-02-02 03:19 58368 ----a-w- c:\windows\system32\bcmwlrmt.dll
    2011-11-10 17:33 . 2010-02-02 03:18 4517888 ----a-w- c:\windows\system32\bcmttls.dll
    2011-11-10 17:33 . 2010-02-02 03:18 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
    2011-11-10 17:33 . 2010-02-02 03:18 7489024 ----a-w- c:\windows\system32\BCMWLCPL.CPL
    2011-11-10 17:33 . 2010-02-02 03:20 2707448 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
    2011-11-10 17:33 . 2010-02-02 03:20 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
    2011-11-10 16:24 . 2011-11-10 16:24 -------- d-----w- c:\program files\CCleaner
    2011-11-10 15:35 . 2011-11-10 15:34 388096 ----a-w- c:\windows\system32\drivers\csc.sys
    2011-11-10 08:10 . 2011-11-10 08:10 -------- d-----w- c:\windows\system32\BestPractices
    2011-11-10 07:38 . 2011-11-10 08:10 -------- d-----w- C:\inetpub
    2011-11-10 04:30 . 2011-11-10 04:30 23 ----a-w- c:\windows\CIO857E.tmp
    2011-11-10 04:11 . 2007-05-24 15:13 20568 ----a-w- c:\windows\erase_SR.exe
    2011-11-10 01:35 . 2011-11-10 01:36 24550 ----a-w- c:\windows\bcm6289.tmp
    2011-11-09 19:53 . 2011-11-09 19:53 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-09 19:53 . 2011-11-11 05:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-09 19:36 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{527DCB8F-9ADC-4DFC-80FE-4720FBBA5FAF}\mpengine.dll
    2011-11-09 18:31 . 2011-11-09 18:31 -------- d-----w- c:\programdata\!SASCORE
    2011-11-09 18:31 . 2011-11-11 19:40 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-11-09 18:19 . 2011-11-09 18:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2011-11-09 16:16 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 16:16 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 16:15 . 2011-11-09 16:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-09 15:31 . 2011-11-09 15:31 -------- d-----w- c:\program files\MSDN
    2011-11-09 15:25 . 2011-11-09 15:25 -------- d-----w- c:\program files\Microsoft Device Emulator
    2011-11-09 15:24 . 2011-11-09 15:24 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
    2011-11-09 15:15 . 2011-11-09 15:15 -------- d-----w- c:\programdata\PreEmptive Solutions
    2011-11-09 15:08 . 2011-11-09 15:08 -------- d-----w- c:\windows\symbols
    2011-11-09 15:04 . 2011-11-09 15:15 -------- d-----w- c:\program files\Common Files\Merge Modules
    2011-11-09 15:04 . 2011-11-09 15:10 -------- d-----w- c:\program files\HTML Help Workshop
    2011-11-09 15:04 . 2011-11-09 15:04 -------- d-----w- c:\program files\CE Remote Tools
    2011-11-09 15:02 . 2011-11-09 15:02 -------- d-----w- c:\program files\Microsoft Web Designer Tools
    2011-11-09 15:00 . 2011-11-09 15:00 97296 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1036.dll
    2011-11-09 15:00 . 2011-11-09 15:00 96272 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.3082.dll
    2011-11-09 15:00 . 2011-11-09 15:00 96272 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1031.dll
    2011-11-09 15:00 . 2011-11-09 15:00 95248 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1040.dll
    2011-11-09 15:00 . 2011-11-09 15:00 91152 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1033.dll
    2011-11-09 15:00 . 2011-11-09 15:00 81424 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1041.dll
    2011-11-09 15:00 . 2011-11-09 15:00 79888 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1042.dll
    2011-11-09 15:00 . 2011-11-09 15:00 76304 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1028.dll
    2011-11-09 15:00 . 2011-11-09 15:00 75792 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.2052.dll
    2011-11-09 15:00 . 2011-11-09 15:00 562688 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
    2011-11-03 15:59 . 2011-11-03 16:00 -------- d-----w- c:\windows\WindowsMobile
    2011-11-03 12:49 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
    2011-11-03 12:49 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-11-03 12:49 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-11-03 12:49 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-11-03 12:49 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-11-03 12:49 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-11-03 12:49 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-11-03 12:49 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-11-03 12:49 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
    2011-11-03 12:49 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-11-03 12:26 . 2011-11-11 13:45 -------- d-----w- c:\users\User
    2011-11-03 05:30 . 2011-08-13 04:18 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2011-11-03 05:28 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
    2011-11-03 05:28 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
    2011-11-03 05:28 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
    2011-11-03 05:28 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
    2011-11-03 05:28 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
    2011-11-03 04:46 . 2010-11-20 08:19 296448 ----a-w- c:\windows\system32\mfds.dll
    2011-11-03 04:44 . 2011-11-03 04:44 -------- d-----w- c:\windows\system32\EventProviders
    2011-11-03 04:00 . 2011-08-20 04:26 860672 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
    2011-11-03 04:00 . 2011-08-20 04:26 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
    2011-11-03 04:00 . 2011-04-29 04:57 189952 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2011-11-03 04:00 . 2011-10-01 02:42 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-11-03 03:58 . 2011-07-16 04:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-11-03 03:58 . 2011-07-16 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-11-03 03:58 . 2011-07-16 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-11-03 03:58 . 2011-07-16 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-11-03 03:58 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-11-03 03:58 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-11-03 03:58 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-11-03 03:56 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-11-03 03:56 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-11-03 03:56 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
    2011-11-03 03:56 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-11-03 03:56 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-11-03 03:56 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
    2011-11-03 03:48 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-11-03 03:48 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-11-03 03:48 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
    2011-11-02 23:49 . 2010-02-02 03:18 1032192 ----a-w- c:\windows\system32\BCMLogon.dll
    2011-11-02 23:49 . 2010-02-02 03:18 1032192 ----a-w- c:\windows\system32\bcmCB2E.tmp
    2011-11-02 23:49 . 2010-02-02 03:20 6656 ----a-w- c:\windows\system32\bcm7F9C.tmp
    2011-11-02 23:49 . 2010-02-02 03:19 58368 ----a-w- c:\windows\system32\bcm79BB.tmp
    2011-11-02 23:49 . 2010-02-02 03:18 4517888 ----a-w- c:\windows\system32\bcm7BA0.tmp
    2011-11-02 23:49 . 2010-02-02 03:18 18424 ----a-w- c:\windows\system32\drivers\bcm7DB5.tmp
    2011-11-02 23:49 . 2010-02-02 03:20 52224 ----a-w- c:\windows\system32\bcm791D.tmp
    2011-11-02 23:49 . 2010-02-02 03:20 457 ----a-w- c:\windows\system32\bcm736A.tmp
    2011-11-02 23:49 . 2010-02-02 03:20 2682880 ----a-w- c:\windows\system32\bcm72CC.tmp
    2011-11-02 23:49 . 2010-02-02 03:18 7489024 ----a-w- c:\windows\system32\bcm7850.tmp
    2011-11-02 23:49 . 2011-11-02 23:49 -------- d-----w- c:\program files\Dell
    2011-11-02 23:48 . 2010-02-02 03:19 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
    2011-11-02 23:19 . 2010-01-27 06:28 140288 ----a-w- c:\windows\system32\aestacap.dll
    2011-11-02 23:19 . 2009-10-10 04:45 380928 ----a-w- c:\windows\system32\aestecap.dll
    2011-11-02 23:19 . 2009-03-03 05:57 61440 ----a-w- c:\windows\system32\aestaren.dll
    2011-11-02 23:19 . 2010-03-10 03:56 12628060 ----a-w- c:\windows\system32\idtcpl.cpl
    2011-11-02 23:18 . 2010-03-10 03:56 423424 ----a-w- c:\windows\system32\drivers\stwrt.sys
    2011-11-02 19:37 . 2011-11-02 19:37 -------- d-----w- c:\programdata\Attachmate
    2011-11-02 19:37 . 2011-11-02 19:38 -------- d-----w- C:\DesktopFolder
    2011-11-02 19:37 . 2011-11-02 19:37 -------- d-----w- c:\program files\Attachmate
    2011-11-02 19:35 . 2011-11-02 19:35 -------- d-----w- c:\windows\Downloaded Installations
    2011-11-02 19:27 . 2011-11-10 17:39 -------- d-----w- C:\drvrtmp
    2011-11-02 19:27 . 2011-11-11 18:54 -------- d-----w- C:\dell
    2011-11-02 18:55 . 2011-11-02 18:55 -------- d-----w- c:\program files\Microsoft Games
    2011-11-02 16:26 . 2011-11-02 16:26 -------- d-----w- c:\program files\Microsoft SDKs
    2011-11-02 16:26 . 2011-11-09 15:15 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
    2011-11-02 16:26 . 2011-11-02 16:26 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2011-11-02 16:26 . 2011-11-02 16:26 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2011-11-02 16:25 . 2011-11-09 15:06 -------- d-----w- c:\windows\system32\1033
    2011-11-02 16:22 . 2011-11-03 13:35 -------- d-----w- c:\program files\Microsoft SQL Server
    2011-11-02 14:31 . 1999-12-17 14:13 86016 ----a-w- c:\windows\unvise32.exe
    2011-11-02 14:12 . 2011-11-02 14:31 -------- d-----w- c:\program files\Quake III Arena
    2011-11-02 14:12 . 1998-10-02 23:00 327168 ----a-w- c:\windows\IsUninst.exe
    2011-11-02 03:58 . 2011-08-03 21:56 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
    2011-11-02 03:58 . 2011-08-03 21:56 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-11 18:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-09-29 03:37 . 2011-11-09 16:16 2341888 ----a-w- c:\windows\system32\win32k.sys
    2011-08-20 04:31 . 2011-11-03 04:00 981504 ----a-w- c:\windows\system32\wininet.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 488816]
    "Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2008-12-17 5160288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-10 495708]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-05 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-05 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-05 172568]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5249024]
    "SMA8.4.0.43"="c:\svctools\8.4.0.43\bin\lnchr.exe" [2011-07-11 532480]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "HideFastUserSwitching"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1487472903-838666396-1598175747-12172\Scripts\Logon\0\0]
    "Script"=\\infores.com\netlogon\admin.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1487472903-838666396-1598175747-12172\Scripts\Logon\1\0]
    "Script"=\\infores.com\NETLOGON\logon.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1487472903-838666396-1598175747-12172\Scripts\Logon\2\0]
    "Script"=\\infores.com\NETLOGON\logon.bat
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
    2009-09-13 04:09 103768 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2011-11-07 18:04 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2011-11-09 130384]
    R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [x]
    R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
    R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
    R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
    R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
    R3 tcm;tcm;c:\windows\system32\DRIVERS\tcm.sys [2009-04-17 12952]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-02 1343400]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
    S1 FW1;SecuRemote Miniport;c:\windows\system32\DRIVERS\fw.sys [2007-05-24 2234800]
    S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-09 39736]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2011-11-09 81920]
    S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2007-05-24 36368]
    S2 SMA8.4.0.43;Software Management Agent 8.4.0.43;c:\svctools\8.4.0.43\bin\lnchr.exe [2011-07-11 532480]
    S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\DRIVERS\vnasc.sys [2007-05-24 110032]
    S2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [2007-05-24 673456]
    S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-06-26 33832]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2011-03-23 223960]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://o.aolcdn.com/aim/gromit/aim_express/gm/101215.6261.1.en-us/WidgetMain.html
    uInternet Settings,ProxyOverride = 170.118.*;10.235.*;*.infores.com;127.0.01;*knowledgroup.com;*iriknowledgegroup.com;*symphonytg.com;*symphonyrpm.com;*symphonysv.com;10.85.226.106;139.61.238.26;ard.acxiom.com;*.cpgnetwork.com;*.iriworldwide.com;datadefense2.ironmountain.com;download.microsoft.com;silverlight.dlservice.microsoft.com;*.shavlik.com;crl.verisign.net;<local>
    uInternet Settings,ProxyServer = Proxy.infores.com:8080
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: citi.com\creditcards
    Trusted Zone: infores.com\cpgndev2
    Trusted Zone: infores.com\cpgnprod
    Trusted Zone: infores.com\iriteams
    Trusted Zone: infores.com\pricesim
    Trusted Zone: infores.com\pricesimp
    Trusted Zone: verizon.net\mailbox
    Trusted Zone: verizon.net\webmail
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    TCP: DhcpNameServer = 10.0.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-McAfee Managed Services Tray - c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.Exe
    HKLM_ActiveSetup-Citrix_ICA_Client_11.2.0.31560_ENG - Msiexec
    HKLM_ActiveSetup-{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} - msiexec
    HKLM_ActiveSetup-{B104C813-FB09-4B7B-B675-5EF0C176AF66} - msiexec
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.blbdrive]
    "ImagePath"="\*"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe
    c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
    c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
    c:\windows\system32\WLANExt.exe
    c:\program files\Dell\DW WLAN Card\bcmwltry.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    c:\windows\system32\taskhost.exe
    c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
    c:\windows\system32\conhost.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\DellTPad\Apntex.exe
    c:\windows\system32\conhost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\sppsvc.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2011-11-11 16:11:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-11 21:11
    .
    Pre-Run: 96,758,652,928 bytes free
    Post-Run: 96,862,679,040 bytes free
    .
    - - End Of File - - 57C0D36CFB514D4DD589E8506CE13A04
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Post fresh aswMBR log.
     
  8. jimvski

    jimvski TS Rookie Topic Starter

    aswMBR log ...

    Still showing an infection of blbdrive.sys...

    LOG:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-11 17:55:18
    -----------------------------
    17:55:18.194 OS Version: Windows 6.1.7601 Service Pack 1
    17:55:18.194 Number of processors: 2 586 0x170A
    17:55:18.194 ComputerName: CHIGYVG4L1L UserName: DSJWV
    17:55:18.740 Initialize success
    17:55:49.582 AVAST engine defs: 11111101
    17:56:07.568 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    17:56:07.568 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
    17:56:09.596 Disk 0 MBR read successfully
    17:56:09.596 Disk 0 MBR scan
    17:56:09.612 Disk 0 Windows VISTA default MBR code
    17:56:09.612 Disk 0 scanning sectors +312578048
    17:56:09.706 Disk 0 scanning C:\Windows\system32\drivers
    17:56:11.203 File: C:\Windows\system32\drivers\blbdrive.sys **INFECTED** Win32:Alureon-AJI [Rtk]
    17:56:20.906 Service scanning
    17:56:22.638 Service .blbdrive \* **LOCKED** 123
    17:56:23.496 Modules scanning
    17:56:32.918 Disk 0 trace - called modules:
    17:56:32.950 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
    17:56:32.950 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e1f030]
    17:56:32.950 3 CLASSPNP.SYS[891bd59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85948908]
    17:56:34.151 AVAST engine scan C:\Windows
    17:56:37.364 AVAST engine scan C:\Windows\system32
    17:58:30.683 AVAST engine scan C:\Windows\system32\drivers
    17:58:33.101 File: C:\Windows\system32\drivers\blbdrive.sys **INFECTED** Win32:Alureon-AJI [Rtk]
    17:58:54.317 AVAST engine scan C:\Users\DSJWV
    18:08:25.886 AVAST engine scan C:\ProgramData
    18:09:05.667 Scan finished successfully
    18:09:17.289 Disk 0 MBR has been saved successfully to "C:\Users\DSJWV\Desktop\MBR.dat"
    18:09:17.304 The log file has been saved successfully to "C:\Users\DSJWV\Desktop\aswMBR.txt"
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      blbdrive.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  10. jimvski

    jimvski TS Rookie Topic Starter

    SystemLook Output

    Here it is...

    SystemLook 30.07.11 by jpshortstuff
    Log created at 18:25 on 11/11/2011 by DSJWV
    (Limited User)

    ========== filefind ==========

    Searching for "blbdrive.sys"
    C:\Windows\System32\drivers\blbdrive.sys --a---- 35328 bytes [23:23 13/07/2009] [23:23 13/07/2009] A6B4C8894619B4BF735DB45108FB0322
    C:\Windows\System32\DriverStore\FileRepository\blbdrive.inf_x86_neutral_1aa816fe7dc98c3f\blbdrive.sys --a---- 35328 bytes [23:23 13/07/2009] [23:23 13/07/2009] 2287078ED48FCFC477B05B20CF38F36F
    C:\Windows\winsxs\x86_blbdrive.inf_31bf3856ad364e35_6.1.7600.16385_none_8d49fd7c287c0b48\blbdrive.sys --a---- 35328 bytes [23:23 13/07/2009] [23:23 13/07/2009] 2287078ED48FCFC477B05B20CF38F36F

    -= EOF =-
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    C:\Windows\System32\DriverStore\FileRepository\blbdrive.inf_x86_neutral_1aa816fe7dc98c3f\blbdrive.sys | C:\Windows\System32\drivers\blbdrive.sys
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt

    Post new aswMBR log as well.
     
  12. jimvski

    jimvski TS Rookie Topic Starter

    New ComboFix & aswMBR logs...

    Didn't ask for reboot. aswMBR report service blbdrive LOCKED but nothing infected.

    ComboFix:

    ComboFix 11-11-11.06 - DSJWV 11/11/2011 18:52:53.2.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2000.1141 [GMT -5:00]
    Running from: c:\users\DSJWV\Desktop\ComboFix.exe
    Command switches used :: c:\users\DSJWV\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\System32\DriverStore\FileRepository\blbdrive.inf_x86_neutral_1aa816fe7dc98c3f\blbdrive.sys --> c:\windows\System32\drivers\blbdrive.sys
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-11 23:57 . 2011-11-11 23:57 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-11 20:33 . 2011-11-10 15:34 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-11-11 19:40 . 2011-11-11 19:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-11-11 18:13 . 2011-11-11 18:13 -------- d-----w- c:\windows\system32\SPReview
    2011-11-11 16:05 . 2011-11-11 16:05 -------- d-----w- c:\users\DefaultAppPool
    2011-11-11 14:59 . 2011-11-11 14:59 -------- d-----w- c:\program files\Microsoft Network Monitor 3
    2011-11-11 05:20 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-10 17:39 . 2011-01-28 16:19 266440 ----a-w- c:\windows\system32\PROUnstl.exe
    2011-11-10 17:39 . 2011-03-23 21:02 223960 ----a-w- c:\windows\system32\drivers\e1y6232.sys
    2011-11-10 17:39 . 2009-10-11 05:26 62144 ----a-w- c:\windows\system32\NicInstY.dll
    2011-11-10 17:35 . 2011-11-10 17:35 -------- d-----w- c:\program files\Cisco
    2011-11-10 17:33 . 2010-02-02 03:20 52224 ----a-w- c:\windows\system32\wltrynt.dll
    2011-11-10 17:33 . 2010-02-02 03:20 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
    2011-11-10 17:33 . 2010-02-02 03:19 58368 ----a-w- c:\windows\system32\bcmwlrmt.dll
    2011-11-10 17:33 . 2010-02-02 03:18 4517888 ----a-w- c:\windows\system32\bcmttls.dll
    2011-11-10 17:33 . 2010-02-02 03:18 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
    2011-11-10 17:33 . 2010-02-02 03:18 7489024 ----a-w- c:\windows\system32\BCMWLCPL.CPL
    2011-11-10 17:33 . 2010-02-02 03:20 2707448 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
    2011-11-10 17:33 . 2010-02-02 03:20 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
    2011-11-10 16:24 . 2011-11-10 16:24 -------- d-----w- c:\program files\CCleaner
    2011-11-10 15:35 . 2011-11-10 15:34 388096 ----a-w- c:\windows\system32\drivers\csc.sys
    2011-11-10 08:10 . 2011-11-10 08:10 -------- d-----w- c:\windows\system32\BestPractices
    2011-11-10 07:38 . 2011-11-10 08:10 -------- d-----w- C:\inetpub
    2011-11-10 04:30 . 2011-11-10 04:30 23 ----a-w- c:\windows\CIO857E.tmp
    2011-11-10 04:11 . 2007-05-24 15:13 20568 ----a-w- c:\windows\erase_SR.exe
    2011-11-10 01:35 . 2011-11-10 01:36 24550 ----a-w- c:\windows\bcm6289.tmp
    2011-11-09 19:53 . 2011-11-09 19:53 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-09 19:53 . 2011-11-11 05:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-09 19:36 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{527DCB8F-9ADC-4DFC-80FE-4720FBBA5FAF}\mpengine.dll
    2011-11-09 18:31 . 2011-11-09 18:31 -------- d-----w- c:\programdata\!SASCORE
    2011-11-09 18:31 . 2011-11-11 19:40 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-11-09 18:19 . 2011-11-09 18:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2011-11-09 16:16 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 16:16 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 16:16 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
    2011-11-09 16:15 . 2011-11-09 16:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-09 15:31 . 2011-11-09 15:31 -------- d-----w- c:\program files\MSDN
    2011-11-09 15:25 . 2011-11-09 15:25 -------- d-----w- c:\program files\Microsoft Device Emulator
    2011-11-09 15:24 . 2011-11-09 15:24 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
    2011-11-09 15:15 . 2011-11-09 15:15 -------- d-----w- c:\programdata\PreEmptive Solutions
    2011-11-09 15:08 . 2011-11-09 15:08 -------- d-----w- c:\windows\symbols
    2011-11-09 15:04 . 2011-11-09 15:15 -------- d-----w- c:\program files\Common Files\Merge Modules
    2011-11-09 15:04 . 2011-11-09 15:10 -------- d-----w- c:\program files\HTML Help Workshop
    2011-11-09 15:04 . 2011-11-09 15:04 -------- d-----w- c:\program files\CE Remote Tools
    2011-11-09 15:02 . 2011-11-09 15:02 -------- d-----w- c:\program files\Microsoft Web Designer Tools
    2011-11-09 15:00 . 2011-11-09 15:00 97296 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1036.dll
    2011-11-09 15:00 . 2011-11-09 15:00 96272 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.3082.dll
    2011-11-09 15:00 . 2011-11-09 15:00 96272 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1031.dll
    2011-11-09 15:00 . 2011-11-09 15:00 95248 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1040.dll
    2011-11-09 15:00 . 2011-11-09 15:00 91152 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1033.dll
    2011-11-09 15:00 . 2011-11-09 15:00 81424 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1041.dll
    2011-11-09 15:00 . 2011-11-09 15:00 79888 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1042.dll
    2011-11-09 15:00 . 2011-11-09 15:00 76304 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1028.dll
    2011-11-09 15:00 . 2011-11-09 15:00 75792 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.2052.dll
    2011-11-09 15:00 . 2011-11-09 15:00 562688 ----a-w- c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
    2011-11-03 15:59 . 2011-11-03 16:00 -------- d-----w- c:\windows\WindowsMobile
    2011-11-03 12:49 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
    2011-11-03 12:49 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-11-03 12:49 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-11-03 12:49 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-11-03 12:49 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-11-03 12:49 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-11-03 12:49 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-11-03 12:49 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-11-03 12:49 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
    2011-11-03 12:49 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-11-03 12:26 . 2011-11-11 13:45 -------- d-----w- c:\users\User
    2011-11-03 05:30 . 2011-08-13 04:18 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2011-11-03 05:28 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
    2011-11-03 05:28 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
    2011-11-03 05:28 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
    2011-11-03 05:28 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
    2011-11-03 05:28 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
    2011-11-03 05:28 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
    2011-11-03 05:28 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
    2011-11-03 05:28 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
    2011-11-03 05:28 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
    2011-11-03 04:46 . 2010-11-20 08:19 296448 ----a-w- c:\windows\system32\mfds.dll
    2011-11-03 04:44 . 2011-11-03 04:44 -------- d-----w- c:\windows\system32\EventProviders
    2011-11-03 03:59 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
    2011-11-03 03:58 . 2011-07-16 04:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-11-03 03:58 . 2011-07-16 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-11-03 03:58 . 2011-07-16 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-11-03 03:58 . 2011-07-16 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-11-03 03:58 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-11-03 03:58 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-11-03 03:58 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-11-03 03:56 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-03 03:56 . 2011-02-18 05:43 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-11-03 03:56 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-11-03 03:56 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-11-03 03:56 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
    2011-11-03 03:56 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-11-03 03:56 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-11-03 03:56 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
    2011-11-03 03:56 . 2011-03-12 11:23 870912 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-11-03 03:48 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-11-03 03:48 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-11-03 03:48 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
    2011-11-02 23:48 . 2010-02-02 03:19 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
    2011-11-02 23:19 . 2010-03-10 03:56 527360 ------w- c:\windows\system32\stapi32.dll
    2011-11-02 23:19 . 2010-01-27 06:28 140288 ----a-w- c:\windows\system32\aestacap.dll
    2011-11-02 23:19 . 2009-10-10 04:45 380928 ----a-w- c:\windows\system32\aestecap.dll
    2011-11-02 23:19 . 2009-03-03 05:57 61440 ----a-w- c:\windows\system32\aestaren.dll
    2011-11-02 23:19 . 2010-03-10 03:56 3354624 ----a-w- c:\windows\system32\stlang.dll
    2011-11-02 23:19 . 2010-03-10 03:56 12628060 ----a-w- c:\windows\system32\idtcpl.cpl
    2011-11-02 23:18 . 2010-03-10 03:56 945664 ----a-w- c:\windows\system32\stapo.dll
    2011-11-02 23:18 . 2010-03-10 03:56 423424 ----a-w- c:\windows\system32\drivers\stwrt.sys
    2011-11-02 23:18 . 2010-03-10 03:56 405504 ----a-w- c:\windows\system32\stcplx.dll
    2011-11-02 23:18 . 2010-03-10 03:56 175616 ----a-w- c:\windows\system32\st326274.dll
    2011-11-02 19:37 . 2011-11-02 19:37 -------- d-----w- c:\programdata\Attachmate
    2011-11-02 19:37 . 2011-11-02 19:38 -------- d-----w- C:\DesktopFolder
    2011-11-02 19:37 . 2011-11-02 19:37 -------- d-----w- c:\program files\Attachmate
    2011-11-02 19:35 . 2011-11-02 19:35 -------- d-----w- c:\windows\Downloaded Installations
    2011-11-02 19:27 . 2011-11-10 17:39 -------- d-----w- C:\drvrtmp
    2011-11-02 19:27 . 2011-11-11 18:54 -------- d-----w- C:\dell
    2011-11-02 18:55 . 2011-11-02 18:55 -------- d-----w- c:\program files\Microsoft Games
    2011-11-02 16:26 . 2011-11-02 16:26 -------- d-----w- c:\program files\Microsoft SDKs
    2011-11-02 16:26 . 2011-11-09 15:15 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
    2011-11-02 16:26 . 2011-11-02 16:26 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2011-11-02 16:26 . 2011-11-02 16:26 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2011-11-02 16:25 . 2011-11-09 15:06 -------- d-----w- c:\windows\system32\1033
    2011-11-02 16:22 . 2011-11-03 13:35 -------- d-----w- c:\program files\Microsoft SQL Server
    2011-11-02 14:31 . 1999-12-17 14:13 86016 ----a-w- c:\windows\unvise32.exe
    2011-11-02 14:12 . 2011-11-02 14:31 -------- d-----w- c:\program files\Quake III Arena
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-11 18:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 488816]
    "Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2008-12-17 5160288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-10 495708]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-05 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-05 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-05 172568]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5249024]
    "SMA8.4.0.43"="c:\svctools\8.4.0.43\bin\lnchr.exe" [2011-07-11 532480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "NCInstallQueue"="netman.dll" [2009-07-14 280576]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "HideFastUserSwitching"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1487472903-838666396-1598175747-12172\Scripts\Logon\0\0]
    "Script"=\\infores.com\netlogon\admin.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1487472903-838666396-1598175747-12172\Scripts\Logon\1\0]
    "Script"=\\infores.com\NETLOGON\logon.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1487472903-838666396-1598175747-12172\Scripts\Logon\2\0]
    "Script"=\\infores.com\NETLOGON\logon.bat
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
    2009-09-13 04:09 103768 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2011-11-07 18:04 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2011-11-09 130384]
    R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [x]
    R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
    R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
    R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
    R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
    R3 tcm;tcm;c:\windows\system32\DRIVERS\tcm.sys [2009-04-17 12952]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-02 1343400]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
    S1 FW1;SecuRemote Miniport;c:\windows\system32\DRIVERS\fw.sys [2007-05-24 2234800]
    S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-09 39736]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2011-11-09 81920]
    S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2007-05-24 36368]
    S2 SMA8.4.0.43;Software Management Agent 8.4.0.43;c:\svctools\8.4.0.43\bin\lnchr.exe [2011-07-11 532480]
    S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\DRIVERS\vnasc.sys [2007-05-24 110032]
    S2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [2007-05-24 673456]
    S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-06-26 33832]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2011-03-23 223960]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://o.aolcdn.com/aim/gromit/aim_express/gm/101215.6261.1.en-us/WidgetMain.html
    uInternet Settings,ProxyOverride = 170.118.*;10.235.*;*.infores.com;127.0.01;*knowledgroup.com;*iriknowledgegroup.com;*symphonytg.com;*symphonyrpm.com;*symphonysv.com;10.85.226.106;139.61.238.26;ard.acxiom.com;*.cpgnetwork.com;*.iriworldwide.com;datadefense2.ironmountain.com;download.microsoft.com;silverlight.dlservice.microsoft.com;*.shavlik.com;crl.verisign.net;<local>
    uInternet Settings,ProxyServer = Proxy.infores.com:8080
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: citi.com\creditcards
    Trusted Zone: infores.com\cpgndev2
    Trusted Zone: infores.com\cpgnprod
    Trusted Zone: infores.com\iriteams
    Trusted Zone: infores.com\pricesim
    Trusted Zone: infores.com\pricesimp
    Trusted Zone: verizon.net\mailbox
    Trusted Zone: verizon.net\webmail
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    TCP: DhcpNameServer = 10.0.0.1
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.blbdrive]
    "ImagePath"="\*"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-11-11 18:59:59
    ComboFix-quarantined-files.txt 2011-11-11 23:59
    ComboFix2.txt 2011-11-11 21:11
    .
    Pre-Run: 96,647,892,992 bytes free
    Post-Run: 96,574,177,280 bytes free
    .
    - - End Of File - - B53F52EA843A4179C87D6E803EB7D86B


    aswMBR Log:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-11 19:01:13
    -----------------------------
    19:01:13.332 OS Version: Windows 6.1.7601 Service Pack 1
    19:01:13.332 Number of processors: 2 586 0x170A
    19:01:13.332 ComputerName: CHIGYVG4L1L UserName: DSJWV
    19:01:13.846 Initialize success
    19:01:46.045 AVAST engine defs: 11111101
    19:02:04.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    19:02:04.562 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
    19:02:06.621 Disk 0 MBR read successfully
    19:02:06.621 Disk 0 MBR scan
    19:02:06.621 Disk 0 Windows VISTA default MBR code
    19:02:06.637 Disk 0 scanning sectors +312578048
    19:02:06.777 Disk 0 scanning C:\Windows\system32\drivers
    19:02:29.070 Service scanning
    19:02:29.881 Service .blbdrive \* **LOCKED** 123
    19:02:30.552 Modules scanning
    19:02:58.850 Disk 0 trace - called modules:
    19:02:58.881 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
    19:02:58.881 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e1f030]
    19:02:58.881 3 CLASSPNP.SYS[891bd59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85948908]
    19:03:00.145 AVAST engine scan C:\Windows
    19:03:12.531 AVAST engine scan C:\Windows\system32
    19:06:56.563 AVAST engine scan C:\Windows\system32\drivers
    19:07:10.432 AVAST engine scan C:\Users\DSJWV
    19:17:25.135 AVAST engine scan C:\ProgramData
    19:18:16.428 Scan finished successfully
    19:19:13.306 Disk 0 MBR has been saved successfully to "C:\Users\DSJWV\Desktop\MBR.dat"
    19:19:13.322 The log file has been saved successfully to "C:\Users\DSJWV\Desktop\aswMBR.txt"
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Very well :)

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. jimvski

    jimvski TS Rookie Topic Starter

    So far so good.....

    No issues yet....

    OTL.txt:

    OTL logfile created on: 11/11/2011 7:29:26 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\DSJWV\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.95 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 53.25% Memory free
    3.91 Gb Paging File | 2.92 Gb Available in Paging File | 74.83% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 90.04 Gb Free Space | 60.41% Space Free | Partition Type: NTFS
    Drive E: | 490.73 Mb Total Space | 425.53 Mb Free Space | 86.71% Space Free | Partition Type: FAT

    Computer Name: CHIGYVG4L1L | User Name: DSJWV | NOT logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/11 19:26:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DSJWV\Desktop\OTL.exe
    PRC - [2011/11/09 13:18:47 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe
    PRC - [2011/11/09 13:18:40 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe
    PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/07/11 18:49:04 | 000,532,480 | ---- | M] (Dell Inc.) -- c:\SvcTools\8.4.0.43\bin\lnchr.exe
    PRC - [2011/07/11 18:49:04 | 000,532,480 | ---- | M] (Dell Inc.) -- C:\SvcTools\8.4.0.43\bin\lnchr.exe
    PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/01/04 16:48:12 | 000,488,816 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2010/11/20 03:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/11/09 05:55:18 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2010/07/06 21:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2010/03/09 22:56:02 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2010/02/01 22:20:46 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    PRC - [2010/02/01 22:20:44 | 005,249,024 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
    PRC - [2010/02/01 22:19:10 | 004,539,392 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
    PRC - [2008/12/16 23:05:00 | 005,160,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
    PRC - [2007/05/24 10:13:54 | 002,691,158 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
    PRC - [2007/05/24 10:13:50 | 000,036,955 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
    PRC - [2007/05/24 10:13:48 | 000,106,586 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/11 13:21:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
    MOD - [2011/11/11 13:21:51 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll
    MOD - [2011/11/11 13:21:25 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
    MOD - [2011/11/11 13:20:57 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (myAgtSvc)
    SRV - [2011/11/09 13:18:47 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe -- (AESTFilters)
    SRV - [2011/11/09 13:18:40 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\stacsv.exe -- (STacSV)
    SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2011/07/11 18:49:04 | 000,532,480 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\SvcTools\8.4.0.43\bin\lnchr.exe -- (SMA8.4.0.43)
    SRV - [2010/11/20 03:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 03:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2010/11/20 03:18:04 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/11/02 10:34:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/02/01 22:20:46 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
    SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2007/05/24 10:13:50 | 000,036,955 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_Watchdog)
    SRV - [2007/05/24 10:13:48 | 000,106,586 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/03/23 16:02:00 | 000,223,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) Intel(R)
    DRV - [2011/01/05 19:42:14 | 000,284,792 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2010/11/20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/06/09 17:05:38 | 000,039,736 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nm3.sys -- (nm3)
    DRV - [2010/03/15 12:44:48 | 000,127,488 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV - [2010/03/09 22:56:02 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2010/02/01 22:18:24 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
    DRV - [2009/08/06 08:50:06 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\WinUSB.SYS -- (WinUsb)
    DRV - [2009/07/13 18:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
    DRV - [2009/07/04 18:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
    DRV - [2009/07/02 08:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
    DRV - [2009/06/30 19:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
    DRV - [2009/06/26 11:28:04 | 000,033,832 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
    DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\system32\DRIVERS\rimmptsk.sys -- (rimmptsk)
    DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
    DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
    DRV - [2009/04/17 03:50:16 | 000,012,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\tcm.sys -- (tcm)
    DRV - [2007/05/24 10:13:58 | 000,036,368 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\omdrv.sys -- (CP_OMDRV)
    DRV - [2007/05/24 10:13:54 | 002,234,800 | ---- | M] (Check Point Software Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\fw.sys -- (FW1)
    DRV - [2007/05/24 10:13:52 | 000,110,032 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vnasc.sys -- (VNASC)
    DRV - [2007/05/24 10:13:50 | 000,673,456 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vpn.sys -- (VPN-1)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;10.235.*.*;10.85.226.106;139.61.238.26;170.118.*.*;ard.acxiom.com;iri.cpgnetwork.co.uk;*.cpgnetwork.com;*.i.com;*.infores.com;*.iriknowledgegroup.com;*.iriworldwide.com;*.knowledgroup.com;*.symphonyrpm.com;shoppersights.symphonyiri.com;datadefense2.ironmountain.com;*efm.surveys.homescan.com;www.symphonyiri.com;70.34.34.140;*.pgimeet.com;*.mosaic-infoforce.com;<local>
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.infores.com:8080


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 170.118.*;10.235.*;*.infores.com;127.0.01;*knowledgroup.com;*iriknowledgegroup.com;*symphonytg.com;*symphonyrpm.com;*symphonysv.com;10.85.226.106;139.61.238.26;ard.acxiom.com;*.cpgnetwork.com;*.iriworldwide.com;datadefense2.ironmountain.com;download.microsoft.com;silverlight.dlservice.microsoft.com;*.shavlik.com;crl.verisign.net;<local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = Proxy.infores.com:8080

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 170.118.*;10.235.*;*.infores.com;127.0.01;*knowledgroup.com;*iriknowledgegroup.com;*symphonytg.com;*symphonyrpm.com;*symphonysv.com;10.85.226.106;139.61.238.26;ard.acxiom.com;*.cpgnetwork.com;*.iriworldwide.com;datadefense2.ironmountain.com;download.microsoft.com;silverlight.dlservice.microsoft.com;*.shavlik.com;crl.verisign.net;<local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = Proxy.infores.com:8080



    IE - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://o.aolcdn.com/aim/gromit/aim_express/gm/101215.6261.1.en-us/WidgetMain.html
    IE - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 DB 82 66 A3 7A CB 01 [binary data]
    IE - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 170.118.*;10.235.*;*.infores.com;127.0.01;*knowledgroup.com;*iriknowledgegroup.com;*symphonytg.com;*symphonyrpm.com;*symphonysv.com;10.85.226.106;139.61.238.26;ard.acxiom.com;*.cpgnetwork.com;*.iriworldwide.com;datadefense2.ironmountain.com;download.microsoft.com;silverlight.dlservice.microsoft.com;*.shavlik.com;crl.verisign.net;<local>
    IE - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = Proxy.infores.com:8080

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/11/10 12:25:22 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/11/11 16:05:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
    O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SMA8.4.0.43] c:\SvcTools\8.4.0.43\bin\lnchr.exe (Dell Inc.)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: citi.com ([creditcards] https in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([cpgndev2] http in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([cpgndev2] https in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([cpgnprod] http in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([iriteams] https in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([pricesim] http in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([pricesimp] http in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: verizon.net ([mailbox] http in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: verizon.net ([webmail] http in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: citi.com ([creditcards] https in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([cpgndev2] http in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([cpgndev2] https in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([cpgnprod] http in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([iriteams] https in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([pricesim] http in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([pricesimp] http in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: verizon.net ([mailbox] http in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: verizon.net ([webmail] http in Trusted sites)
    O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: citi.com ([creditcards] https in Trusted sites)
    O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([cpgndev2] http in Trusted sites)
    O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([cpgndev2] https in Trusted sites)
    O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([cpgnprod] http in Trusted sites)
    O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([iriteams] https in Trusted sites)
    O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([pricesim] http in Trusted sites)
    O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([pricesimp] http in Trusted sites)
    O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: verizon.net ([mailbox] http in Trusted sites)
    O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: verizon.net ([webmail] http in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = infores.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5212B01F-8573-4217-A41B-6115817FB081}: DhcpNameServer = 170.118.24.149 170.118.24.135 170.118.1.42
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF0CF356-AAD1-4B98-AA3E-CD0F046703B5}: DhcpNameServer = 10.0.0.1
    O18 - Protocol\Handler\dssrequest - No CLSID value found
    O18 - Protocol\Handler\myrm - No CLSID value found
    O18 - Protocol\Handler\sacore - No CLSID value found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/11 19:26:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\DSJWV\Desktop\OTL.exe
    [2011/11/11 19:00:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/11/11 18:58:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/11/11 15:52:43 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\temp
    [2011/11/11 15:31:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/11/11 15:31:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/11/11 15:31:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/11/11 15:31:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/11/11 15:31:04 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/11 15:28:43 | 004,290,913 | R--- | C] (Swearware) -- C:\Users\DSJWV\Desktop\ComboFix.exe
    [2011/11/11 15:11:10 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/11/11 15:07:52 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\DSJWV\Desktop\aswMBR.exe
    [2011/11/11 14:40:44 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\SUPERAntiSpyware.com
    [2011/11/11 14:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011/11/11 14:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/11/11 13:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point VPN-1 SecureClient
    [2011/11/11 13:13:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
    [2011/11/11 09:59:54 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Documents\Network Monitor 3
    [2011/11/11 09:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
    [2011/11/11 09:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Network Monitor 3
    [2011/11/11 00:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/11/11 00:20:04 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/11/10 12:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
    [2011/11/10 12:34:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DW WLAN
    [2011/11/10 11:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/11/10 11:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/11/10 03:10:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\BestPractices
    [2011/11/10 02:38:51 | 000,000,000 | ---D | C] -- C:\inetpub
    [2011/11/09 14:53:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\Malwarebytes
    [2011/11/09 14:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/11/09 14:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/11/09 13:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2011/11/09 13:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/11/09 13:19:15 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2011/11/09 10:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSDN
    [2011/11/09 10:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Emulator
    [2011/11/09 10:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Mobile 5.0 SDK R2
    [2011/11/09 10:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
    [2011/11/09 10:08:12 | 000,000,000 | ---D | C] -- C:\Windows\symbols
    [2011/11/09 10:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
    [2011/11/09 10:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
    [2011/11/09 10:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\CE Remote Tools
    [2011/11/09 10:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Web Designer Tools
    [2011/11/09 09:05:47 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Desktop\Josh GV Pix
    [2011/11/03 10:59:50 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
    [2011/11/03 00:11:05 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\Microsoft Games
    [2011/11/02 23:47:39 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
    [2011/11/02 23:44:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
    [2011/11/02 21:35:49 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\Apps
    [2011/11/02 18:49:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\vs08
    [2011/11/02 18:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
    [2011/11/02 18:22:39 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2011/11/02 18:19:37 | 000,527,360 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
    [2011/11/02 18:19:11 | 012,628,060 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtcpl.cpl
    [2011/11/02 18:19:11 | 003,354,624 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stlang.dll
    [2011/11/02 18:18:33 | 000,945,664 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
    [2011/11/02 18:18:33 | 000,423,424 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
    [2011/11/02 18:18:33 | 000,405,504 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
    [2011/11/02 18:18:33 | 000,175,616 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\st326274.dll
    [2011/11/02 14:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Attachmate Reflection
    [2011/11/02 14:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Attachmate
    [2011/11/02 14:37:49 | 000,000,000 | ---D | C] -- C:\DesktopFolder
    [2011/11/02 14:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Attachmate
    [2011/11/02 14:35:53 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
    [2011/11/02 14:27:53 | 000,000,000 | ---D | C] -- C:\drvrtmp
    [2011/11/02 14:27:43 | 000,000,000 | ---D | C] -- C:\dell
    [2011/11/02 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\ElevatedDiagnostics
    [2011/11/02 13:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
    [2011/11/02 12:58:55 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Documents\Backup
    [2011/11/02 11:32:05 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\Microsoft_Corporation
    [2011/11/02 11:30:58 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Documents\Integration Services Script Component
    [2011/11/02 11:30:23 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Documents\Integration Services Script Task
    [2011/11/02 11:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
    [2011/11/02 11:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
    [2011/11/02 11:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
    [2011/11/02 11:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2011/11/02 11:25:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033
    [2011/11/02 11:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
    [2011/11/02 10:37:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web
    [2011/11/02 10:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Database
    [2011/11/02 10:30:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia
    [2011/11/02 10:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Development
    [2011/11/02 10:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Messaging
    [2011/11/02 10:28:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
    [2011/11/02 09:55:35 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2011/11/02 09:31:16 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
    [2011/11/02 09:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Quake III Arena
    [2011/11/02 08:55:43 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\Macromedia
    [2011/11/01 22:58:49 | 000,074,848 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\MfeOtlkAddin.dll
    [2011/11/01 22:58:49 | 000,022,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\MFEOtlk.dll
    [2011/11/01 22:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
    [2011/11/01 22:56:27 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\McAfee
    [2011/11/01 22:27:32 | 000,000,000 | ---D | C] -- C:\Boot
    [2011/11/01 20:51:56 | 000,000,000 | ---D | C] -- C:\Windows\dell
    [2011/11/01 20:51:11 | 000,000,000 | ---D | C] -- C:\SymphonyRPM
    [2011/11/01 20:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\Information Resources
    [2011/11/01 20:51:08 | 000,000,000 | ---D | C] -- C:\AS_Install
    [2011/11/01 20:46:43 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\Apple Computer
    [2011/11/01 20:46:26 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Documents\Outlook
    [2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\AppData\Local\Temporary Internet Files
    [2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Templates
    [2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Start Menu
    [2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\SendTo
    [2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Recent
    [2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\PrintHood
    [2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\NetHood
    [2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Documents\My Videos
    [2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Documents\My Pictures
    [2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Documents\My Music
    [2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\My Documents
    [2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Local Settings
    [2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\AppData\Local\History
    [2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Cookies
    [2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\Application Data
    [2011/11/01 20:45:20 | 000,000,000 | -HSD | C] -- C:\Users\DSJWV\AppData\Local\Application Data
    [2011/11/01 20:45:13 | 000,000,000 | --SD | C] -- C:\Users\DSJWV\AppData\Roaming\Microsoft
    [2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Videos
    [2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Searches
    [2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Saved Games
    [2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Pictures
    [2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Music
    [2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Links
    [2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Favorites
    [2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Downloads
    [2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Documents
    [2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Desktop
    [2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Contacts
    [2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2011/11/01 20:45:13 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2011/11/01 20:45:13 | 000,000,000 | -H-D | C] -- C:\Users\DSJWV\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2011/11/01 20:45:13 | 000,000,000 | -H-D | C] -- C:\Users\DSJWV\AppData
    [2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\WindowsUpdate
    [2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Tracing
    [2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\Sun
    [2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Documents\My Meetings
    [2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\Microsoft Help
    [2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\Microsoft
    [2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\Media Center Programs
    [2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\InfraRecorder
    [2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\Identities
    [2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\ICAClient
    [2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\Citrix
    [2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\Apple Computer
    [2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\Adobe
    [2011/11/01 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Local\Adobe
    [2011/11/01 20:36:34 | 000,000,000 | ---D | C] -- C:\SvcTools
    [2011/11/01 20:35:41 | 000,055,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys
    [2011/11/01 20:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
    [2011/11/01 20:34:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
    [2011/11/01 20:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
    [2011/11/01 19:58:00 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2011/11/01 19:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
    [2011/11/01 19:48:03 | 000,048,128 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
    [2011/11/01 19:48:03 | 000,044,544 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
    [2011/11/01 19:48:03 | 000,038,400 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys
    [2011/11/01 19:48:02 | 000,196,608 | ---- | C] (RICOH) -- C:\Windows\System32\RiSDIcon.dll
    [2011/11/01 19:48:02 | 000,188,416 | ---- | C] (RICOH) -- C:\Windows\System32\RiMMCIcon.dll
    [2011/11/01 19:48:02 | 000,172,032 | ---- | C] (Ricoh Company,Ltd) -- C:\Windows\System32\rixdicon.dll
    [2011/11/01 19:48:02 | 000,049,152 | ---- | C] (REDC) -- C:\Windows\System32\drivers\risdpe86.sys
    [2011/11/01 19:48:02 | 000,047,104 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimspe86.sys
    [2011/11/01 19:48:02 | 000,038,400 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdpe86.sys
    [2011/11/01 19:48:02 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
    [2011/11/01 19:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2011/11/01 19:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
    [2011/11/01 19:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
    [2011/11/01 19:41:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\SRSLabs
    [2011/11/01 19:41:01 | 000,000,000 | ---D | C] -- C:\Intel
    [2011/11/01 19:39:34 | 000,000,000 | ---D | C] -- C:\Windows\CSC
    [2011/11/01 17:47:55 | 000,000,000 | ---D | C] -- C:\DellPCBackup
    [2011/11/01 15:52:53 | 000,000,000 | R--D | C] -- C:\Users\DSJWV\Documents\Favorites
    [2011/11/01 15:11:19 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Documents\Advanced Proxy Manager
    [2011/10/21 07:34:43 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\Documents\Music
    [8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/11 19:26:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DSJWV\Desktop\OTL.exe
    [2011/11/11 19:19:13 | 000,000,512 | ---- | M] () -- C:\Users\DSJWV\Desktop\MBR.dat
    [2011/11/11 18:24:08 | 000,139,264 | ---- | M] () -- C:\Users\DSJWV\Desktop\SystemLook.exe
    [2011/11/11 18:09:17 | 000,000,512 | ---- | M] () -- C:\Users\DSJWV\Desktop\MBR2.dat
    [2011/11/11 17:59:17 | 000,718,014 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/11/11 17:59:17 | 000,136,230 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/11/11 17:59:13 | 000,024,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/11 17:59:13 | 000,024,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/11 17:51:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/11 17:51:46 | 288,998,555 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/11/11 17:51:38 | 1572,798,464 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/11 16:05:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/11/11 15:31:22 | 004,290,913 | R--- | M] (Swearware) -- C:\Users\DSJWV\Desktop\ComboFix.exe
    [2011/11/11 15:28:08 | 000,000,512 | ---- | M] () -- C:\Users\DSJWV\Desktop\MBR1.dat
    [2011/11/11 15:07:56 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\DSJWV\Desktop\aswMBR.exe
    [2011/11/11 14:40:25 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/11/11 13:17:53 | 000,413,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/11/10 02:27:44 | 000,007,603 | ---- | M] () -- C:\Users\DSJWV\AppData\Local\resmon.resmoncfg
    [2011/11/09 16:20:45 | 000,000,000 | ---- | M] () -- C:\Windows\3942918086
    [2011/11/09 12:48:24 | 000,002,046 | -H-- | M] () -- C:\Users\DSJWV\Documents\Default.rdp
    [2011/11/09 08:49:48 | 000,002,040 | RHS- | M] () -- C:\Users\DSJWV\ntuser.pol
    [2011/11/08 12:19:29 | 229,843,968 | ---- | M] () -- C:\Users\DSJWV\Desktop\Outlook.pst
    [2011/11/08 12:19:29 | 111,756,288 | ---- | M] () -- C:\Users\DSJWV\Desktop\archive.pst
    [2011/11/03 11:01:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
    [2011/11/03 09:05:23 | 000,000,990 | ---- | M] () -- C:\Users\DSJWV\Desktop\TSHP1.lnk
    [2011/11/03 08:56:59 | 000,001,113 | ---- | M] () -- C:\Users\DSJWV\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2011/11/02 18:27:41 | 000,015,200 | ---- | M] () -- C:\Windows\System32\results.xml
    [2011/11/02 18:22:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
    [2011/11/02 09:25:57 | 000,009,449 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2011/11/02 09:16:27 | 000,000,871 | ---- | M] () -- C:\Windows\QIII.INI
    [2011/11/01 22:58:11 | 000,001,417 | ---- | M] () -- C:\Users\DSJWV\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/11/01 22:58:10 | 000,000,901 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
    [2011/11/01 20:51:31 | 000,025,608 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
    [2011/11/01 19:47:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
    [2011/11/01 19:42:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_cvusbdrv_01005.Wdf
    [8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
     
  15. jimvski

    jimvski TS Rookie Topic Starter

    Rest of Logs...

    ========== Files Created - No Company Name ==========

    [2011/11/11 19:19:13 | 000,000,512 | ---- | C] () -- C:\Users\DSJWV\Desktop\MBR.dat
    [2011/11/11 18:24:05 | 000,139,264 | ---- | C] () -- C:\Users\DSJWV\Desktop\SystemLook.exe
    [2011/11/11 18:09:17 | 000,000,512 | ---- | C] () -- C:\Users\DSJWV\Desktop\MBR2.dat
    [2011/11/11 15:31:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/11 15:31:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/11 15:31:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/11 15:31:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/11 15:31:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/11 15:28:08 | 000,000,512 | ---- | C] () -- C:\Users\DSJWV\Desktop\MBR1.dat
    [2011/11/11 15:11:05 | 288,998,555 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/11/11 14:40:25 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/11/10 12:39:45 | 000,001,904 | ---- | C] () -- C:\Windows\System32\SetupBD.din
    [2011/11/10 12:33:44 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
    [2011/11/09 23:37:07 | 000,002,516 | ---- | C] () -- C:\Windows\System32\drivers\default.bin.old
    [2011/11/09 23:37:07 | 000,002,516 | ---- | C] () -- C:\Windows\System32\default.bin.old
    [2011/11/09 16:20:45 | 000,000,000 | ---- | C] () -- C:\Windows\3942918086
    [2011/11/08 11:00:53 | 111,756,288 | ---- | C] () -- C:\Users\DSJWV\Desktop\archive.pst
    [2011/11/08 11:00:45 | 229,843,968 | ---- | C] () -- C:\Users\DSJWV\Desktop\Outlook.pst
    [2011/11/03 11:01:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
    [2011/11/02 23:47:37 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/11/02 23:47:29 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
    [2011/11/02 23:47:08 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
    [2011/11/02 23:47:08 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
    [2011/11/02 18:49:09 | 000,000,457 | ---- | C] () -- C:\Windows\System32\vcredist_x86.bat
    [2011/11/02 18:22:40 | 000,051,636 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
    [2011/11/02 18:22:38 | 000,189,494 | ---- | C] () -- C:\Windows\System32\Gfxres.th-TH.resources
    [2011/11/02 18:22:38 | 000,178,349 | ---- | C] () -- C:\Windows\System32\Gfxres.el-GR.resources
    [2011/11/02 18:22:38 | 000,165,337 | ---- | C] () -- C:\Windows\System32\Gfxres.ru-RU.resources
    [2011/11/02 18:22:38 | 000,139,851 | ---- | C] () -- C:\Windows\System32\Gfxres.ar-SA.resources
    [2011/11/02 18:22:38 | 000,136,343 | ---- | C] () -- C:\Windows\System32\Gfxres.ja-JP.resources
    [2011/11/02 18:22:38 | 000,133,688 | ---- | C] () -- C:\Windows\System32\Gfxres.he-IL.resources
    [2011/11/02 18:22:38 | 000,125,500 | ---- | C] () -- C:\Windows\System32\Gfxres.it-IT.resources
    [2011/11/02 18:22:38 | 000,123,172 | ---- | C] () -- C:\Windows\System32\Gfxres.ko-KR.resources
    [2011/11/02 18:22:38 | 000,122,869 | ---- | C] () -- C:\Windows\System32\Gfxres.es-ES.resources
    [2011/11/02 18:22:38 | 000,122,651 | ---- | C] () -- C:\Windows\System32\Gfxres.de-DE.resources
    [2011/11/02 18:22:38 | 000,121,115 | ---- | C] () -- C:\Windows\System32\Gfxres.tr-TR.resources
    [2011/11/02 18:22:38 | 000,120,742 | ---- | C] () -- C:\Windows\System32\Gfxres.fr-FR.resources
    [2011/11/02 18:22:38 | 000,120,308 | ---- | C] () -- C:\Windows\System32\Gfxres.pt-BR.resources
    [2011/11/02 18:22:38 | 000,119,558 | ---- | C] () -- C:\Windows\System32\Gfxres.hu-HU.resources
    [2011/11/02 18:22:38 | 000,119,528 | ---- | C] () -- C:\Windows\System32\Gfxres.nl-NL.resources
    [2011/11/02 18:22:38 | 000,119,302 | ---- | C] () -- C:\Windows\System32\Gfxres.sv-SE.resources
    [2011/11/02 18:22:38 | 000,119,009 | ---- | C] () -- C:\Windows\System32\Gfxres.pt-PT.resources
    [2011/11/02 18:22:38 | 000,118,687 | ---- | C] () -- C:\Windows\System32\Gfxres.cs-CZ.resources
    [2011/11/02 18:22:38 | 000,118,639 | ---- | C] () -- C:\Windows\System32\Gfxres.fi-FI.resources
    [2011/11/02 18:22:38 | 000,118,351 | ---- | C] () -- C:\Windows\System32\Gfxres.pl-PL.resources
    [2011/11/02 18:22:38 | 000,118,000 | ---- | C] () -- C:\Windows\System32\Gfxres.sk-SK.resources
    [2011/11/02 18:22:38 | 000,114,794 | ---- | C] () -- C:\Windows\System32\Gfxres.nb-NO.resources
    [2011/11/02 18:22:38 | 000,114,314 | ---- | C] () -- C:\Windows\System32\Gfxres.sl-SI.resources
    [2011/11/02 18:22:38 | 000,114,203 | ---- | C] () -- C:\Windows\System32\Gfxres.da-DK.resources
    [2011/11/02 18:22:38 | 000,103,986 | ---- | C] () -- C:\Windows\System32\Gfxres.zh-TW.resources
    [2011/11/02 18:22:38 | 000,102,825 | ---- | C] () -- C:\Windows\System32\Gfxres.zh-CN.resources
    [2011/11/02 18:22:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
    [2011/11/02 14:25:32 | 000,007,603 | ---- | C] () -- C:\Users\DSJWV\AppData\Local\resmon.resmoncfg
    [2011/11/02 09:12:14 | 000,000,871 | ---- | C] () -- C:\Windows\QIII.INI
    [2011/11/02 08:40:06 | 000,002,040 | RHS- | C] () -- C:\Users\DSJWV\ntuser.pol
    [2011/11/01 22:41:14 | 000,009,449 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/11/01 22:33:04 | 001,921,265 | ---- | C] () -- C:\Windows\System32\iglhxa32.cpa
    [2011/11/01 22:33:04 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2011/11/01 22:33:04 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2011/11/01 22:33:04 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
    [2011/11/01 22:33:04 | 000,060,254 | ---- | C] () -- C:\Windows\System32\iglhxg32.vp
    [2011/11/01 22:33:04 | 000,060,226 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
    [2011/11/01 22:33:04 | 000,060,015 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
    [2011/11/01 22:33:04 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
    [2011/11/01 22:33:04 | 000,001,090 | ---- | C] () -- C:\Windows\System32\iglhxa32.vp
    [2011/11/01 22:33:03 | 000,110,156 | ---- | C] () -- C:\Windows\System32\Gfxres.en-US.resources
    [2011/11/01 22:33:03 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2011/11/01 22:32:57 | 000,012,952 | ---- | C] () -- C:\Windows\System32\drivers\tcm.sys
    [2011/11/01 22:32:57 | 000,003,313 | ---- | C] () -- C:\Windows\System32\e1y6232.din
    [2011/11/01 22:27:32 | 000,383,786 | RHS- | C] () -- C:\bootmgr
    [2011/11/01 20:51:31 | 000,025,608 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
    [2011/11/01 20:45:14 | 000,000,290 | ---- | C] () -- C:\Users\DSJWV\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2011/11/01 20:45:14 | 000,000,272 | ---- | C] () -- C:\Users\DSJWV\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2011/11/01 20:01:24 | 000,002,516 | ---- | C] () -- C:\Windows\System32\drivers\default.bin
    [2011/11/01 20:01:24 | 000,002,516 | ---- | C] () -- C:\Windows\System32\default.bin
    [2011/11/01 20:00:05 | 000,015,200 | ---- | C] () -- C:\Windows\System32\results.xml
    [2011/11/01 19:47:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
    [2011/11/01 19:42:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_cvusbdrv_01005.Wdf
    [2011/11/01 19:38:00 | 1572,798,464 | -HS- | C] () -- C:\hiberfil.sys
    [2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 23:33:53 | 000,413,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/13 21:05:48 | 000,718,014 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/13 21:05:48 | 000,136,230 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/07/13 17:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2007/05/24 10:14:02 | 000,004,133 | ---- | C] () -- C:\Windows\entrust.ini
    [2007/05/24 10:13:48 | 000,106,584 | ---- | C] () -- C:\Windows\System32\fwnetcfg.dll
    [2002/10/03 13:42:27 | 000,000,034 | ---- | C] () -- C:\Windows\Q3version.ini
    [2001/09/19 15:16:22 | 000,051,712 | ---- | C] () -- C:\Windows\System32\JinPanel.dll

    ========== LOP Check ==========

    [2010/11/02 14:28:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICAClient
    [2010/11/02 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InfraRecorder
    [2010/11/02 14:28:43 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ICAClient
    [2010/11/02 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\InfraRecorder
    [2010/11/02 14:28:43 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ICAClient
    [2010/11/02 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\InfraRecorder
    [2010/11/02 14:28:43 | 000,000,000 | ---D | M] -- C:\Users\DefaultAppPool\AppData\Roaming\ICAClient
    [2010/11/02 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\DefaultAppPool\AppData\Roaming\InfraRecorder
    [2010/11/02 14:28:43 | 000,000,000 | ---D | M] -- C:\Users\DSJWV\AppData\Roaming\ICAClient
    [2010/11/02 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\DSJWV\AppData\Roaming\InfraRecorder
    [2011/11/11 15:44:37 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2010/02/08 17:58:41 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2010/11/20 03:40:08 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2011/11/11 18:59:59 | 000,021,528 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/11/11 17:51:38 | 1572,798,464 | -HS- | M] () -- C:\hiberfil.sys
    [2009/11/10 11:41:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/11/10 11:41:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/02/18 18:05:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/11/11 17:51:46 | 2097,065,984 | -HS- | M] () -- C:\pagefile.sys
    [2011/11/01 19:48:25 | 000,000,187 | ---- | M] () -- C:\setup.log

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/09/20 15:43:48 | 000,081,224 | ---- | M] (Microsoft Corporation.) -- C:\Windows\system32\spool\prtprocs\w32x86\lmdippr8.dll
    [2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
    [2010/11/20 03:21:38 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/11/01 22:58:11 | 000,000,221 | -HS- | M] () -- C:\Users\DSJWV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/11/11 15:07:56 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\DSJWV\Desktop\aswMBR.exe
    [2011/11/11 08:34:00 | 072,025,120 | ---- | M] (Dell Inc.) -- C:\Users\DSJWV\Desktop\CMSetup.exe
    [2011/11/11 15:31:22 | 004,290,913 | R--- | M] (Swearware) -- C:\Users\DSJWV\Desktop\ComboFix.exe
    [2011/11/11 19:26:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DSJWV\Desktop\OTL.exe
    [2004/01/30 13:24:42 | 000,471,040 | ---- | M] (IRI) -- C:\Users\DSJWV\Desktop\StandardQuery.exe
    [2011/11/11 18:24:08 | 000,139,264 | ---- | M] () -- C:\Users\DSJWV\Desktop\SystemLook.exe
    [2011/11/09 11:33:07 | 000,548,376 | ---- | M] (Microsoft Corporation) -- C:\Users\DSJWV\Desktop\VS90sp1-KB945140-ENU.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/11/11 13:19:40 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/11/11 13:19:40 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/11/11 11:49:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/11/11 11:49:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/11/11 13:19:40 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/11/03 01:06:26 | 000,000,402 | -HS- | M] () -- C:\Users\DSJWV\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/11/02 09:25:57 | 000,009,449 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >

    Extras.Txt:

    OTL Extras logfile created on: 11/11/2011 7:29:26 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\DSJWV\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.95 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 53.25% Memory free
    3.91 Gb Paging File | 2.92 Gb Available in Paging File | 74.83% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 90.04 Gb Free Space | 60.41% Space Free | Partition Type: NTFS
    Drive E: | 490.73 Mb Total Space | 425.53 Mb Free Space | 86.71% Space Free | Partition Type: FAT

    Computer Name: CHIGYVG4L1L | User Name: DSJWV | NOT logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 SP1 Management Studio
    "{057f6911-35fd-4c8d-883f-11b8814480c9}" = Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
    "{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    "{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
    "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
    "{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
    "{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
    "{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
    "{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 SP1 Management Studio
    "{185292F7-7C0A-4F72-B2CC-CBEBD40B050E}" = Microsoft SQL Server 2008 R2 Native Client
    "{20612488-5719-4593-B6EB-EFB51756532B}" = Attachmate Reflection Multi-Host, Standard 14.0.5826
    "{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
    "{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
    "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
    "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.01
    "{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{37FC45D0-8F43-44D5-A298-F4BDE8EBA3F2}" = WinZip
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4850B023-A9C0-4D15-8DE6-326028CAB499}" = Visual C++ 8.0 x86 Runtime Setup Package
    "{48B08845-0CB0-45EC-893C-15319ADDA312}" = Microsoft SQL Server 2008 R2 Setup (English)
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{539DC5DE-9F3F-4AE4-8085-5E902D5DC75B}" = InfraRecorder 0.5
    "{5A1A9AB2-2F68-462D-A67D-7C855DFF5EEB}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package
    "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
    "{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A2F2C44A-869E-4C32-9CEC-E22B1CC91F06}" = Microsoft Network Monitor 3.4
    "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
    "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
    "{B104C813-FB09-4B7B-B675-5EF0C176AF66}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
    "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    "{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
    "{BE66348A-E83F-4982-941F-DFF2F742B851}" = Microsoft Office Live Meeting 2007
    "{C7A6B436-2B89-497E-8DA0-E92B53ED52EE}" = JInitiator
    "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
    "{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 SP1 Common Files
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
    "{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
    "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3CF1394-F93A-449E-BE06-489E9278F5A6}" = VirusScan Enterprise Client
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F4616B4B-700B-46D9-9F3B-46B986B49B36}" = X7Magic Setup
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 SP1 Common Files
    "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
    "757814832EF420BB8813DC68391D9A6DFF9E5FE9" = Windows Driver Package - Broadcom (BCM43XX) Net (01/21/2010 5.60.48.35)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Photoshop 6.0" = Adobe Photoshop 6.0
    "Adobe SVG Viewer" = Adobe SVG Viewer
    "CCleaner" = CCleaner
    "DW WLAN Card Utility" = DW WLAN Card Utility
    "Macromedia Authorware Web Player" = Macromedia Authorware Web Player
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
    "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "PROSet" = Intel(R) Network Connections Drivers
    "Quake III Arena" = Quake III Arena
    "Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
    "WinZip" = WinZip

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/11/2011 8:27:02 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
    Description = Communicator was unable to resolve the DNS hostname of the login server
    sip.Symphonyiri.com. Resolution: If you are using manual configuration for Communicator,
    please check that the server name is typed correctly and in full. If you are using
    automatic configuration, the network administrator will need to double-check the
    DNS A record configuration for sip.Symphonyiri.com because it could not be resolved.

    Error - 11/11/2011 8:27:02 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
    Description = Communicator was unable to resolve the DNS hostname of the login server
    sip.Symphonyiri.com. Resolution: If you are using manual configuration for Communicator,
    please check that the server name is typed correctly and in full. If you are using
    automatic configuration, the network administrator will need to double-check the
    DNS A record configuration for sip.Symphonyiri.com because it could not be resolved.

    Error - 11/11/2011 8:27:02 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
    Description = Communicator was unable to resolve the DNS hostname of the login server
    sipexternal.Symphonyiri.com. Resolution: If you are using manual configuration for
    Communicator, please check that the server name is typed correctly and in full.
    If you are using automatic configuration, the network administrator will need
    to double-check the DNS A record configuration for sipexternal.Symphonyiri.com because
    it could not be resolved.

    Error - 11/11/2011 8:27:02 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
    Description = Communicator was unable to resolve the DNS hostname of the login server
    sipexternal.Symphonyiri.com. Resolution: If you are using manual configuration for
    Communicator, please check that the server name is typed correctly and in full.
    If you are using automatic configuration, the network administrator will need
    to double-check the DNS A record configuration for sipexternal.Symphonyiri.com because
    it could not be resolved.

    Error - 11/11/2011 8:32:19 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
    Description = Communicator was unable to resolve the DNS hostname of the login server
    sipinternal.Symphonyiri.com. Resolution: If you are using manual configuration for
    Communicator, please check that the server name is typed correctly and in full.
    If you are using automatic configuration, the network administrator will need
    to double-check the DNS A record configuration for sipinternal.Symphonyiri.com because
    it could not be resolved.

    Error - 11/11/2011 8:32:19 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
    Description = Communicator was unable to resolve the DNS hostname of the login server
    sipinternal.Symphonyiri.com. Resolution: If you are using manual configuration for
    Communicator, please check that the server name is typed correctly and in full.
    If you are using automatic configuration, the network administrator will need
    to double-check the DNS A record configuration for sipinternal.Symphonyiri.com because
    it could not be resolved.

    Error - 11/11/2011 8:32:19 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
    Description = Communicator was unable to resolve the DNS hostname of the login server
    sip.Symphonyiri.com. Resolution: If you are using manual configuration for Communicator,
    please check that the server name is typed correctly and in full. If you are using
    automatic configuration, the network administrator will need to double-check the
    DNS A record configuration for sip.Symphonyiri.com because it could not be resolved.

    Error - 11/11/2011 8:32:19 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
    Description = Communicator was unable to resolve the DNS hostname of the login server
    sip.Symphonyiri.com. Resolution: If you are using manual configuration for Communicator,
    please check that the server name is typed correctly and in full. If you are using
    automatic configuration, the network administrator will need to double-check the
    DNS A record configuration for sip.Symphonyiri.com because it could not be resolved.

    Error - 11/11/2011 8:32:19 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
    Description = Communicator was unable to resolve the DNS hostname of the login server
    sipexternal.Symphonyiri.com. Resolution: If you are using manual configuration for
    Communicator, please check that the server name is typed correctly and in full.
    If you are using automatic configuration, the network administrator will need
    to double-check the DNS A record configuration for sipexternal.Symphonyiri.com because
    it could not be resolved.

    Error - 11/11/2011 8:32:19 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = Communicator | ID = 15728643
    Description = Communicator was unable to resolve the DNS hostname of the login server
    sipexternal.Symphonyiri.com. Resolution: If you are using manual configuration for
    Communicator, please check that the server name is typed correctly and in full.
    If you are using automatic configuration, the network administrator will need
    to double-check the DNS A record configuration for sipexternal.Symphonyiri.com because
    it could not be resolved.

    [ System Events ]
    Error - 11/11/2011 8:31:03 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
    Description = FW1: FW-1: fwconn_get_bits: failed to get bit value o-->

    Error - 11/11/2011 8:31:03 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
    Description = FW1: -->f bit category 6

    Error - 11/11/2011 8:31:03 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
    Description = FW1: FW-1: fwconn_chain_get_something: fwconn_chain_l-->

    Error - 11/11/2011 8:31:03 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
    Description = FW1: -->ookup failed (19)

    Error - 11/11/2011 8:31:03 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
    Description = FW1: FW-1: fwconn_get_bits: failed to get bit value o-->

    Error - 11/11/2011 8:31:03 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
    Description = FW1: -->f bit category 6

    Error - 11/11/2011 8:31:06 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
    Description = FW1: FW-1: fwconn_chain_get_something: fwconn_chain_l-->

    Error - 11/11/2011 8:31:06 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
    Description = FW1: -->ookup failed (19)

    Error - 11/11/2011 8:31:06 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
    Description = FW1: FW-1: fwconn_get_bits: failed to get bit value o-->

    Error - 11/11/2011 8:31:06 PM | Computer Name = CHIGYVG4L1L.infores.com | Source = FW1 | ID = 1
    Description = FW1: -->f bit category 6


    < End of report >
     
  16. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I don't see any AV program running.

    Please install one of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html (make sure to opt out from installing Ask Toolbar - it comes pre-checked)
    Update, run full scan, report on any findings.

    ====================================================================

    Are you familiar with infores.com?

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (myAgtSvc)
      DRV - [2009/08/06 08:50:06 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/11/10 12:25:22 | 000,000,000 | ---D | M]
      O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
      O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: citi.com ([creditcards] https in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([cpgndev2] http in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([cpgndev2] https in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([cpgnprod] http in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([iriteams] https in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([pricesim] http in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: infores.com ([pricesimp] http in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: verizon.net ([mailbox] http in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: verizon.net ([webmail] http in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: citi.com ([creditcards] https in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([cpgndev2] http in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([cpgndev2] https in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([cpgnprod] http in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([iriteams] https in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([pricesim] http in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: infores.com ([pricesimp] http in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: verizon.net ([mailbox] http in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: verizon.net ([webmail] http in Trusted sites)
      O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: citi.com ([creditcards] https in Trusted sites)
      O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([cpgndev2] http in Trusted sites)
      O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([cpgndev2] https in Trusted sites)
      O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([cpgnprod] http in Trusted sites)
      O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([iriteams] https in Trusted sites)
      O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([pricesim] http in Trusted sites)
      O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: infores.com ([pricesimp] http in Trusted sites)
      O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: verizon.net ([mailbox] http in Trusted sites)
      O15 - HKU\S-1-5-21-1487472903-838666396-1598175747-12172\..Trusted Domains: verizon.net ([webmail] http in Trusted sites)
      [2011/11/01 22:58:49 | 000,074,848 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\MfeOtlkAddin.dll
      [2011/11/01 22:58:49 | 000,022,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\MFEOtlk.dll
      [2011/11/01 22:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
      [2011/11/01 22:56:27 | 000,000,000 | ---D | C] -- C:\Users\DSJWV\AppData\Roaming\McAfee
      [2011/11/01 20:35:41 | 000,055,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys
      [2011/11/01 20:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
      [8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
      [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  17. jimvski

    jimvski TS Rookie Topic Starter

    Avast results...

    OK, Avast found some threats.

    C:\Qoobox\Quarantine\C\Windows\$NtuninstallKB15667$\1813779170.vir (Incorrect function)
    C:\Qoobox\Quarantine\C\Windows\system32\Drivers\blbdrive.sys.vir - Win32:Alureon - AJI [Rtk]
    C:\Users\DSJWV\Documents\Music\Ciccone Youth\The Whitey Album\02-(Silence).mp3 - WMA:Wimad [Drp]

    Should I do anything (Move to Chest,delete, etc) or just do the rest of the steps you sent?

    Thanks,
    Jim
     
  18. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    First two are already quarantined by Combofix and the third one......P2P user?
    Delete all three.

    Go on....
     
  19. jimvski

    jimvski TS Rookie Topic Starter

    Think it's looking pretty good.

    Alright. First to answer your questions. infores.com is my employer's corporate domain so that should be OK. As far as P2P, I rarely use it and when I do I scan all files that come down. I suspect that file was in a group of MP3's that a friend gave me when we did a swap of some music.

    Avast still found one file saying it couldn't be scanned.

    C:\Qoobox\Quarantine\C\Windows\$NtuninstallKB15667$\1813779170.vir (Incorrect function)

    I suspect because it's a locked file - is it OK to delete ALL .vir files (I see several) in that Qoobox dir? I think I can use Malwarebytes to delete them with the locked file utility.

    I got BSOD a couple times on reboots but seems OK now. Java update scheduler keeps shutting down too but I'll reinstall if all viruses are gone.

    ESET found nothing so no logs but my other logs are posted below:

    OTL:
    All processes killed
    ========== OTL ==========
    Service myAgtSvc stopped successfully!
    Service myAgtSvc deleted successfully!
    Service mfetdik stopped successfully!
    Service mfetdik deleted successfully!
    C:\Windows\System32\drivers\mfetdik.sys moved successfully.
    File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\citi.com\creditcards\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgndev2\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgndev2\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgnprod\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\iriteams\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\pricesim\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\pricesimp\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\verizon.net\mailbox\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\verizon.net\webmail\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\citi.com\creditcards\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgndev2\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgndev2\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgnprod\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\iriteams\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\pricesim\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\pricesimp\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\verizon.net\mailbox\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\verizon.net\webmail\ not found.
    Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\citi.com\creditcards\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgndev2\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgndev2\ not found.
    Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\cpgnprod\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\iriteams\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\pricesim\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\infores.com\pricesimp\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\verizon.net\mailbox\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1487472903-838666396-1598175747-12172\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\verizon.net\webmail\ deleted successfully.
    C:\Windows\System32\MfeOtlkAddin.dll moved successfully.
    C:\Windows\System32\MFEOtlk.dll moved successfully.
    C:\Program Files\Common Files\McAfee\SystemCore folder moved successfully.
    C:\Program Files\Common Files\McAfee folder moved successfully.
    C:\Users\DSJWV\AppData\Roaming\McAfee\Common Framework\DB\Support DLL\DebugTraceFiles folder moved successfully.
    C:\Users\DSJWV\AppData\Roaming\McAfee\Common Framework\DB\Support DLL folder moved successfully.
    C:\Users\DSJWV\AppData\Roaming\McAfee\Common Framework\DB folder moved successfully.
    C:\Users\DSJWV\AppData\Roaming\McAfee\Common Framework folder moved successfully.
    C:\Users\DSJWV\AppData\Roaming\McAfee folder moved successfully.
    File C:\Windows\System32\drivers\mfetdik.sys not found.
    C:\Windows\System32\bcm72CC.tmp deleted successfully.
    C:\Windows\System32\bcm736A.tmp deleted successfully.
    C:\Windows\System32\bcm7850.tmp deleted successfully.
    C:\Windows\System32\bcm791D.tmp deleted successfully.
    C:\Windows\System32\bcm79BB.tmp deleted successfully.
    C:\Windows\System32\bcm7BA0.tmp deleted successfully.
    C:\Windows\System32\bcm7F9C.tmp deleted successfully.
    C:\Windows\System32\bcmCB2E.tmp deleted successfully.
    C:\Windows\bcm6289.tmp deleted successfully.
    C:\Windows\CIO857E.tmp deleted successfully.
    C:\Windows\System32\drivers\bcm7DB5.tmp deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33237 bytes
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes

    User: DSJWV
    ->Temp folder emptied: 50089614 bytes
    ->Temporary Internet Files folder emptied: 3823132 bytes
    ->Java cache emptied: 2027 bytes
    ->Flash cache emptied: 1313 bytes

    User: McAfeeMVSUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: User
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1514352 bytes
    RecycleBin emptied: 910112 bytes

    Total Files Cleaned = 54.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: DefaultAppPool

    User: DSJWV
    ->Flash cache emptied: 0 bytes

    User: McAfeeMVSUser

    User: Public

    User: User

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 11122011_005102

    Files\Folders moved on Reboot...
    C:\Users\DSJWV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYBZBAQ5\net[1].htm moved successfully.
    C:\Users\DSJWV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYBZBAQ5\partner[1].htm moved successfully.
    C:\Users\DSJWV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARC8K1AV\partner[1].htm moved successfully.
    C:\Users\DSJWV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARC8K1AV\topic173282[1].html moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...


    Security Check log:

    Results of screen317's Security Check version 0.99.24
    Windows 7 Service Pack 1 x86 (UAC is disabled!)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    avast! Free Antivirus
    VirusScan Enterprise Client
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 29
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````
     
  20. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    The above has been quarantined by Combofix and it'll be removed in our last steps.

    Disable jusched.exe as a startup: http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/

    ==================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  21. jimvski

    jimvski TS Rookie Topic Starter

    Thank you.

    Broni,
    Thanks again for all of your help. My last log is posted below. I was only online for a couple hours after I got the virus but I'll probably change my passwords anyway just to be safe. I'm pretty careful so I very rarely get viruses and can usually get rid of them but I don't think I could have done this one without your help. I'll send a donation shortly.
    One last question.. My company pushes out McAfee (which I think is useless) but which do you think is better Malwarebytes or Avast? I trusted Malwarebytes but I was surprised when it said I was clean at one point when I wasn't. Maybe use both to be safe?

    LOG:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: DSJWV
    ->Temp folder emptied: 27712 bytes
    ->Temporary Internet Files folder emptied: 3792050 bytes
    ->Java cache emptied: 2027 bytes
    ->Flash cache emptied: 679 bytes

    User: McAfeeMVSUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: User
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3028704 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 7.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: DefaultAppPool

    User: DSJWV
    ->Flash cache emptied: 0 bytes

    User: McAfeeMVSUser

    User: Public

    User: User

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.31.0 log created on 11122011_164201

    Files\Folders moved on Reboot...
    C:\Users\DSJWV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0LBALPF\partner[1].htm moved successfully.
    C:\Users\DSJWV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0LBALPF\partner[2].htm moved successfully.
    C:\Users\DSJWV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0LBALPF\topic173282[1].html moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  22. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    McAfee and Avast are antivirus programs (I prefer Avast - using it myself).
    MBAM is NOT an AV program. It's an antispyware program and it can be run along any AV program without any conflict.

    Good luck and stay safe!
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...