Anti-virus 2010

[Crumbum95]

Hi everyone,

I became infected with anti-virus 2010. My friend tried to fix it with malwarebytes and combofix, but he thinks im still infected and I still get redirects from google searches. Part of the combofix log says:

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

It would sometimes blue screen while running combofix. I tried to follow the steps for posting the other logs, but the computer would blue screen running dds and gmer would crash.

Here is the latest malwarebytes scan:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5045

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

11/4/2010 3:54:15 PM

mbam-log-2010-11-04 (15-54-15).txt

Scan type: Full scan (C:\|)

Objects scanned: 324819

Time elapsed: 24 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Qoobox\Quarantine\C\Documents and Settings\ddwyer\Application Data\AntiVirus 2010\AntiVirus_Studio_2010.exe.vir_INFECTED.arl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Documents and Settings\ddwyer\Application Data\AntiVirus 2010\securitycenter.exe.vir_INFECTED.arl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Documents and Settings\ddwyer\Application Data\AntiVirus 2010\securityhelper.exe.vir_INFECTED.arl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Documents and Settings\ddwyer\Application Data\AntiVirus 2010\taskmgr.dll.vir_INFECTED.arl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP1\A0000357.exe_INFECTED.arl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP1\A0000358.exe_INFECTED.arl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP1\A0000359.exe_INFECTED.arl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP1\A0000360.dll_INFECTED.arl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

[kahdah]

Hello Crumbum95

Welcome to Malwarebytes.

First and foremost Combofix should not be used unless specifically asked to do so.

Problems can arise and you would be left with a boat anchor so do not Run Combofix unless instructed.

=====================

• Download OTL to your desktop.
  
• Double click on OTL to run it.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

====================

Download This file. Note its name and save it to your root folder, such as C:\.

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  
• Click on this link to see a list of programs that should be disabled.
  
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  
• Allow the driver to load if asked.
  
• You may be prompted to scan immediately if it detects rootkit activity.
  
• If you are prompted to scan your system click "Yes" to begin the scan.
  
• If not prompted, click the "Rootkit/Malware" tab.
  
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  
• Select all drives that are connected to your system to be scanned.
  
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
  
• When the scan is finished, click Save to save the scan results to your Desktop.
  
• Save the file as Results.log and copy/paste the contents in your next reply.
  
• Exit the program and re-enable all active protection when done.
  

[Crumbum95]

Sorry this took so long, I didn't have the computer over the weekend:

OTL logfile created on: 11/5/2010 4:50:41 PM - Run 1

OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\ddwyer\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 113.70 Gb Total Space | 78.38 Gb Free Space | 68.93% Space Free | Partition Type: NTFS

Computer Name: T400S | User Name: ddwyer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\ddwyer\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe (Bradford Networks)

PRC - C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe (Bradford Networks)

PRC - C:\WINDOWS\system32\rpcnet.exe (Absolute Software Corp.)

PRC - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)

PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )

PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)

PRC - C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation)

PRC - C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo)

PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)

PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

PRC - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)

PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

PRC - C:\Program Files\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)

PRC - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)

PRC - C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)

PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\ddwyer\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (BNPagent) -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe (Bradford Networks)

SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\WINDOWS\system32\rpcnet.exe (Absolute Software Corp.)

SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)

SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()

SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )

SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )

SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)

SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

SRV - (Lenovo.micmute) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)

SRV - (TSSCoreService) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo)

SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

SRV - (UNS) Intel® -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel® -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)

SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)

SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)

SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)

SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)

SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)

SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)

SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)

SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

SRV - (NALNTSERVICE) -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)

SRV - (ZFDWM) -- C:\Program Files\Novell\ZENworks\WM.EXE (Novell, Inc.)

SRV - (Remote Management Agent) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)

SRV - (XTAgent) -- C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101104.002\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101104.002\NAVENG.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (DozeHDD) -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys (Lenovo.)

DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)

DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()

DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)

DRV - (5U877) -- C:\WINDOWS\system32\drivers\5U877.sys (Ricoh co.,Ltd.)

DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)

DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)

DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)

DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)

DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.)

DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)

DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)

DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)

DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)

DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)

DRV - (NWFILTER) -- C:\WINDOWS\system32\NetWare\nwfilter.sys (Novell, Inc.)

DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)

DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys (Novell, Inc.)

DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (Lenovo Group Limited)

DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys (Novell, Inc.)

DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation)

DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)

DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)

DRV - (NICM) -- C:\WINDOWS\system32\drivers\nicm.sys (Novell, Inc.)

DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)

DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)

DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)

DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)

DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)

DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)

DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)

DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)

DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)

DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)

DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)

DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)

DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)

DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)

DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys (Novell, Inc.)

DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys (Novell, Inc.)

DRV - (NWSNS) Novell Simple Naming Services (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys (Novell, Inc.)

DRV - (BlankScr) -- C:\WINDOWS\System32\drivers\blankscr.sys (Novell Inc.)

DRV - (Darpan) -- C:\WINDOWS\system32\drivers\Darpan.sys (Novell, Inc.)

DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://r-net.rollins.edu/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://r-net.rollins.edu/"

FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:5.0

FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/13 08:09:54 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/19 17:15:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/04 18:17:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/04 18:17:10 | 000,000,000 | ---D | M]

[2009/12/09 18:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddwyer\Application Data\Mozilla\Extensions

[2009/12/09 18:46:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ddwyer\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/09/23 19:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddwyer\Application Data\Mozilla\Firefox\Profiles\ts1n7mbu.default\extensions

[2009/12/09 18:46:14 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Documents and Settings\ddwyer\Application Data\Mozilla\Firefox\Profiles\ts1n7mbu.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}

[2010/09/23 19:11:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/07/10 09:04:54 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

[2010/10/04 18:17:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/09/14 23:42:09 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/02/23 10:49:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2010/10/04 18:17:05 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/10/04 18:17:05 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2007/04/10 20:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

[2008/09/10 04:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll

[2009/12/17 18:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2010/10/04 18:17:08 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2009/12/21 19:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2009/12/03 17:12:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2009/12/03 17:12:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2009/12/03 17:12:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2009/12/03 17:12:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2009/12/03 17:12:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2009/12/03 17:12:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2009/12/03 17:12:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/10/04 18:17:08 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/10/04 18:17:08 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/10/04 18:17:08 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/10/04 18:17:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/10/04 18:17:08 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/10/04 18:17:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/10/04 18:17:08 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/11/04 15:16:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()

O3 - HKLM\..\Toolbar: (Lenovo ThinkVantage Toolbox) - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544928.dll (PC-Doctor, Inc.)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

O4 - HKLM..\Run: [bncsaui.exe] C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe (Bradford Networks)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)

O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 1

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.20.1.10 10.20.1.20

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\ddwyer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\ddwyer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll (Novell, Inc)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/07/21 18:02:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/05 16:49:37 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ddwyer\Desktop\OTL.exe

[2010/11/04 13:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bradford Networks

[2010/11/04 13:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bradford Networks

[2010/11/04 10:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ddwyer\Application Data\Malwarebytes

[2010/11/04 10:31:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/04 10:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/04 10:31:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/04 10:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/04 10:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/11/04 09:47:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2010/11/04 09:41:38 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/11/04 09:41:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/11/04 09:41:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/11/04 09:41:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/11/04 09:41:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/11/04 09:41:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/11/04 09:39:06 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/11/02 09:41:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/10/24 13:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive

[2010/10/24 13:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ddwyer\My Documents\Sports Interactive

[2010/10/24 13:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ddwyer\Application Data\Sports Interactive

[2010/10/24 13:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Sports Interactive

[2010/10/24 13:01:18 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll

[2010/10/24 13:01:18 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll

[2010/10/24 13:01:18 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll

[2010/10/24 13:01:18 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll

[2010/10/24 13:01:18 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll

[2010/10/24 13:01:18 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll

[2010/10/24 13:01:18 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll

[2010/10/24 13:01:18 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll

[2010/10/24 13:01:17 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll

[2010/10/24 13:01:17 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll

[2010/10/24 13:01:17 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll

[2010/10/24 13:01:17 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll

[2010/10/24 13:01:17 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll

[2010/10/24 13:01:17 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll

[2010/10/24 13:01:17 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll

[2010/10/24 13:01:17 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll

[2010/10/24 13:01:16 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll

[2010/10/24 13:01:16 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll

[2010/10/24 13:01:16 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll

[2010/10/24 13:01:16 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll

[2010/10/24 13:01:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll

[2010/10/24 13:01:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll

[2010/10/24 13:01:16 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll

[2010/10/24 13:01:16 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll

[2010/10/24 13:01:15 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll

[2010/10/24 13:01:15 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll

[2010/10/24 13:01:15 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll

[2010/10/24 13:01:15 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll

[2010/10/24 13:01:15 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll

[2010/10/24 13:01:15 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll

[2010/10/24 13:01:15 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll

[2010/10/24 13:01:15 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll

[2010/10/24 13:01:14 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll

[2010/10/24 13:01:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs

[2010/10/24 11:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\Steam

[2010/10/13 18:39:12 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll

[2010/10/13 18:39:12 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll

[2010/10/13 18:39:12 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll

[2010/10/13 18:39:09 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll

[2010/10/06 21:11:42 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll

[2010/10/06 21:11:42 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/05 16:52:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/05 16:49:40 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ddwyer\Desktop\OTL.exe

[2010/11/05 16:49:11 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe

[2010/11/05 16:49:09 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll

[2010/11/05 16:48:58 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/05 16:48:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/05 10:55:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

[2010/11/05 08:37:25 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/05 08:34:51 | 000,000,418 | RHS- | M] () -- C:\Documents and Settings\ddwyer\ntuser.pol

[2010/11/05 08:26:52 | 000,628,736 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\dds.scr

[2010/11/05 08:25:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ddwyer\defogger_reenable

[2010/11/04 16:32:58 | 000,295,424 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\etudbnek.exe

[2010/11/04 15:16:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/11/04 15:11:34 | 003,902,849 | R--- | M] () -- C:\Documents and Settings\ddwyer\Desktop\ComboFix.exe

[2010/11/04 15:01:29 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll

[2010/11/04 10:31:41 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/04 09:56:52 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2010/11/03 18:36:29 | 000,088,064 | ---- | M] () -- C:\WINDOWS\MBR.exe

[2010/11/02 09:41:36 | 000,001,886 | ---- | M] () -- C:\Documents and Settings\ddwyer\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus 2010.lnk

[2010/11/02 09:14:18 | 003,243,760 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\Schneider.pdf

[2010/11/01 19:26:35 | 000,000,181 | ---- | M] () -- C:\WINDOWS\hpbafd.ini

[2010/10/31 22:13:08 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/10/30 11:55:02 | 000,019,407 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\Power rankings.docx

[2010/10/30 10:58:07 | 000,080,057 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\Cisco_Project.xlsx

[2010/10/30 10:51:53 | 000,000,165 | -H-- | M] () -- C:\Documents and Settings\ddwyer\Desktop\~$Cisco_Project.xlsx

[2010/10/29 11:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job

[2010/10/28 10:07:13 | 000,011,286 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\Markean.xlsx

[2010/10/27 17:30:16 | 000,017,040 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\Ben and Jerry's.docx

[2010/10/24 11:59:46 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2010/10/24 11:46:05 | 000,000,215 | -H-- | M] () -- C:\Documents and Settings\ddwyer\Desktop\Football Manager 2010.url

[2010/10/24 11:45:02 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk

[2010/10/20 18:38:41 | 000,158,138 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\DRE.xlsx

[2010/10/20 13:07:56 | 000,040,960 | R--- | M] () -- C:\Documents and Settings\ddwyer\Desktop\MidTermExam.xlsx

[2010/10/17 19:49:11 | 000,068,953 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\Audit.docx

[2010/10/14 23:58:08 | 000,330,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/14 21:10:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/10/12 18:39:09 | 000,022,195 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\DwyerPMBA43.docx

[2010/10/09 15:09:01 | 000,513,092 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/09 15:09:01 | 000,097,626 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/10/09 11:11:37 | 000,013,666 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\MCDSQ4.docx

[2010/10/09 09:33:54 | 001,530,333 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\MCDonalds.pdf

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/05 08:26:52 | 000,628,736 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\dds.scr

[2010/11/05 08:25:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ddwyer\defogger_reenable

[2010/11/04 16:32:55 | 000,295,424 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\etudbnek.exe

[2010/11/04 10:31:41 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/04 09:41:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/11/04 09:41:39 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2010/11/04 09:41:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/11/04 09:41:10 | 000,088,064 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/11/04 09:41:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/11/04 09:41:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/11/04 09:41:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/11/04 09:36:33 | 003,902,849 | R--- | C] () -- C:\Documents and Settings\ddwyer\Desktop\ComboFix.exe

[2010/11/02 09:41:36 | 000,001,886 | ---- | C] () -- C:\Documents and Settings\ddwyer\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus 2010.lnk

[2010/11/02 09:14:18 | 003,243,760 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\Schneider.pdf

[2010/10/30 10:51:53 | 000,000,165 | -H-- | C] () -- C:\Documents and Settings\ddwyer\Desktop\~$Cisco_Project.xlsx

[2010/10/29 09:53:39 | 000,019,407 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\Power rankings.docx

[2010/10/28 10:07:13 | 000,011,286 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\Markean.xlsx

[2010/10/27 17:30:15 | 000,017,040 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\Ben and Jerry's.docx

[2010/10/25 11:57:56 | 000,080,057 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\Cisco_Project.xlsx

[2010/10/24 11:46:05 | 000,000,215 | -H-- | C] () -- C:\Documents and Settings\ddwyer\Desktop\Football Manager 2010.url

[2010/10/24 11:42:28 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk

[2010/10/20 18:38:41 | 000,158,138 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\DRE.xlsx

[2010/10/20 13:07:55 | 000,040,960 | R--- | C] () -- C:\Documents and Settings\ddwyer\Desktop\MidTermExam.xlsx

[2010/10/17 19:49:11 | 000,068,953 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\Audit.docx

[2010/10/12 18:39:09 | 000,022,195 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\DwyerPMBA43.docx

[2010/10/09 11:11:37 | 000,013,666 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\MCDSQ4.docx

[2010/10/09 09:33:54 | 001,530,333 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\MCDonalds.pdf

[2010/01/12 11:33:02 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\afl.log

[2010/01/12 11:14:17 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll

[2009/12/04 10:45:32 | 000,262,227 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll

[2009/12/04 10:45:31 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll

[2009/12/04 10:45:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll

[2009/12/04 10:45:12 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini

[2009/12/04 10:45:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll

[2009/12/04 10:45:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll

[2009/12/04 10:45:03 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll

[2009/08/14 12:47:34 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/06/29 09:44:59 | 000,000,181 | ---- | C] () -- C:\WINDOWS\hpbafd.ini

[2009/06/29 09:44:45 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll

[2009/06/29 09:44:44 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll

[2009/06/23 20:03:44 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll

[2009/06/23 19:58:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll

[2009/06/23 13:26:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

[2009/06/19 17:29:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/06/19 17:18:36 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2009/06/19 17:18:04 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS

[2009/06/19 17:15:29 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2009/06/19 17:15:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/06/19 17:13:49 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2009/06/19 17:13:49 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2009/06/19 17:13:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2009/06/19 17:13:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2009/06/19 17:13:49 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2009/06/19 17:13:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2009/06/19 17:07:33 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS

[2008/07/22 11:22:09 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/07/21 10:55:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2004/03/16 17:09:12 | 000,454,761 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-1_31.dll

[2004/03/16 17:08:26 | 000,467,052 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-gd-1_31.dll

[2002/05/03 10:10:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

[2002/04/17 17:21:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL

[2002/04/16 10:14:42 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL

[2002/04/16 10:14:00 | 001,683,456 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13n.dll

[2002/04/16 10:14:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[1999/08/07 02:05:16 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL

========== LOP Check ==========

[2009/06/19 17:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T

[2010/11/04 13:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bradford Networks

[2009/12/04 17:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData

[2009/06/19 17:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo

[2009/12/03 18:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr

[2010/10/24 13:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive

[2009/06/19 17:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall

[2009/12/03 17:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/07/10 11:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/12/09 18:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddwyer\Application Data\Avaya

[2010/08/28 09:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddwyer\Application Data\Cisco

[2009/12/09 18:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddwyer\Application Data\Downloaded Installations

[2009/12/09 18:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddwyer\Application Data\InterVideo

[2009/12/09 18:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddwyer\Application Data\Lenovo

[2010/10/24 13:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddwyer\Application Data\Sports Interactive

[2010/09/09 09:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddwyer\Application Data\Windows Desktop Search

[2010/09/15 18:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddwyer\Application Data\Windows Search

[2010/11/05 10:55:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

[2009/12/03 18:28:58 | 000,000,528 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job

[2010/02/16 09:49:53 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

[2010/10/29 11:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

< End of report >

[Crumbum95]

OTL Extras logfile created on: 11/5/2010 4:50:41 PM - Run 1

OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\ddwyer\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 113.70 Gb Total Space | 78.38 Gb Free Space | 68.93% Space Free | Partition Type: NTFS

Computer Name: T400S | User Name: ddwyer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Cisco Systems\Cisco Unified Personal Communicator\CUPCK9.exe" = C:\Program Files\Cisco Systems\Cisco Unified Personal Communicator\CUPCK9.exe:*:Enabled:Cisco Unified Personal Communicator -- (Cisco Systems, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)

"C:\WINDOWS\system32\dpmw32.exe" = C:\WINDOWS\system32\dpmw32.exe:*:Enabled:NDPS RPM & Notification Listener -- (Novell, Inc.)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Cisco Systems\Cisco Unified Personal Communicator\CUPCK9.exe" = C:\Program Files\Cisco Systems\Cisco Unified Personal Communicator\CUPCK9.exe:*:Enabled:Cisco Unified Personal Communicator -- (Cisco Systems, Inc.)

"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Program Files\Steam\steamapps\common\football manager 2010\fm.exe" = C:\Program Files\Steam\steamapps\common\football manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)

"C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe" = C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe:*:Enabled:Bradford Persistent Agent -- (Bradford Networks)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01

"{02383859-C71C-4AE0-80C9-12552ADA6B1E}" = Adobe Setup

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{17ABBB0D-F2B1-4C78-A64F-2DC1C1E7A4DE}" = ZENworks Desktop Management Agent

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools

"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 18

"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{43507E5B-94A0-4E56-9C7B-FAAAFBDB5904}" = Intel® PROSet/Wireless WiFi Software

"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System

"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C018129-1793-48D2-B82C-6FA71C96B476}" = Online Data Backup

"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models

"{50063EEB-8CD5-4AA4-AA13-30699DD92629}" = Adobe Setup

"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs

"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02

"{5BB770DE-19FF-4D71-A0E0-1F21E1847512}" = Adobe PDistiller

"{5ED03387-DEB1-4B6D-8E28-C57C149443B3}" = Integrated Camera TWAIN

"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support

"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center

"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio

"{75CE0D7C-47A8-48C6-A220-ADF21E4FBACF}" = DecisionTools Suite Industrial 5.5.1

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}" = Verizon Wireless Mobile Broadband Self Activation

"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software

"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{87C9B860-6A2E-4468-854E-35BB72B4C122}" = Symantec Antivirus

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{97BBF90F-A852-4AA0-872B-42D13AA22D94}" = Mobile Broadband Connect

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models

"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models

"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client

"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4

"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro

"{AC76BA86-1033-0000-7760-000000000004}_930" = Adobe Acrobat 9.3.0 - CPSID_52073

"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro

"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2

"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo

"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy

"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C34FBF52-DDB4-44BD-82F8-02EB0E726C66}" = Cisco Unified Personal Communicator

"{C3A70E44-2DD7-4C2F-A679-3106991D2D22}" = Bradford Persistent Agent

"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.17

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes

"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

[Crumbum95]

The gmer log is too large, (it takes up 40 pages in word). I've included it as an attachment.

results.log

[kahdah]

Ok please also post the Combofix log located here > C:\Combofix.txt

[Crumbum95]

ComboFix 10-11-03.04 - ddwyer 11/04/2010 15:13:29.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2968.2221 [GMT -4:00]

Running from: c:\documents and settings\ddwyer\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

-- Previous Run --

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

--------

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

Infected copy of c:\windows\system32\autochk.exe was found and disinfected

Restored copy from - c:\i386\AUTOCHK.EXE

.

((((((((((((((((((((((((( Files Created from 2010-10-04 to 2010-11-04 )))))))))))))))))))))))))))))))

.

2010-11-04 17:32 . 2010-11-04 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Bradford Networks

2010-11-04 17:32 . 2010-11-04 17:32 -------- d-----w- c:\program files\Bradford Networks

2010-11-04 14:31 . 2010-11-04 14:31 -------- d-----w- c:\documents and settings\ddwyer\Application Data\Malwarebytes

2010-11-04 14:31 . 2010-11-04 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-11-04 14:31 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-04 14:31 . 2010-11-04 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-04 14:31 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-24 17:02 . 2010-10-24 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive

2010-10-24 17:02 . 2010-10-24 17:02 -------- d-----w- c:\documents and settings\ddwyer\Application Data\Sports Interactive

2010-10-24 15:42 . 2010-11-04 13:56 -------- d-----w- c:\program files\Steam

2010-10-13 22:39 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-13 22:39 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll

2010-10-13 22:39 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-13 22:39 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-07 01:11 . 2008-04-14 09:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2010-10-07 01:11 . 2008-04-14 09:41 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-10-07 01:11 . 2008-04-14 04:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-10-07 01:11 . 2008-04-14 04:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-04 19:01 . 2010-01-12 15:13 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2010-11-04 19:01 . 2010-01-12 15:16 56680 ----a-w- c:\windows\system32\rpcnet.dll

2010-11-04 19:01 . 2010-01-12 15:14 17920 ----a-w- c:\windows\system32\rpcnetp.dll

2010-09-18 16:23 . 2008-07-21 22:49 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-07-21 22:49 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-07-21 22:49 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2008-07-21 22:49 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-09 13:38 . 2008-07-21 22:50 832512 ----a-w- c:\windows\system32\wininet.dll

2010-09-09 13:38 . 2008-07-21 22:49 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-09 13:38 . 2008-07-21 22:49 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-09-09 13:38 . 2008-07-21 22:49 17408 ----a-w- c:\windows\system32\corpol.dll

2010-09-08 15:57 . 2008-07-21 22:49 389120 ----a-w- c:\windows\system32\html.iec

2010-09-01 11:51 . 2008-07-21 22:49 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2008-07-21 22:50 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2008-07-21 22:50 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2008-07-21 22:50 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2008-07-21 22:50 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-06-23 17:04 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2008-07-21 22:49 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2008-07-21 22:50 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2008-07-21 22:50 590848 ----a-w- c:\windows\system32\rpcrt4.dll

.

------- Sigcheck -------

[-] 2008-04-14 . 3E68D16CCFF5B47F8B9E851227F5A73B . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 821BAC1B59C94553FB2D3D55066B8557 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]

"bncsaui.exe"="c:\program files\Bradford Networks\Persistent Agent\bncsaui.exe" [2010-07-14 2625304]

c:\documents and settings\student\Start Menu\Programs\Startup\

Shortcut to WBALANCE.lnk - c:\pcounter\WBALANCE.EXE [2009-6-29 67584]

c:\documents and settings\TMDAVIS\Start Menu\Programs\Startup\

Shortcut to WBALANCE.lnk - c:\pcounter\WBALANCE.EXE [2009-6-29 67584]

c:\documents and settings\HELPDESK\Start Menu\Programs\Startup\

Shortcut to WBALANCE.lnk - c:\pcounter\WBALANCE.EXE [2009-6-29 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2005-08-04 417792]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]

2005-01-10 18:36 24576 ----a-w- c:\windows\system32\novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 21:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^SHOP^Start Menu^Programs^Startup^Shortcut to WBALANCE.EXE.lnk]

path=c:\documents and settings\SHOP\Start Menu\Programs\Startup\Shortcut to WBALANCE.EXE.lnk

backup=c:\windows\pss\Shortcut to WBALANCE.EXE.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^SHOP^Start Menu^Programs^Startup^Shortcut to WBALANCE.lnk]

path=c:\documents and settings\SHOP\Start Menu\Programs\Startup\Shortcut to WBALANCE.lnk

backup=c:\windows\pss\Shortcut to WBALANCE.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2009-12-21 23:35 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]

2009-12-11 03:34 431464 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]

2009-12-11 03:34 181608 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

2009-12-22 06:26 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2009-12-03 21:43 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]

2009-09-03 19:06 436800 ----a-w- c:\progra~1\THINKV~1\AMSG\Amsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiVirus 2010]

c:\documents and settings\ddwyer\Application Data\AntiVirus 2010\AntiVirus_Studio_2010.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]

2009-12-16 06:12 208896 ------w- c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bncsaui.exe]

2010-07-14 13:30 2625304 ----a-w- c:\program files\Bradford Networks\Persistent Agent\bncsaui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraApplicationLauncher]

2009-03-13 01:12 16384 ----a-w- c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateLMBCShortCut]

2009-05-15 23:49 40960 ----a-w- c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]

2009-03-05 05:21 3093816 ----a-w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-05-11 07:43 173592 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-05-11 07:43 141336 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPFNF6R]

2009-08-20 14:38 62752 ----a-w- c:\program files\Lenovo\HOTKEY\tpfnf6r.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]

2009-07-23 08:11 124248 ------w- c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]

2009-07-23 08:11 185688 ------w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]

2009-05-28 05:09 49976 ----a-w- c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDPS]

2004-05-17 18:27 32859 ----a-w- c:\windows\system32\dpmw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]

2002-03-12 15:37 28672 ----a-w- c:\windows\system32\nwtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-05-11 07:43 142872 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]

2009-02-12 03:47 357400 ----a-w- c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]

2009-12-16 06:12 513384 ------w- c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RotateImage]

2008-10-30 20:23 31744 ----a-w- c:\program files\Integrated Camera Driver\RCIMGDIR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-09-02 19:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-10-24 15:42 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2009-11-20 02:44 1594664 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]

2009-08-04 09:32 62240 ------w- c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]

2009-03-13 22:32 68976 ----a-w- c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]

2009-12-11 17:19 337256 ----a-w- c:\windows\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]

2008-11-24 22:42 487424 ----a-w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-19 03:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZENRC Tray Icon]

2005-05-18 22:04 40960 ----a-w- c:\windows\system32\zentray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\WINDOWS\\system32\\dpmw32.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Cisco Systems\\Cisco Unified Personal Communicator\\CUPCK9.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2010\\fm.exe"=

"c:\\Program Files\\Bradford Networks\\Persistent Agent\\bndaemon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2/10/2010 4:40 PM 24304]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/9/2009 1:10 PM 20520]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [10/23/2008 4:15 AM 13480]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 3:03 PM 169312]

R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [5/23/2005 3:47 PM 6899]

R2 BNPagent;Bradford Persistent Agent Service;c:\program files\Bradford Networks\Persistent Agent\bndaemon.exe [7/14/2010 9:30 AM 3063576]

R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2/10/2010 4:40 PM 132456]

R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2/10/2010 4:42 PM 126080]

R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [5/23/2005 3:11 PM 2773]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/19/2009 4:56 PM 243856]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/21/2010 2:32 PM 102448]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 6:54 PM 37312]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/14/2010 11:42 PM 136176]

.

Contents of the 'Scheduled Tasks' folder

2010-11-02 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 03:42]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 03:42]

2009-12-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

2010-02-16 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-06-19 06:12]

2010-10-29 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-22 09:14]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://r-net.rollins.edu/

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\documents and settings\ddwyer\Application Data\Mozilla\Firefox\Profiles\ts1n7mbu.default\

FF - prefs.js: browser.startup.homepage - hxxp://r-net.rollins.edu/

FF - component: c:\program files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-04 15:17

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)

c:\windows\system32\NETWIN32.DLL

c:\program files\Novell\ZENworks\ZENPOL32.DLL

c:\windows\system32\xmlparse.dll

- - - - - - - > 'Explorer.exe'(4196)

c:\windows\system32\WININET.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll

c:\program files\PC-Doctor\ATLPcdToolbar544928.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\Novell\XTAgent.exe

c:\program files\Intel\WiFi\bin\S24EvMon.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\program files\LENOVO\HOTKEY\TPHKSVC.exe

c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe

c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LENOVO\HOTKEY\MICMUTE.exe

c:\program files\Intel\AMT\LMS.exe

c:\program files\Novell\ZENworks\nalntsrv.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe

c:\windows\system32\rpcnet.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Novell\ZENworks\wm.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE

c:\program files\lenovo\system update\suservice.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\Novell\ZENworks\WMRUNDLL.EXE

c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\windows\system32\wscntfy.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Completion time: 2010-11-04 15:18:31 - machine was rebooted

ComboFix-quarantined-files.txt 2010-11-04 19:18

ComboFix2.txt 2010-11-04 14:19

Pre-Run: 84,127,506,432 bytes free

Post-Run: 84,105,822,208 bytes free

- - End Of File - - 0471A0DF184D55DF1459A23330ED6ACA

[kahdah]

Do you have your xp disk handy?

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  ;filefind
  winlogon.*
  explorer.*

  
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

[Crumbum95]

SystemLook 04.09.10 by jpshortstuff

Log created at 15:28 on 08/11/2010 by ddwyer

Administrator - Elevation successful

No Context: ;filefind

No Context: winlogon.*

No Context: explorer.*

-= EOF =-

Worst case scenario, my school can image the computer. I do have the xp disks as well.

[kahdah]

Two files need to be replaced only no need to reformat.

What version of Windows are the cd's for?

Same service pack and edition of Windows ie.home or Pro

[Crumbum95]

XP pro, sp3.

[kahdah]

Ok please insert the Xp pro sp3 cd into the cd drive then go to start > Run type in cmd then hit ok.

In the command box that open type in expand D:\I386\winlogon.ex_ C:\ then hit enter.

Then type in expand D:\I386\explorer.ex_ C:\ then hit enter.

(Note if your cd drive is a different drive letter then replace the D:\ with the correct drive letter.)

Then make sure there are 2 files in this location C:\Explorer.exe and Winlogon.exe in the same location.

If they are there please proceed with the following.

If they are not there then do not proceed and tell me about it.

===========

Delete your version of Combofix (if you still have it) then redownload it from here > http://www.bleepingcomputer.com/download/anti-virus/combofix

1. Please open Notepad

• Click Start , then Run
  
• type in notepad in the Run Box then hit ok.
  

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KILLALL::

FCopy::
C:\Explorer.exe|C:\Windows\explorer.exe
C:\Winlogon.exe|C:\Windows\system32\winlogon.exe

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

• Combofix.txt
  

=============

[Crumbum95]

when i expand, this is what i see in the command window:

C:\Documents and Settings\ddwyer\Desktop>expand d:\i386\winlogon.ex_ c:\

Microsoft ® File Expansion Utility Version 5.1.2600.0

Copyright © Microsoft Corp 1990-1999. All rights reserved.

Expanding d:\i386\winlogon.ex_ to c:\winlogon.ex_.

d:\i386\winlogon.ex_: 265069 bytes expanded to 507904 bytes, 91% increase.

when I look in c:\, i only see winlogon.ex_ instead of winlogon.exe. The same occurs with explorer. Should I continue the combofix step or did it expand incorrectly?

[kahdah]

My mistake do it like this please.

Expand D:I386\Winlogon.ex_ C:\Winlogon.exe hit enter and do the same for explorer.exe

[Crumbum95]

Here's the latest log:

ComboFix 10-11-07.A2 - ddwyer 11/09/2010 10:59:27.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2968.2105 [GMT -5:00]

Running from: c:\documents and settings\ddwyer\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\ddwyer\Desktop\CFScript.txt

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\explorer.exe

c:\windows\temp\explorer.dat

C:\winlogon.exe

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP6\A0004867.exe

Infected copy of c:\windows\explorer.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP6\A0004868.exe

.

--------------- FCopy ---------------

c:\explorer.exe --> c:\Windows\explorer.exe

c:\winlogon.exe --> c:\Windows\system32\winlogon.exe

.

((((((((((((((((((((((((( Files Created from 2010-10-09 to 2010-11-09 )))))))))))))))))))))))))))))))

.

2010-11-09 14:24 . 2008-04-14 10:42 1033728 ----a-w- C:\explorer.ex_

2010-11-09 14:24 . 2008-04-14 10:42 507904 ----a-w- C:\winlogon.ex_

2010-11-05 20:54 . 2010-11-05 20:54 295424 ----a-w- C:\2o8u8sf4.exe

2010-11-04 17:32 . 2010-11-04 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Bradford Networks

2010-11-04 17:32 . 2010-11-04 17:32 -------- d-----w- c:\program files\Bradford Networks

2010-11-04 14:31 . 2010-11-04 14:31 -------- d-----w- c:\documents and settings\ddwyer\Application Data\Malwarebytes

2010-11-04 14:31 . 2010-11-04 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-11-04 14:31 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-04 14:31 . 2010-11-04 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-04 14:31 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-24 17:02 . 2010-10-24 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive

2010-10-24 17:02 . 2010-10-24 17:02 -------- d-----w- c:\documents and settings\ddwyer\Application Data\Sports Interactive

2010-10-24 15:42 . 2010-11-04 13:56 -------- d-----w- c:\program files\Steam

2010-10-13 22:39 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-13 22:39 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll

2010-10-13 22:39 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-13 22:39 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-09 16:13 . 2010-01-12 15:13 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2010-11-09 16:13 . 2010-01-12 15:16 56680 ----a-w- c:\windows\system32\rpcnet.dll

2010-11-04 19:01 . 2010-01-12 15:14 17920 ----a-w- c:\windows\system32\rpcnetp.dll

2010-09-18 16:23 . 2008-07-21 22:49 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-07-21 22:49 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-07-21 22:49 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2008-07-21 22:49 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-09 13:38 . 2008-07-21 22:50 832512 ----a-w- c:\windows\system32\wininet.dll

2010-09-09 13:38 . 2008-07-21 22:49 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-09 13:38 . 2008-07-21 22:49 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-09-09 13:38 . 2008-07-21 22:49 17408 ----a-w- c:\windows\system32\corpol.dll

2010-09-08 15:57 . 2008-07-21 22:49 389120 ----a-w- c:\windows\system32\html.iec

2010-09-01 11:51 . 2008-07-21 22:49 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2008-07-21 22:50 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2008-07-21 22:50 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2008-07-21 22:50 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2008-07-21 22:50 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-06-23 17:04 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2008-07-21 22:49 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2008-07-21 22:50 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2008-07-21 22:50 590848 ----a-w- c:\windows\system32\rpcrt4.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-11-04_19.17.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-21 22:50 . 2010-11-08 13:08 97652 c:\windows\system32\perfc009.dat

- 2010-08-21 19:31 . 2010-10-15 01:09 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe

+ 2010-08-21 19:31 . 2010-11-08 13:23 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe

- 2010-08-21 19:31 . 2010-10-15 01:09 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe

+ 2010-08-21 19:31 . 2010-11-08 13:23 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe

- 2010-08-21 19:31 . 2010-10-15 01:09 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe

+ 2010-08-21 19:31 . 2010-11-08 13:23 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-07-21 22:50 . 2010-11-08 13:08 513118 c:\windows\system32\perfh009.dat

+ 2010-08-21 19:31 . 2010-11-08 13:23 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe

- 2010-08-21 19:31 . 2010-10-15 01:09 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe

- 2010-08-21 19:31 . 2010-10-15 01:09 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe

+ 2010-08-21 19:31 . 2010-11-08 13:23 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe

- 2010-08-21 19:31 . 2010-10-15 01:09 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe

+ 2010-08-21 19:31 . 2010-11-08 13:23 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe

+ 2010-08-21 19:31 . 2010-11-08 13:23 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe

- 2010-08-21 19:31 . 2010-10-15 01:09 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe

- 2010-08-21 19:31 . 2010-10-15 01:09 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe

+ 2010-08-21 19:31 . 2010-11-08 13:23 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe

- 2010-08-21 19:31 . 2010-10-15 01:09 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe

+ 2010-08-21 19:31 . 2010-11-08 13:23 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe

- 2010-08-21 19:31 . 2010-10-15 01:09 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe

+ 2010-08-21 19:31 . 2010-11-08 13:23 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe

- 2010-08-21 19:31 . 2010-10-15 01:09 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

+ 2010-08-21 19:31 . 2010-11-08 13:23 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

- 2010-08-21 19:31 . 2010-10-15 01:09 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe

+ 2010-08-21 19:31 . 2010-11-08 13:23 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe

+ 2010-08-21 19:31 . 2010-11-08 13:23 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe

- 2010-08-21 19:31 . 2010-10-15 01:09 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]

"bncsaui.exe"="c:\program files\Bradford Networks\Persistent Agent\bncsaui.exe" [2010-07-14 2625304]

c:\documents and settings\student\Start Menu\Programs\Startup\

Shortcut to WBALANCE.lnk - c:\pcounter\WBALANCE.EXE [2009-6-29 67584]

c:\documents and settings\TMDAVIS\Start Menu\Programs\Startup\

Shortcut to WBALANCE.lnk - c:\pcounter\WBALANCE.EXE [2009-6-29 67584]

c:\documents and settings\HELPDESK\Start Menu\Programs\Startup\

Shortcut to WBALANCE.lnk - c:\pcounter\WBALANCE.EXE [2009-6-29 67584]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Shortcut to WBALANCE.lnk - c:\pcounter\WBALANCE.EXE [2009-6-29 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2005-08-04 417792]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]

2005-01-10 18:36 24576 ----a-w- c:\windows\system32\novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 21:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^SHOP^Start Menu^Programs^Startup^Shortcut to WBALANCE.EXE.lnk]

path=c:\documents and settings\SHOP\Start Menu\Programs\Startup\Shortcut to WBALANCE.EXE.lnk

backup=c:\windows\pss\Shortcut to WBALANCE.EXE.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^SHOP^Start Menu^Programs^Startup^Shortcut to WBALANCE.lnk]

path=c:\documents and settings\SHOP\Start Menu\Programs\Startup\Shortcut to WBALANCE.lnk

backup=c:\windows\pss\Shortcut to WBALANCE.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2009-12-21 23:35 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]

2009-12-11 03:34 431464 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]

2009-12-11 03:34 181608 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

2009-12-22 06:26 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2009-12-03 21:43 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]

2009-09-03 19:06 436800 ----a-w- c:\progra~1\THINKV~1\AMSG\Amsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiVirus 2010]

c:\documents and settings\ddwyer\Application Data\AntiVirus 2010\AntiVirus_Studio_2010.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]

2009-12-16 06:12 208896 ------w- c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bncsaui.exe]

2010-07-14 13:30 2625304 ----a-w- c:\program files\Bradford Networks\Persistent Agent\bncsaui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraApplicationLauncher]

2009-03-13 01:12 16384 ----a-w- c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateLMBCShortCut]

2009-05-15 23:49 40960 ----a-w- c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]

2009-03-05 05:21 3093816 ----a-w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-05-11 07:43 173592 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-05-11 07:43 141336 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPFNF6R]

2009-08-20 14:38 62752 ----a-w- c:\program files\Lenovo\HOTKEY\tpfnf6r.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]

2009-07-23 08:11 124248 ------w- c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]

2009-07-23 08:11 185688 ------w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]

2009-05-28 05:09 49976 ----a-w- c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDPS]

2004-05-17 18:27 32859 ----a-w- c:\windows\system32\dpmw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]

2002-03-12 15:37 28672 ----a-w- c:\windows\system32\nwtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-05-11 07:43 142872 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]

2009-02-12 03:47 357400 ----a-w- c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]

2009-12-16 06:12 513384 ------w- c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RotateImage]

2008-10-30 20:23 31744 ----a-w- c:\program files\Integrated Camera Driver\RCIMGDIR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-09-02 19:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-10-24 15:42 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2009-11-20 02:44 1594664 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]

2009-08-04 09:32 62240 ------w- c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]

2009-03-13 22:32 68976 ----a-w- c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]

2009-12-11 17:19 337256 ----a-w- c:\windows\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]

2008-11-24 22:42 487424 ----a-w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-19 03:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZENRC Tray Icon]

2005-05-18 22:04 40960 ----a-w- c:\windows\system32\zentray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\WINDOWS\\system32\\dpmw32.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Cisco Systems\\Cisco Unified Personal Communicator\\CUPCK9.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2010\\fm.exe"=

"c:\\Program Files\\Bradford Networks\\Persistent Agent\\bndaemon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

2;2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [x]

3;2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-12-16 53248]

R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-02-12 2058776]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]

R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-28 116464]

S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2009-12-16 24304]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

S2 BlankScr;HBDevice; [x]

S2 BNPagent;Bradford Persistent Agent Service;c:\program files\Bradford Networks\Persistent Agent\bndaemon.exe [2010-07-14 3063576]

S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2009-12-16 132456]

S2 Lenovo.micmute;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]

S2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2005-07-11 163840]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]

S2 XTAgent;Novell XTier Agent Services;c:\windows\System32\Novell\XTAgent.exe [2005-01-10 61440]

S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-10-27 126080]

S3 Darpan;Darpan;c:\windows\system32\DRIVERS\Darpan.sys [2005-05-23 2773]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y5132.sys [2008-09-19 243856]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-19 102448]

S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]

.

Contents of the 'Scheduled Tasks' folder

2010-11-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 03:42]

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 03:42]

2010-11-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

2010-02-16 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-06-19 06:12]

2010-11-08 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-22 09:14]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://r-net.rollins.edu/

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\documents and settings\ddwyer\Application Data\Mozilla\Firefox\Profiles\ts1n7mbu.default\

FF - prefs.js: browser.startup.homepage - hxxp://r-net.rollins.edu/

FF - component: c:\program files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-Wdf01000.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-09 11:13

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)

c:\windows\system32\NETWIN32.DLL

c:\program files\Novell\ZENworks\ZENPOL32.DLL

c:\windows\system32\xmlparse.dll

- - - - - - - > 'Explorer.exe'(5880)

c:\windows\system32\WININET.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll

c:\program files\PC-Doctor\ATLPcdToolbar544928.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\WiFi\bin\S24EvMon.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe

c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Intel\AMT\LMS.exe

c:\program files\Novell\ZENworks\nalntsrv.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\windows\system32\rpcnet.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Novell\ZENworks\wm.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\lenovo\system update\suservice.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\Novell\ZENworks\WMRUNDLL.EXE

c:\windows\system32\wscntfy.exe

c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\windows\system32\imapi.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Completion time: 2010-11-09 11:14:21 - machine was rebooted

ComboFix-quarantined-files.txt 2010-11-09 16:14

ComboFix2.txt 2010-11-04 19:18

ComboFix3.txt 2010-11-04 14:19

Pre-Run: 83,836,112,896 bytes free

Post-Run: 83,836,882,944 bytes free

- - End Of File - - 1958A9C3ADFD6D04DC34A41E9B65A88B

[kahdah]

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

• Click on the update tab then click on Check for updates.
  
• If an update is found, it will download and install the latest version.
  
• Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
  
• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activex control to install
  
• Click Start
  
• Check next options: Remove found threats and Scan unwanted applications.
  
• Click Scan
  
• Wait for the scan to finish
  
• Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[Crumbum95]

This is the first eset scan (it got accidently cancelled)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=073ecb0a9e042c4490c916ca38280f0c

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-11-09 08:41:44

# local_time=2010-11-09 03:41:44 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=33175

# found=2

# cleaned=2

# scan_time=2709

C:\Documents and Settings\All Users\Documents\Server\hlp.dat Win32/Bamital.EQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\ddwyer\Application Data\Sun\Java\Deployment\cache\6.0\60\2928effc-5af1959d a variant of Java/TrojanDownloader.OpenStream.NAU trojan (deleted - quarantined) 00000000000000000000000000000000 C

************************************Here is the 2nd eset scan******************************************************

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=073ecb0a9e042c4490c916ca38280f0c

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-11-09 08:41:44

# local_time=2010-11-09 03:41:44 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=33175

# found=2

# cleaned=2

# scan_time=2709

C:\Documents and Settings\All Users\Documents\Server\hlp.dat Win32/Bamital.EQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\ddwyer\Application Data\Sun\Java\Deployment\cache\6.0\60\2928effc-5af1959d a variant of Java/TrojanDownloader.OpenStream.NAU trojan (deleted - quarantined) 00000000000000000000000000000000 C

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=073ecb0a9e042c4490c916ca38280f0c

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-11-09 09:12:12

# local_time=2010-11-09 04:12:12 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=122864

# found=4

# cleaned=4

# scan_time=1526

C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir Win32/Bamital.EQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir Win32/Bamital.EQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP6\A0004862.exe Win32/Bamital.EQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP6\A0004863.exe Win32/Bamital.EQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

*********************Here is the malwarebytes scan***************************

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5084

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

11/9/2010 2:43:11 PM

mbam-log-2010-11-09 (14-43-11).txt

Scan type: Quick scan

Objects scanned: 209958

Time elapsed: 11 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\explorer.ex_ (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

C:\winlogon.ex_ (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

[kahdah]

Great how are things running now?

Open OTL and click on Run scan at the top and post the OTL log that opens.

Let me know of any remaining issues.

[Crumbum95]

OTL logfile created on: 11/9/2010 5:05:49 PM - Run 2

OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\ddwyer\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 113.70 Gb Total Space | 77.98 Gb Free Space | 68.58% Space Free | Partition Type: NTFS

Computer Name: T400S | User Name: ddwyer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\ddwyer\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe (Bradford Networks)

PRC - C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe (Bradford Networks)

PRC - C:\WINDOWS\system32\rpcnet.exe (Absolute Software Corp.)

PRC - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)

PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()

PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )

PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )

PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )

PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)

PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo)

PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)

PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

PRC - C:\Program Files\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)

PRC - C:\Program Files\Novell\ZENworks\WM.EXE (Novell, Inc.)

PRC - C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE (Novell, Inc.)

PRC - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)

PRC - C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)

PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\ddwyer\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (BNPagent) -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe (Bradford Networks)

SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\WINDOWS\system32\rpcnet.exe (Absolute Software Corp.)

SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)

SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()

SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )

SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )

SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)

SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

SRV - (Lenovo.micmute) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)

SRV - (TSSCoreService) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo)

SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

SRV - (UNS) Intel® -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel® -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)

SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)

SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)

SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)

SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)

SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)

SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)

SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)

SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

SRV - (NALNTSERVICE) -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)

SRV - (ZFDWM) -- C:\Program Files\Novell\ZENworks\WM.EXE (Novell, Inc.)

SRV - (Remote Management Agent) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)

SRV - (XTAgent) -- C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101108.002\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101108.002\NAVENG.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (DozeHDD) -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys (Lenovo.)

DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)

DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()

DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)

DRV - (5U877) -- C:\WINDOWS\system32\drivers\5U877.sys (Ricoh co.,Ltd.)

DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)

DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)

DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)

DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)

DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.)

DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)

DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)

DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)

DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)

DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)

DRV - (NWFILTER) -- C:\WINDOWS\system32\NetWare\nwfilter.sys (Novell, Inc.)

DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)

DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys (Novell, Inc.)

DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (Lenovo Group Limited)

DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys (Novell, Inc.)

DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation)

DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)

DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)

DRV - (NICM) -- C:\WINDOWS\system32\drivers\nicm.sys (Novell, Inc.)

DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)

DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)

DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)

DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)

DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)

DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)

DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)

DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)

DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)

DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)

DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)

DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)

DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)

DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)

DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys (Novell, Inc.)

DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys (Novell, Inc.)

DRV - (NWSNS) Novell Simple Naming Services (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys (Novell, Inc.)

DRV - (BlankScr) -- C:\WINDOWS\System32\drivers\blankscr.sys (Novell Inc.)

DRV - (Darpan) -- C:\WINDOWS\system32\drivers\Darpan.sys (Novell, Inc.)

DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://r-net.rollins.edu/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://r-net.rollins.edu/"

FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:5.0

FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/04 17:17:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/04 17:17:10 | 000,000,000 | ---D | M]

[2009/12/09 17:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddwyer\Application Data\Mozilla\Extensions

[2010/09/23 18:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddwyer\Application Data\Mozilla\Firefox\Profiles\ts1n7mbu.default\extensions

[2009/12/09 17:46:14 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Documents and Settings\ddwyer\Application Data\Mozilla\Firefox\Profiles\ts1n7mbu.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}

[2010/09/23 18:11:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/07/10 08:04:54 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

[2010/09/14 22:42:09 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2008/09/10 03:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll

O1 HOSTS File: ([2010/11/09 11:12:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()

O3 - HKLM\..\Toolbar: (Lenovo ThinkVantage Toolbox) - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544928.dll (PC-Doctor, Inc.)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [bncsaui.exe] C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe (Bradford Networks)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)

O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 1

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.20.1.10 10.20.1.20

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)

O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()

O24 - Desktop WallPaper: C:\Documents and Settings\ddwyer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\ddwyer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll (Novell, Inc)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/07/21 17:02:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 14:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/11/09 11:11:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/11/05 15:49:37 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ddwyer\Desktop\OTL.exe

[2010/11/04 12:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bradford Networks

[2010/11/04 12:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bradford Networks

[2010/11/04 09:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ddwyer\Application Data\Malwarebytes

[2010/11/04 09:31:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/04 09:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/04 09:31:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/04 09:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/04 08:47:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2010/11/04 08:41:38 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/11/04 08:41:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/11/04 08:41:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/11/04 08:41:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/11/04 08:41:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/11/04 08:41:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/11/04 08:39:06 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/11/02 08:41:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/10/24 12:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive

[2010/10/24 12:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ddwyer\My Documents\Sports Interactive

[2010/10/24 12:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ddwyer\Application Data\Sports Interactive

[2010/10/24 12:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Sports Interactive

[2010/10/24 12:01:18 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll

[2010/10/24 12:01:18 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll

[2010/10/24 12:01:18 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll

[2010/10/24 12:01:18 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll

[2010/10/24 12:01:18 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll

[2010/10/24 12:01:18 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll

[2010/10/24 12:01:18 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll

[2010/10/24 12:01:18 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll

[2010/10/24 12:01:17 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll

[2010/10/24 12:01:17 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll

[2010/10/24 12:01:17 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll

[2010/10/24 12:01:17 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll

[2010/10/24 12:01:17 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll

[2010/10/24 12:01:17 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll

[2010/10/24 12:01:17 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll

[2010/10/24 12:01:17 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll

[2010/10/24 12:01:16 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll

[2010/10/24 12:01:16 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll

[2010/10/24 12:01:16 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll

[2010/10/24 12:01:16 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll

[2010/10/24 12:01:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll

[2010/10/24 12:01:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll

[2010/10/24 12:01:16 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll

[2010/10/24 12:01:16 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll

[2010/10/24 12:01:15 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll

[2010/10/24 12:01:15 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll

[2010/10/24 12:01:15 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll

[2010/10/24 12:01:15 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll

[2010/10/24 12:01:15 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll

[2010/10/24 12:01:15 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll

[2010/10/24 12:01:15 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll

[2010/10/24 12:01:15 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll

[2010/10/24 12:01:14 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll

[2010/10/24 12:01:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs

[2010/10/24 10:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\Steam

[2010/10/13 17:39:12 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll

[2010/10/13 17:39:12 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll

[2010/10/13 17:39:12 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll

[2010/10/13 17:39:09 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/09 16:55:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

[2010/11/09 16:52:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/09 14:48:25 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/09 14:45:28 | 000,000,418 | RHS- | M] () -- C:\Documents and Settings\ddwyer\ntuser.pol

[2010/11/09 14:44:48 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe

[2010/11/09 14:44:46 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll

[2010/11/09 14:44:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/09 14:44:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/09 12:57:25 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini

[2010/11/09 11:17:46 | 000,513,118 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/09 11:17:46 | 000,097,652 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/11/09 11:12:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/11/09 10:56:29 | 003,906,043 | R--- | M] () -- C:\Documents and Settings\ddwyer\Desktop\ComboFix.exe

[2010/11/08 15:28:01 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\SystemLook.exe

[2010/11/08 13:53:13 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2010/11/08 11:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job

[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe

[2010/11/07 23:00:00 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job

[2010/11/05 15:54:01 | 000,295,424 | ---- | M] () -- C:\2o8u8sf4.exe

[2010/11/05 15:49:40 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ddwyer\Desktop\OTL.exe

[2010/11/05 07:26:52 | 000,628,736 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\dds.scr

[2010/11/05 07:25:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ddwyer\defogger_reenable

[2010/11/04 15:32:58 | 000,295,424 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\etudbnek.exe

[2010/11/04 14:01:29 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll

[2010/11/04 09:31:41 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/04 08:56:52 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2010/11/02 08:41:36 | 000,001,886 | ---- | M] () -- C:\Documents and Settings\ddwyer\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus 2010.lnk

[2010/11/02 08:14:18 | 003,243,760 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\Schneider.pdf

[2010/10/31 21:13:08 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/10/30 10:55:02 | 000,019,407 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\Power rankings.docx

[2010/10/30 09:58:07 | 000,080,057 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\Cisco_Project.xlsx

[2010/10/30 09:51:53 | 000,000,165 | -H-- | M] () -- C:\Documents and Settings\ddwyer\Desktop\~$Cisco_Project.xlsx

[2010/10/28 09:07:13 | 000,011,286 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\Markean.xlsx

[2010/10/27 16:30:16 | 000,017,040 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\Ben and Jerry's.docx

[2010/10/24 10:46:05 | 000,000,215 | -H-- | M] () -- C:\Documents and Settings\ddwyer\Desktop\Football Manager 2010.url

[2010/10/24 10:45:02 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk

[2010/10/20 17:38:41 | 000,158,138 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\DRE.xlsx

[2010/10/20 12:07:56 | 000,040,960 | R--- | M] () -- C:\Documents and Settings\ddwyer\Desktop\MidTermExam.xlsx

[2010/10/17 18:49:11 | 000,068,953 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\Audit.docx

[2010/10/14 22:58:08 | 000,330,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/14 20:10:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/10/12 17:39:09 | 000,022,195 | ---- | M] () -- C:\Documents and Settings\ddwyer\Desktop\DwyerPMBA43.docx

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/09 10:56:47 | 003,906,043 | R--- | C] () -- C:\Documents and Settings\ddwyer\Desktop\ComboFix.exe

[2010/11/08 15:28:00 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\SystemLook.exe

[2010/11/05 15:54:04 | 000,295,424 | ---- | C] () -- C:\2o8u8sf4.exe

[2010/11/05 07:26:52 | 000,628,736 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\dds.scr

[2010/11/05 07:25:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ddwyer\defogger_reenable

[2010/11/04 15:32:55 | 000,295,424 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\etudbnek.exe

[2010/11/04 09:31:41 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/04 08:41:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/11/04 08:41:39 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2010/11/04 08:41:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/11/04 08:41:10 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/11/04 08:41:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/11/04 08:41:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/11/04 08:41:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/11/02 08:41:36 | 000,001,886 | ---- | C] () -- C:\Documents and Settings\ddwyer\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus 2010.lnk

[2010/11/02 08:14:18 | 003,243,760 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\Schneider.pdf

[2010/10/30 09:51:53 | 000,000,165 | -H-- | C] () -- C:\Documents and Settings\ddwyer\Desktop\~$Cisco_Project.xlsx

[2010/10/29 08:53:39 | 000,019,407 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\Power rankings.docx

[2010/10/28 09:07:13 | 000,011,286 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\Markean.xlsx

[2010/10/27 16:30:15 | 000,017,040 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\Ben and Jerry's.docx

[2010/10/25 10:57:56 | 000,080,057 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\Cisco_Project.xlsx

[2010/10/24 10:46:05 | 000,000,215 | -H-- | C] () -- C:\Documents and Settings\ddwyer\Desktop\Football Manager 2010.url

[2010/10/24 10:42:28 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk

[2010/10/20 17:38:41 | 000,158,138 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\DRE.xlsx

[2010/10/20 12:07:55 | 000,040,960 | R--- | C] () -- C:\Documents and Settings\ddwyer\Desktop\MidTermExam.xlsx

[2010/10/17 18:49:11 | 000,068,953 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\Audit.docx

[2010/10/12 17:39:09 | 000,022,195 | ---- | C] () -- C:\Documents and Settings\ddwyer\Desktop\DwyerPMBA43.docx

[2010/01/12 10:33:02 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\afl.log

[2010/01/12 10:14:17 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll

[2009/12/04 09:45:32 | 000,262,227 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll

[2009/12/04 09:45:31 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll

[2009/12/04 09:45:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll

[2009/12/04 09:45:12 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini

[2009/12/04 09:45:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll

[2009/12/04 09:45:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll

[2009/12/04 09:45:03 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll

[2009/08/14 11:47:34 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/06/29 08:44:59 | 000,000,184 | ---- | C] () -- C:\WINDOWS\hpbafd.ini

[2009/06/29 08:44:45 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll

[2009/06/29 08:44:44 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll

[2009/06/23 19:03:44 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll

[2009/06/23 18:58:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll

[2009/06/23 12:26:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

[2009/06/19 16:29:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/06/19 16:18:36 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2009/06/19 16:18:04 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS

[2009/06/19 16:15:29 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2009/06/19 16:15:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/06/19 16:13:49 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2009/06/19 16:13:49 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2009/06/19 16:13:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2009/06/19 16:13:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2009/06/19 16:13:49 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2009/06/19 16:13:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2009/06/19 16:07:33 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS

[2008/07/22 10:22:09 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/07/21 09:55:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2004/03/16 16:09:12 | 000,454,761 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-1_31.dll

[2004/03/16 16:08:26 | 000,467,052 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-gd-1_31.dll

[2002/05/03 09:10:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

[2002/04/17 16:21:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL

[2002/04/16 09:14:42 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL

[2002/04/16 09:14:00 | 001,683,456 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13n.dll

[2002/04/16 09:14:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[1999/08/07 01:05:16 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL

< End of report >

I haven't noticed any other issues. Is there anything else I should run?

[kahdah]

Nope just cleanup what we used.

=======Cleanup=======

• Click START then RUN
  
• Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.
  

======Next======

• Double click on OTL to run it.
  
• Click on the Cleanup button at the top.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  
• This will remove itself and other tools we may have used.
  

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  
• Scroll down to where it says "(JRE) then click on it
  
• Click the "Download" button to the right.
  
• Select your Platform: "Windows".
  
• Select your Language: "Multi-language".
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• Click Continue and the page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
  

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

[Crumbum95]

Thanks for all your help. My machine is back up and running!

Thanks again!

[kahdah]

You are welcome safe surfing

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.