Hijack.ControlPanelStyle Infection

[wmontes]

I've tried removing the virus with malwarebytes and any registry keys with rouge killer. However, after I remove infections and reboot; malwarebytes still finds the same three infections.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Enterprise

Boot Device: \Device\HarddiskVolume1

Install Date: 8/24/2012 9:46:18 AM

System Uptime: 5/24/2013 10:24:49 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0P6K8J

Processor: Intel® Core i7-2640M CPU @ 2.80GHz | CPU 1 | 2801/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 119 GiB total, 79.596 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {09e9a11d-ccb2-45ae-9be8-65c263e60490}

Description: Dell ControlVault w/o Fingerprint Sensor

Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000

Manufacturer: Dell

Name: Dell ControlVault w/o Fingerprint Sensor

PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000

Service: cvusbdrv

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

RP59: 5/2/2013 1:06:30 PM - Scheduled Checkpoint

RP60: 5/10/2013 12:36:20 PM - Scheduled Checkpoint

RP61: 5/17/2013 12:48:14 PM - Scheduled Checkpoint

RP62: 5/23/2013 4:42:01 PM - Installed HiJackThis

RP63: 5/23/2013 4:58:50 PM - Installed BitDefender Free Edition v10

.

==== Installed Programs ======================

.

a-squared Free 4.5

Adobe Flash Player 11 ActiveX

Adobe Reader 9.2

Apple Software Update

BitDefender Free Edition v10

Bluebeam Revu 10

BPC

Cisco WebEx Meeting Center for Internet Explorer

Citrix Presentation Server Client - Web Only

Configuration Manager Client

Dell Touchpad

DHTML Editing Component

ECL Viewer

Eusing Free Registry Cleaner

GoToMeeting 5.5.1132 IT Installer

HiJackThis

History Viewer v5.1

Java 6 Update 14

LEGATO EmailXtender Shortcut Addin 4.81

LiveUpdate 3.3 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.75.0.1300

Meridian Systems Prolog WebSite 2007 R2 Client

Meridian Systems Prolog Website 2007 R2 File Management Control

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office 2010 Primary Interop Assemblies

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Live Meeting 2007

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft redistributable runtime DLLs VS2008 SP1(x86)

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

MSXML 4.0 SP2 (KB973688)

MSXML4.0 redistributable

Online Plug-in

Oracle JInitiator 1.3.1.26

Planning and Consolidation Client version for SAP Netweaver

Prolog Submittal Registers

QuickTime

RWD Info Pak - Help Launchpad ActiveX

RxFilters3D

SAP

SAP Business Explorer

SAP GUI for Windows 7.20

SAP JNet

SAPLogon.ini 3_14_12

SAPSetup Automatic Workstation Update Service

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

SpywareBlaster 5.0

SUPERAntiSpyware

Swiss Fonts

Symantec Endpoint Protection

TeamViewer 6 Host

Turner Application Updates Dec 2010

Turner DeepLinks

Turner Screen Saver 2009

Turner VPN Client June 2010

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

vcredist_x86

WinZip 12.1

.

==== Event Viewer Messages From Past Week ========

.

5/24/2013 9:18:05 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer SCALAP0142 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C26FC5FB-9720-44CF-A4AC-F632778. The master browser is stopping or an election is being forced.

5/24/2013 9:02:56 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

5/24/2013 9:02:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

5/24/2013 9:02:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

5/24/2013 9:02:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

5/24/2013 9:02:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

5/24/2013 9:02:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/24/2013 9:02:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

5/24/2013 9:02:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SPBBCDrv spldr SRTSP SRTSPX tdx vwififlt Wanarpv6 WfpLwf

5/24/2013 9:02:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

5/24/2013 9:02:04 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/24/2013 9:02:04 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/24/2013 9:02:04 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

5/24/2013 9:02:04 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/24/2013 9:02:04 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/24/2013 9:02:04 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

5/24/2013 9:02:04 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/24/2013 9:02:04 AM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.

5/24/2013 9:02:04 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/24/2013 9:02:04 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/24/2013 9:02:04 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/24/2013 9:01:59 AM, Error: Microsoft-Windows-BitLocker-Driver [24636] - Bootmgr failed to obtain the BitLocker volume master key from the TPM.

5/24/2013 7:54:39 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer SCALAP0138 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C26FC5FB-9720-44CF-A4AC-F632778. The master browser is stopping or an election is being forced.

5/24/2013 10:39:10 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

5/24/2013 10:27:16 AM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .

5/24/2013 10:26:10 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

5/24/2013 10:25:16 AM, Error: Service Control Manager [7000] - The BDRsDrv service failed to start due to the following error: The system cannot find the file specified.

5/24/2013 10:25:16 AM, Error: Service Control Manager [7000] - The BDFsDrv service failed to start due to the following error: The system cannot find the file specified.

5/24/2013 10:25:15 AM, Error: Service Control Manager [7000] - The bdfdll service failed to start due to the following error: This driver has been blocked from loading

5/24/2013 10:25:15 AM, Error: Application Popup [875] - Driver bdfdll.sys has been blocked from loading.

5/24/2013 10:25:03 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain TCCO due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

5/24/2013 10:24:03 AM, Error: Service Control Manager [7034] - The BitDefender Scan Server service terminated unexpectedly. It has done this 2 time(s).

5/24/2013 10:24:03 AM, Error: Service Control Manager [7001] - The BitDefender Virus Shield service depends on the BitDefender Scan Server service which failed to start because of the following error: The operation completed successfully.

5/24/2013 10:24:01 AM, Error: Service Control Manager [7034] - The BitDefender Scan Server service terminated unexpectedly. It has done this 1 time(s).

5/23/2013 8:06:18 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {1CCB96F4-B8AD-4B43-9688-B273F58E0910} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

5/23/2013 5:05:58 PM, Error: Service Control Manager [7030] - The XCWDZBEQY service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

5/23/2013 5:05:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HFIPSAW service to connect.

5/23/2013 5:05:25 PM, Error: Service Control Manager [7000] - The HFIPSAW service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/23/2013 5:04:55 PM, Error: Service Control Manager [7030] - The HFIPSAW service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

5/23/2013 4:59:14 PM, Error: Service Control Manager [7030] - The BitDefender Desktop Update Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

5/23/2013 4:29:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

5/23/2013 4:18:35 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

5/23/2013 4:18:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl MpFilter SPBBCDrv spldr SRTSP SRTSPX Wanarpv6

5/23/2013 3:59:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

5/23/2013 3:58:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x86&eng=0.0.0.0&sig=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

5/23/2013 3:58:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x86&eng=0.0.0.0&sig=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

5/23/2013 3:58:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

5/23/2013 3:58:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

5/23/2013 3:58:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

5/23/2013 3:58:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

5/23/2013 3:58:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

5/23/2013 3:53:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

5/23/2013 3:53:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

5/23/2013 3:52:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: TCCO\ihale Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out

5/23/2013 3:52:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: TCCO\ihale Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out

5/23/2013 3:31:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl SPBBCDrv spldr SRTSP SRTSPX Wanarpv6

5/23/2013 1:49:57 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SCALAP0085 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C26FC5FB-9720-44CF-A4AC-F632778. The master browser is stopping or an election is being forced.

5/22/2013 9:25:16 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer SCALAP0160 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C26FC5FB-9720-44CF-A4AC-F632778. The master browser is stopping or an election is being forced.

5/22/2013 9:24:46 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

5/22/2013 9:24:46 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

5/22/2013 9:04:15 AM, Error: Schannel [36887] - The following fatal alert was received: 40.

5/22/2013 4:59:51 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SCALAP0049 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C26FC5FB-9720-44CF-A4AC-F632778. The master browser is stopping or an election is being forced.

5/17/2013 12:01:19 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {EE1BD859-AACD-48FE-A9B6-9358DC21ADAE} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.7601.17514

Run by TurnerAdmin at 11:37:34 on 2013-05-24

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3242.2010 [GMT -7:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ================

.

C:\WINDOWS\system32\wininit.exe

C:\WINDOWS\system32\lsm.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe

C:\WINDOWS\system32\DRIVERS\o2flash.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\WINDOWS\system32\CCM\CcmExec.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\Dwm.exe

C:\Program Files\TeamViewer\Version6\TeamViewer.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\taskhost.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\WINDOWS\system32\conhost.exe

C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Users\ihale\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\mobsync.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\DllHost.exe

C:\WINDOWS\system32\conhost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k RPCSS

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork

C:\WINDOWS\system32\svchost.exe -k bthsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\1132\g2mstart.exe" "/Trigger RunAtLogon"

uRunOnce: [Report] \AdwCleaner[s3].txt

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [sAP_WUS_UNT] "c:\program files\sap\sapsetup\setup\updater\NwSapSetupUserNotificationTool.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [bbPrintMonitor] c:\program files\common files\bluebeam software\bluebeam revu\brewery\v45\printer support\BBPrint.exe

mRun: [bbInstallUser] c:\program files\bluebeam software\bluebeam revu\pushbutton pdf\Bluebeam Admin User.exe

mRun: [GoToMeetingInstall1132] "c:\program files\citrix\gotomeeting\1132\G2MInstaller.exe" "/Action InstallAtLogon" "/DeploymentId 1132:5176b272"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [bDMCon] "c:\program files\softwin\bitdefender10\bdmcon.exe" /reg

mRun: [bDAgent] "c:\program files\softwin\bitdefender10\bdagent.exe"

mRunOnce: [historyviewer] <no file>

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{21e247d4-5e27-4bea-aa4d-19a81203fe2a}\Icon3E5562ED7.ico

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: ForceStartMenuLogOff = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:4

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:1

mPolicies-System: EnableVirtualization = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: FilterAdministratorToken = dword:1

mPolicies-System: RunLogonScriptSync = dword:0

mPolicies-Windows\System: CleanupProfiles = dword:60

mPolicies-Windows\System: UserPolicyMode = dword:2

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

TCP: NameServer = 172.18.90.13 172.18.2.74 172.18.2.75

TCP: Interfaces\{B105ED49-0D38-47DE-8837-24A4289EE9A7} : DHCPNameServer = 172.18.90.13 172.18.2.74 172.18.2.75

TCP: Interfaces\{C26FC5FB-9720-44CF-A4AC-F632778123E3} : DHCPNameServer = 172.18.90.13 172.18.2.74 172.18.2.75

TCP: Interfaces\{C26FC5FB-9720-44CF-A4AC-F632778123E3}\455727E65627B416963756274557374796E602D20275966696 : DHCPNameServer = 172.18.2.74 172.18.2.75 172.19.8.20

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL

Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs= c:\progra~1\citrix\icacli~1\RSHook.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2012-8-24 17648]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]

R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2013-5-23 1872320]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]

R2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files\sap\sapsetup\setup\updater\NwSapAutoWorkstationUpdateService.exe [2012-8-24 263536]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2012-8-24 2477304]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-1 2345848]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2012-8-24 43888]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-5-24 106656]

R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-8-24 7513088]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]

R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfw7.sys [2012-8-24 60904]

R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2012-8-24 63848]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2011-4-11 7680]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2012-8-24 33832]

S3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps.sys [2012-8-24 87592]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]

S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\drivers\wwanuss.sys [2012-8-24 23592]

S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\drivers\wwanussf.sys [2012-8-24 26152]

S3 HFIPSAW;HFIPSAW;c:\users\turner~1.sca\appdata\local\temp\HFIPSAW.exe [2013-5-23 527232]

S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2012-8-24 132480]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-5-23 40776]

S3 Mbm3CBus;Dell Wireless 5530 HSPA Mini-Card Device (WDM);c:\windows\system32\drivers\Mbm3CBus.sys [2012-8-24 361032]

S3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\drivers\Mbm3DevMt.sys [2012-8-24 396872]

S3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-8-24 41088]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2012-8-24 62208]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2012-8-24 141568]

S3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\drivers\nwdelgobi3kfilter.sys [2012-8-24 27264]

S3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2012-8-24 176384]

S3 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2012-8-24 176384]

S3 nwdelserial;Dell Wireless Mobile Broadband Serial Driver;c:\windows\system32\drivers\nwdelserial.sys [2012-8-24 191488]

S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2012-8-24 62440]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184]

S3 tcm;tcm;c:\windows\system32\drivers\tcm.sys [2012-8-24 12952]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-11 25600]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== File Associations ===============

.

FileExt: .scr: DWGTrueViewScriptFile="" "%1"

FileExt: .reg: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-05-24 00:23:22 81984 ----a-w- c:\windows\system32\bdod.bin

2013-05-24 00:10:55 -------- d-----w- c:\users\turneradmin.scalap0099\appdata\roaming\Bitdefender

2013-05-24 00:01:57 -------- d-----w- c:\programdata\Licenses

2013-05-24 00:01:53 -------- d-----w- c:\program files\SpywareBlaster

2013-05-24 00:00:59 -------- d-----w- c:\program files\a-squared Free

2013-05-23 23:58:58 -------- d-----w- c:\programdata\BitDefender

2013-05-23 23:58:58 -------- d-----w- c:\program files\Softwin

2013-05-23 23:58:37 -------- d-----w- c:\program files\common files\Softwin

2013-05-23 23:42:54 -------- d-----w- c:\program files\Trend Micro

2013-05-23 23:39:27 -------- d-----w- c:\users\turneradmin.scalap0099\appdata\roaming\SUPERAntiSpyware.com

2013-05-23 23:27:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-05-23 23:27:18 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-05-23 23:11:53 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2013-05-23 23:00:50 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d239293d-dbfb-4ad2-becc-c904d2b7944c}\mpengine.dll

2013-05-23 22:52:59 724464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e414de5e-d37b-4c6f-8f43-8cf4dff541d9}\gapaengine.dll

2013-05-23 22:47:42 -------- d-----w- c:\program files\Microsoft Security Client

2013-05-23 18:34:36 632656 ----a-w- c:\windows\system32\msvcr80.dll

2013-05-23 18:34:36 554832 ----a-w- c:\windows\system32\msvcp80.dll

2013-05-23 18:34:36 479232 ----a-w- c:\windows\system32\msvcm80.dll

2013-05-23 18:33:53 -------- d-----w- c:\program files\History Viewer

2013-05-23 17:12:43 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-05-23 17:12:42 -------- d-----w- c:\users\turneradmin.scalap0099\appdata\roaming\Malwarebytes

2013-05-23 17:12:33 -------- d-----w- c:\programdata\Malwarebytes

2013-05-23 17:12:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-23 17:12:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-05-23 17:12:22 -------- d-----w- c:\users\turneradmin.scalap0099\appdata\local\Programs

2013-04-25 18:19:32 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-25 18:19:32 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

==================== Find3M ====================

.

2013-05-21 12:28:02 773968 ----a-w- c:\windows\system32\msvcr100.dll

2013-05-21 12:28:02 421200 ----a-w- c:\windows\system32\msvcp100.dll

.

============= FINISH: 11:37:45.99 ===============

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.23.11

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

ihale :: SCALAP0099 [limited]

5/23/2013 11:15:47 AM

MBAM-log-2013-05-23 (11-25-51).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 175908

Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Data: wuaucpl.cpl -> No action taken.

Registry Data Items Detected: 1

HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[D-FRED-BROWN]

Hello wmontes and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.
  

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

----------Step 5----------------

In your next reply, please include the following:

• TDSSKiller's logfile
  
• MBAR mbar-log.txt and system-log.txt
  
• ComboFix's report (C:\ComboFix.txt)
  
• Security Check checkup.txt
  

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

[wmontes]

Hello D-FRED-BROWN!

I unfortunately left my laptop in my office and won't have access to it until Tuesday. What happens in this situation?

[D-FRED-BROWN]

I'll keep the log open.

[D-FRED-BROWN]

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them.

If not, please let me know so I can close this topic.

-DFB

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!