Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by a Rootkit zeroaccess - Windows 7.


  • This topic is locked This topic is locked
22 replies to this topic

#1 hunkie

hunkie

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 06 November 2011 - 05:25 PM

Hi,

I worked previously with etavares who fixed the same issue on my laptop running in Windows XP. I was infected with the same virus when I used this spare laptop running on windows 7. These machines are not mine, they are given by my company. I was infected by an application I installed for my iphone from a crack site. Weeks have laps since I was first infected, so I did not remember the application I installed on my first machine when I was infected. Anyway, My worry is that this disables the SOPHOS antivirus on this machine which means who ever use this spare again will be prone to infections.

Hi Etavares,

Fortunately this laptop is still sitting on our IT's desk. So I borrowed it for a moment. I have run the following for you to check:

* run dds
* run gmer

Attached Files



BC AdBot (Login to Remove)

 


#2 hunkie

hunkie
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 06 November 2011 - 05:40 PM

By the way I tried running the junction.exe scripts from run, it will open abruptly then close again.

#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 07 November 2011 - 06:20 AM

Hello, hunkie.





Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578







Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1


I'm not seeing anything active, but it does appear you don't have permission to run the antivirus. Let's try Junction one more time as it scans everything. If this doesn't work, we'll target your a/v directly to restore permission.

Please delete your copy of junction.exe (likely in C:\windows\junction.exe) and download a new copy.

We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).
* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.



Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 3

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • It gives you the option to add the latest Avast definitions and recommends you do so. Ignore it and click No as it may crash your system or hang up and we don't need that info.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Note: aswMBR will save MBR.dat to your desktop. Do NOT delete it until I tell you your computer is clean. It is a backup of your MBR that we may need later.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 hunkie

hunkie
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 07 November 2011 - 04:40 PM

Hi etavares,

I appreciate your quick feedback on this. Thanks for the warning on the registry cleaner. This machine was lend to me and the application is already installed maybe by the previous owner. But appreciate your advise as I previously used this before. For the trusted site. Maybe the previous owner made our internal homepage as trusted site, but never thought it could be exploited by hackers. I had removed this.

Step 1 - junction

Still, as I've mention before, I could not run this on this WIN7 machine. Not sure why. It will just be open less than a second then close.

Step 2

Here is the log from the malwarebyytes log:

================================================
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8108

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11/8/2011 2:29:57 AM
mbam-log-2011-11-08 (02-29-57).txt

Scan type: Quick scan
Objects scanned: 299545
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

================================================

Step 3:

Here is the log of aswMBR:

================================================
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-08 02:43:42
-----------------------------
02:43:42.765 OS Version: Windows 6.1.7601 Service Pack 1
02:43:42.766 Number of processors: 4 586 0x2502
02:43:42.767 ComputerName: XXX-01DG-8440P UserName: jcarbonilla
02:43:57.226 Initialize success
02:44:17.727 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:44:17.731 Disk 0 Vendor: ST932042 0006 Size: 305245MB BusType: 3
02:44:17.748 Disk 0 MBR read successfully
02:44:17.752 Disk 0 MBR scan
02:44:17.756 Disk 0 Windows 7 default MBR code
02:44:17.762 Disk 0 scanning sectors +625117184
02:44:17.848 Disk 0 scanning C:\Windows\system32\drivers
02:44:25.559 Service scanning
02:44:26.724 Modules scanning
02:44:36.740 Disk 0 trace - called modules:
02:44:36.754 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys iaStor.sys
02:44:36.757 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87819030]
02:44:36.761 3 CLASSPNP.SYS[8c19b59e] -> nt!IofCallDriver -> [0x87818808]
02:44:36.765 5 hpdskflt.sys[8c21a0be] -> nt!IofCallDriver -> [0x86d41868]
02:44:37.095 7 ACPI.sys[8ba8a3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86d51028]
02:44:37.106 Scan finished successfully
02:44:50.909 Disk 0 MBR has been saved successfully to "C:\Users\jcarbonilla\Desktop\MBR.dat"
02:44:50.914 The log file has been saved successfully to "C:\Users\jcarbonilla\Desktop\aswMBR.txt"

================================================

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 08 November 2011 - 06:03 AM

Hello, hunkie.


Step 1

Download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

If you have a 64-bit system, please download the 64 bit version from here:
SystemLook (64-bit)

  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File":
    :dir
    C:\Program Files\Sophos\ /s
    
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 hunkie

hunkie
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 08 November 2011 - 10:41 AM

Hi,

Here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 23:39 on 08/11/2011 by jcarbonilla
Administrator - Elevation successful

========== dir ==========

C:\Program Files\Sophos - Parameters: "/s"

---Files---
None found.

C:\Program Files\Sophos\AutoUpdate d------ [14:36 12/10/2011]
--a---- 232472 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ALMon.exe --a---- 494616 bytes [19:36 06/05/2011] [19:36 06/05/2011]
almon.exe.manifest --a---- 1027 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ALsvc.exe --a---- 232472 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ALUpdate.exe --a---- 744472 bytes [21:23 27/07/2011] [21:23 27/07/2011]
AUAdapter.dll --a---- 453656 bytes [19:36 06/05/2011] [19:36 06/05/2011]
boost_date_time-vc71-mt-1_32.dll --a---- 52248 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ChannelUpdater.dll --a---- 183320 bytes [19:36 06/05/2011] [19:36 06/05/2011]
cidsync.dll --a---- 183320 bytes [19:36 06/05/2011] [19:36 06/05/2011]
config.dll --a---- 109592 bytes [19:36 06/05/2011] [19:36 06/05/2011]
crypto.dll --a---- 30744 bytes [19:36 06/05/2011] [19:36 06/05/2011]
EECustomActions.dll --a---- 159744 bytes [19:36 06/05/2011] [19:36 06/05/2011]
iconfig.ppi --a---- 110592 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ilog.ppi --a---- 102400 bytes [19:36 06/05/2011] [19:36 06/05/2011]
inetconn.dll --a---- 142360 bytes [19:36 06/05/2011] [19:36 06/05/2011]
InstlMgr.dll --a---- 97304 bytes [19:36 06/05/2011] [19:36 06/05/2011]
isched.ppi --a---- 73728 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ispsheet.dll --a---- 76824 bytes [19:36 06/05/2011] [19:36 06/05/2011]
libcurl.dll --a---- 244760 bytes [19:36 06/05/2011] [19:36 06/05/2011]
libeay32.dll --a---- 752664 bytes [19:36 06/05/2011] [19:36 06/05/2011]
license_agreements.txt --a---- 12592 bytes [19:36 06/05/2011] [19:36 06/05/2011]
Logger.dll --a---- 191512 bytes [19:36 06/05/2011] [19:36 06/05/2011]
MFC71.dll --a---- 1060864 bytes [19:36 06/05/2011] [19:36 06/05/2011]
msvcp71.dll --a---- 503808 bytes [19:36 06/05/2011] [19:36 06/05/2011]
msvcr71.dll --a---- 348160 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ps.crl --a---- 2089 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ps_rootca.crt --a---- 1306 bytes [12:31 14/03/2011] [12:31 14/03/2011]
retailer.dll --a---- 318488 bytes [19:36 06/05/2011] [19:36 06/05/2011]
SAUConfigDLL.dll --a---- 310296 bytes [19:36 06/05/2011] [19:36 06/05/2011]
scf.dat --a---- 3022 bytes [21:23 27/07/2011] [21:23 27/07/2011]
SingleGUIPlugin.dll --a---- 203800 bytes [19:36 06/05/2011] [19:36 06/05/2011]
swlocale.dll --a---- 27160 bytes [19:36 06/05/2011] [19:36 06/05/2011]
xmlcpp.dll --a---- 125976 bytes [19:36 06/05/2011] [19:36 06/05/2011]
xmlparse.dll --a---- 48152 bytes [19:36 06/05/2011] [19:36 06/05/2011]
xmltok.dll --a---- 48152 bytes [19:36 06/05/2011] [19:36 06/05/2011]

C:\Program Files\Sophos\AutoUpdate\de d------ [19:02 07/11/2011]
alhelp.chm --a---- 134739 bytes [21:23 27/07/2011] [21:23 27/07/2011]
almonres.dll --a---- 21528 bytes [19:36 06/05/2011] [19:36 06/05/2011]
iconfres.dll --a---- 14360 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ilogres.dll --a---- 11800 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ischdres.dll --a---- 10776 bytes [19:36 06/05/2011] [19:36 06/05/2011]
sharedres.dll --a---- 31256 bytes [19:36 06/05/2011] [19:36 06/05/2011]

C:\Program Files\Sophos\AutoUpdate\en d------ [19:02 07/11/2011]
alhelp.chm --a---- 155511 bytes [21:23 27/07/2011] [21:23 27/07/2011]
almonres.dll --a---- 21016 bytes [19:36 06/05/2011] [19:36 06/05/2011]
iconfres.dll --a---- 13848 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ilogres.dll --a---- 11800 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ischdres.dll --a---- 10776 bytes [19:36 06/05/2011] [19:36 06/05/2011]
sharedres.dll --a---- 27672 bytes [19:36 06/05/2011] [19:36 06/05/2011]

C:\Program Files\Sophos\AutoUpdate\es d------ [19:02 07/11/2011]
alhelp.chm --a---- 210611 bytes [21:23 27/07/2011] [21:23 27/07/2011]
almonres.dll --a---- 21528 bytes [19:36 06/05/2011] [19:36 06/05/2011]
iconfres.dll --a---- 14360 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ilogres.dll --a---- 11800 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ischdres.dll --a---- 10776 bytes [19:36 06/05/2011] [19:36 06/05/2011]
sharedres.dll --a---- 29720 bytes [19:36 06/05/2011] [19:36 06/05/2011]

C:\Program Files\Sophos\AutoUpdate\fr d------ [19:02 07/11/2011]
alhelp.chm --a---- 164783 bytes [21:23 27/07/2011] [21:23 27/07/2011]
almonres.dll --a---- 23064 bytes [19:36 06/05/2011] [19:36 06/05/2011]
iconfres.dll --a---- 14360 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ilogres.dll --a---- 12312 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ischdres.dll --a---- 10776 bytes [19:36 06/05/2011] [19:36 06/05/2011]
sharedres.dll --a---- 31768 bytes [19:36 06/05/2011] [19:36 06/05/2011]

C:\Program Files\Sophos\AutoUpdate\it d------ [19:02 07/11/2011]
alhelp.chm --a---- 95533 bytes [21:23 27/07/2011] [21:23 27/07/2011]
ALMonres.dll --a---- 22552 bytes [19:36 06/05/2011] [19:36 06/05/2011]
iconfres.dll --a---- 14360 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ilogres.dll --a---- 12312 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ischdres.dll --a---- 11288 bytes [19:36 06/05/2011] [19:36 06/05/2011]
sharedres.dll --a---- 30744 bytes [19:36 06/05/2011] [19:36 06/05/2011]

C:\Program Files\Sophos\AutoUpdate\ja d------ [19:02 07/11/2011]
alhelp.chm --a---- 124789 bytes [21:23 27/07/2011] [21:23 27/07/2011]
almonres.dll --a---- 18456 bytes [19:36 06/05/2011] [19:36 06/05/2011]
iconfres.dll --a---- 13336 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ilogres.dll --a---- 11800 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ischdres.dll --a---- 10776 bytes [19:36 06/05/2011] [19:36 06/05/2011]
sharedres.dll --a---- 27672 bytes [19:36 06/05/2011] [19:36 06/05/2011]

C:\Program Files\Sophos\AutoUpdate\zh_cn d------ [19:02 07/11/2011]
alhelp.chm --a---- 200083 bytes [21:23 27/07/2011] [21:23 27/07/2011]
ALMonres.dll --a---- 16920 bytes [19:36 06/05/2011] [19:36 06/05/2011]
iconfres.dll --a---- 13336 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ilogres.dll --a---- 11288 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ischdres.dll --a---- 10776 bytes [19:36 06/05/2011] [19:36 06/05/2011]
sharedres.dll --a---- 27672 bytes [19:36 06/05/2011] [19:36 06/05/2011]

C:\Program Files\Sophos\AutoUpdate\zh_tw d------ [19:02 07/11/2011]
alhelp.chm --a---- 165327 bytes [21:23 27/07/2011] [21:23 27/07/2011]
ALMonres.dll --a---- 16920 bytes [19:36 06/05/2011] [19:36 06/05/2011]
iconfres.dll --a---- 13336 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ilogres.dll --a---- 11288 bytes [19:36 06/05/2011] [19:36 06/05/2011]
ischdres.dll --a---- 10776 bytes [19:36 06/05/2011] [19:36 06/05/2011]
sharedres.dll --a---- 27672 bytes [19:36 06/05/2011] [19:36 06/05/2011]

C:\Program Files\Sophos\Remote Management System d------ [18:33 19/07/2011]
--a---- 282624 bytes [14:41 12/10/2011] [14:41 12/10/2011]
ace.dll --a---- 1048576 bytes [19:04 07/11/2011] [19:04 07/11/2011]
acetao-license.txt --a---- 5898 bytes [19:02 07/11/2011] [19:02 07/11/2011]
ACE_SSL.dll --a---- 56832 bytes [19:03 07/11/2011] [19:03 07/11/2011]
AutoUpdateAgentNT.exe --a---- 23040 bytes [19:04 07/11/2011] [19:04 07/11/2011]
cac.pem --a---- 1131 bytes [18:33 19/07/2011] [19:29 01/06/2011]
CertificationClientLibrary.dll --a---- 77824 bytes [19:06 07/11/2011] [19:06 07/11/2011]
CertificationLib.dll --a---- 90112 bytes [19:03 07/11/2011] [19:03 07/11/2011]
ClientMRInit-20110725-210041.log --a---- 1462 bytes [21:00 25/07/2011] [21:00 25/07/2011]
ClientMRInit.exe --a---- 102400 bytes [19:04 07/11/2011] [19:04 07/11/2011]
EmErr.dll --a---- 65536 bytes [19:02 07/11/2011] [19:02 07/11/2011]
EMLibUpdateAgentNT.exe --a---- 364544 bytes [19:06 07/11/2011] [19:06 07/11/2011]
EMTrace.dll --a---- 86016 bytes [19:03 07/11/2011] [19:03 07/11/2011]
libeay32.dll --a---- 753664 bytes [19:06 07/11/2011] [19:06 07/11/2011]
ManagementAgentNT.exe --a---- 282624 bytes [19:04 07/11/2011] [19:04 07/11/2011]
mrinit.conf --a---- 491 bytes [18:33 19/07/2011] [19:29 01/06/2011]
MSClientLib.dll --a---- 544768 bytes [19:05 07/11/2011] [19:05 07/11/2011]
msvcp71.dll --a---- 499712 bytes [19:04 07/11/2011] [19:04 07/11/2011]
msvcr71.dll --a---- 348160 bytes [19:04 07/11/2011] [19:04 07/11/2011]
openssl-license.txt --a---- 6406 bytes [19:05 07/11/2011] [19:05 07/11/2011]
RouterNT.exe --a---- 806912 bytes [19:05 07/11/2011] [19:05 07/11/2011]
RtrEvent.dll --a---- 36864 bytes [19:04 07/11/2011] [19:04 07/11/2011]
scf.dat --a---- 2988 bytes [19:03 07/11/2011] [19:03 07/11/2011]
ssleay32.dll --a---- 159744 bytes [19:03 07/11/2011] [19:03 07/11/2011]
svc.conf --a---- 246 bytes [19:03 07/11/2011] [19:03 07/11/2011]
TAO.dll --a---- 1531904 bytes [19:05 07/11/2011] [19:05 07/11/2011]
TAO_DynamicAny.dll --a---- 176128 bytes [19:06 07/11/2011] [19:06 07/11/2011]
TAO_IORInterceptor.dll --a---- 33280 bytes [19:03 07/11/2011] [19:03 07/11/2011]
TAO_ObjRefTemplate.dll --a---- 50176 bytes [19:06 07/11/2011] [19:06 07/11/2011]
TAO_PortableServer.dll --a---- 528384 bytes [19:03 07/11/2011] [19:03 07/11/2011]
TAO_Security.dll --a---- 733184 bytes [19:03 07/11/2011] [19:03 07/11/2011]
TAO_SSLIOP.dll --a---- 237568 bytes [19:05 07/11/2011] [19:05 07/11/2011]
TAO_Valuetype.dll --a---- 32256 bytes [19:06 07/11/2011] [19:06 07/11/2011]

C:\Program Files\Sophos\Sophos Anti-Virus d------ [21:00 25/07/2011]
--a---- 167960 bytes [10:11 12/10/2011] [10:11 12/10/2011]
appc01.vdb --a---- 327813 bytes [21:00 25/07/2011] [21:38 23/10/2011]
AuthorisedLists.dll --a---- 150552 bytes [20:49 25/07/2011] [20:49 25/07/2011]
BackgroundScanClient.exe --a---- 53784 bytes [20:10 25/07/2011] [20:10 25/07/2011]
BackgroundScanning.dll --a---- 71704 bytes [20:57 25/07/2011] [20:57 25/07/2011]
BHOManagement.dll --a---- 207896 bytes [20:28 25/07/2011] [20:28 25/07/2011]
Categories.dll --a---- 15384 bytes [20:06 25/07/2011] [20:06 25/07/2011]
ComponentManager.dll --a---- 89112 bytes [20:39 25/07/2011] [20:39 25/07/2011]
Configuration.dll --a---- 359960 bytes [20:39 25/07/2011] [20:39 25/07/2011]
ConfigureSAV.exe --a---- 143360 bytes [20:42 23/10/2011] [19:26 07/11/2011]
DataControlManagement.dll --a---- 836632 bytes [09:58 12/10/2011] [09:58 12/10/2011]
DataControlPlugin.dll --a---- 305688 bytes [20:37 25/07/2011] [20:37 25/07/2011]
DCManagement.dll --a---- 160280 bytes [09:47 12/10/2011] [09:47 12/10/2011]
DesktopMessaging.dll --a---- 382488 bytes [20:28 25/07/2011] [20:28 25/07/2011]
DetectionFeedback.dll --a---- 614936 bytes [20:41 25/07/2011] [20:41 25/07/2011]
DeviceControlPlugin.dll --a---- 308248 bytes [20:39 25/07/2011] [20:39 25/07/2011]
DriveProcessor.dll --a---- 156696 bytes [20:24 25/07/2011] [20:24 25/07/2011]
EEConsumer.dll --a---- 113688 bytes [20:46 25/07/2011] [20:46 25/07/2011]
FilterProcessors.dll --a---- 256024 bytes [20:53 25/07/2011] [20:53 25/07/2011]
FSDecomposer.dll --a---- 98328 bytes [20:45 25/07/2011] [20:45 25/07/2011]
HIPSConfig-1-0-4.dat --a---- 3092 bytes [21:00 25/07/2011] [19:20 07/11/2011]
HIPSRules-9-7-6.bdl --a---- 9227 bytes [15:38 08/11/2011] [15:38 08/11/2011]
ICAdapter.dll --a---- 149528 bytes [20:57 25/07/2011] [20:57 25/07/2011]
ICManagement.dll --a---- 395800 bytes [20:27 25/07/2011] [20:27 25/07/2011]
ICProcessors.dll --a---- 268824 bytes [20:06 25/07/2011] [20:06 25/07/2011]
LegacyConsumers.dll --a---- 146456 bytes [20:49 25/07/2011] [20:49 25/07/2011]
Localisation.dll --a---- 129560 bytes [20:46 25/07/2011] [20:46 25/07/2011]
Logging.dll --a---- 511000 bytes [20:41 25/07/2011] [20:41 25/07/2011]
osdp.dll --a---- 174104 bytes [21:00 25/07/2011] [09:59 12/10/2011]
Persistance.dll --a---- 100888 bytes [20:52 25/07/2011] [20:52 25/07/2011]
public.pem --a---- 451 bytes [20:26 25/07/2011] [20:26 25/07/2011]
rkdisk.dll --a---- 107760 bytes [21:00 25/07/2011] [07:11 26/08/2011]
sav32cli.exe --a---- 330776 bytes [09:43 12/10/2011] [09:43 12/10/2011]
SavAdapter.dll --a---- 979480 bytes [10:14 12/10/2011] [10:14 12/10/2011]
SAVAdminService.exe --a---- 167960 bytes [10:11 12/10/2011] [20:16 23/10/2011]
SAVCleanupService.exe --a---- 106520 bytes [20:04 25/07/2011] [20:04 25/07/2011]
SAVControl.dll --a---- 116248 bytes [10:07 12/10/2011] [10:07 12/10/2011]
SAVHelpChs.chm --a---- 298780 bytes [10:09 12/10/2011] [10:09 12/10/2011]
SAVHelpCht.chm --a---- 297342 bytes [10:09 12/10/2011] [10:09 12/10/2011]
SAVHelpDeu.chm --a---- 298296 bytes [10:12 12/10/2011] [10:12 12/10/2011]
SavHelpEng.chm --a---- 281256 bytes [09:52 12/10/2011] [09:52 12/10/2011]
SAVHelpEsp.chm --a---- 292312 bytes [10:02 12/10/2011] [10:02 12/10/2011]
SAVHelpFra.chm --a---- 310832 bytes [10:11 12/10/2011] [10:11 12/10/2011]
SAVHelpIt.chm --a---- 303619 bytes [10:15 12/10/2011] [10:15 12/10/2011]
SAVHelpJap.chm --a---- 352158 bytes [10:02 12/10/2011] [10:02 12/10/2011]
SAVI.dll --a---- 1564184 bytes [21:00 25/07/2011] [10:11 12/10/2011]
SavMain.exe --a---- 1482776 bytes [10:00 12/10/2011] [10:00 12/10/2011]
SAVMSCM.DLL --a---- 249880 bytes [20:25 25/07/2011] [20:25 25/07/2011]
SavNeutralRes.dll --a---- 1395224 bytes [20:12 25/07/2011] [20:12 25/07/2011]
savonaccessdriv.inf --a---- 3083 bytes [21:00 25/07/2011] [19:45 07/11/2011]
SavPlugin.dll --a---- 99864 bytes [20:55 25/07/2011] [20:55 25/07/2011]
SavProgress.exe --a---- 337944 bytes [20:57 25/07/2011] [20:57 25/07/2011]
SavProxy.exe --a---- 30232 bytes [21:00 25/07/2011] [19:12 07/11/2011]
SavRes.dll --a---- 593944 bytes [20:29 25/07/2011] [20:29 25/07/2011]
SavResChs.dll --a---- 170008 bytes [20:37 25/07/2011] [20:37 25/07/2011]
SavResCht.dll --a---- 170008 bytes [20:53 25/07/2011] [20:53 25/07/2011]
SavResDeu.dll --a---- 177688 bytes [20:25 25/07/2011] [20:25 25/07/2011]
SavResEng.dll --a---- 170008 bytes [20:49 25/07/2011] [20:49 25/07/2011]
SavResEsp.dll --a---- 177688 bytes [20:26 25/07/2011] [20:26 25/07/2011]
SavResFra.dll --a---- 188440 bytes [20:20 25/07/2011] [20:20 25/07/2011]
SavResIt.dll --a---- 184344 bytes [20:07 25/07/2011] [20:07 25/07/2011]
SavResJap.dll --a---- 170008 bytes [20:07 25/07/2011] [20:07 25/07/2011]
SavService.exe --a---- 99864 bytes [20:53 25/07/2011] [20:53 25/07/2011]
SavShellExt.dll --a---- 207384 bytes [20:26 25/07/2011] [20:26 25/07/2011]
savsync.upd --a---- 16420 bytes [21:00 25/07/2011] [15:30 12/10/2011]
ScanEditExports.dll --a---- 25624 bytes [20:57 25/07/2011] [20:57 25/07/2011]
ScanEditFacade.dll --a---- 204312 bytes [20:37 25/07/2011] [20:37 25/07/2011]
ScanManagement.dll --a---- 270872 bytes [20:48 25/07/2011] [20:48 25/07/2011]
scf.dat --a---- 3190 bytes [10:02 12/10/2011] [10:02 12/10/2011]
sdcdevcon.exe --a---- 56856 bytes [21:00 25/07/2011] [07:09 26/08/2011]
sdcfilter.inf --a---- 2781 bytes [21:00 25/07/2011] [19:49 07/11/2011]
sdcservice.exe --a---- 552472 bytes [21:00 25/07/2011] [10:03 12/10/2011]
Security.dll --a---- 135704 bytes [20:04 25/07/2011] [20:04 25/07/2011]
SIPSManagement.dll --a---- 537624 bytes [09:41 12/10/2011] [09:41 12/10/2011]
skmscan.inf --a---- 1767 bytes [21:00 25/07/2011] [19:30 07/11/2011]
Sophos Anti-Virus.URL --a---- 49 bytes [20:43 25/07/2011] [20:43 25/07/2011]
SophosBHO.dll --a---- 248344 bytes [20:18 25/07/2011] [20:18 25/07/2011]
SophosBHORes.dll --a---- 60440 bytes [20:59 25/07/2011] [20:59 25/07/2011]
SophosBootDriver.inf --a---- 2020 bytes [21:00 25/07/2011] [19:29 07/11/2011]
sophos_detoured.dll --ah--- 238848 bytes [21:00 25/07/2011] [06:37 26/08/2011]
sophos_detoured.dll.stf01 --ah--- 238848 bytes [21:00 25/07/2011] [19:16 07/11/2011]
SophtainerAdapter.dll --a---- 98328 bytes [20:16 25/07/2011] [20:16 25/07/2011]
sophtlib.dll --a---- 397336 bytes [10:19 12/10/2011] [09:52 12/10/2011]
sus01.vdb --a---- 12621 bytes [21:00 25/07/2011] [21:49 23/10/2011]
SWIManagement.dll --a---- 129048 bytes [20:05 25/07/2011] [20:05 25/07/2011]
SystemInformation.dll --a---- 169496 bytes [10:08 12/10/2011] [10:08 12/10/2011]
TamperProtectionControl.dll --a---- 46616 bytes [20:06 25/07/2011] [20:06 25/07/2011]
TamperProtectionManagement.dll --a---- 112664 bytes [20:05 25/07/2011] [20:05 25/07/2011]
TamperProtectionPlugin.dll --a---- 246808 bytes [20:27 25/07/2011] [20:27 25/07/2011]
ThreatDetection.dll --a---- 528408 bytes [20:22 25/07/2011] [20:22 25/07/2011]
ThreatManagement.dll --a---- 696344 bytes [20:56 25/07/2011] [20:56 25/07/2011]
Translators.dll --a---- 210968 bytes [20:42 25/07/2011] [20:42 25/07/2011]
vdl.dat --a---- 1096321 bytes [21:00 25/07/2011] [22:29 23/10/2011]
vdl01.vdb --a---- 392499 bytes [21:00 25/07/2011] [22:02 23/10/2011]
vdl02.vdb --a---- 328958 bytes [21:00 25/07/2011] [22:22 23/10/2011]
vdl03.vdb --a---- 274429 bytes [21:00 25/07/2011] [21:51 23/10/2011]
vdl04.vdb --a---- 243772 bytes [21:00 25/07/2011] [22:26 23/10/2011]
vdl05.vdb --a---- 241517 bytes [21:00 25/07/2011] [21:55 23/10/2011]
vdl06.vdb --a---- 192599 bytes [21:00 25/07/2011] [21:38 23/10/2011]
vdl07.vdb --a---- 169682 bytes [21:00 25/07/2011] [21:33 23/10/2011]
vdl08.vdb --a---- 174875 bytes [21:00 25/07/2011] [22:10 23/10/2011]
vdl09.vdb --a---- 145555 bytes [21:00 25/07/2011] [22:27 23/10/2011]
vdl10.vdb --a---- 161466 bytes [21:00 25/07/2011] [22:00 23/10/2011]
vdl11.vdb --a---- 201988 bytes [21:00 25/07/2011] [21:56 23/10/2011]
vdl12.vdb --a---- 242036 bytes [21:00 25/07/2011] [21:36 23/10/2011]
vdl13.vdb --a---- 252002 bytes [21:00 25/07/2011] [22:08 23/10/2011]
vdl14.vdb --a---- 249049 bytes [21:00 25/07/2011] [22:27 23/10/2011]
vdl15.vdb --a---- 203778 bytes [21:00 25/07/2011] [21:43 23/10/2011]
vdl16.vdb --a---- 314333 bytes [21:00 25/07/2011] [22:27 23/10/2011]
vdl17.vdb --a---- 293460 bytes [21:00 25/07/2011] [21:58 23/10/2011]
vdl18.vdb --a---- 256182 bytes [21:00 25/07/2011] [21:45 23/10/2011]
vdl19.vdb --a---- 262931 bytes [21:00 25/07/2011] [22:15 23/10/2011]
vdl20.vdb --a---- 257286 bytes [21:00 25/07/2011] [22:00 23/10/2011]
vdl21.vdb --a---- 185897 bytes [21:00 25/07/2011] [21:43 23/10/2011]
vdl22.vdb --a---- 320519 bytes [21:00 25/07/2011] [22:27 23/10/2011]
vdl23.vdb --a---- 228244 bytes [21:00 25/07/2011] [22:18 23/10/2011]
vdl24.vdb --a---- 213845 bytes [21:00 25/07/2011] [22:03 23/10/2011]
vdl25.vdb --a---- 202966 bytes [21:00 25/07/2011] [22:10 23/10/2011]
vdl26.vdb --a---- 182538 bytes [21:00 25/07/2011] [22:31 23/10/2011]
vdl27.vdb --a---- 228270 bytes [21:00 25/07/2011] [21:48 23/10/2011]
vdl28.vdb --a---- 260431 bytes [21:00 25/07/2011] [22:16 23/10/2011]
vdl29.vdb --a---- 366887 bytes [21:00 25/07/2011] [22:01 23/10/2011]
vdl30.vdb --a---- 520521 bytes [21:00 25/07/2011] [22:08 23/10/2011]
vdl31.vdb --a---- 665849 bytes [21:00 25/07/2011] [22:26 23/10/2011]
vdl32.vdb --a---- 548680 bytes [21:00 25/07/2011] [21:45 23/10/2011]
vdl33.vdb --a---- 545880 bytes [21:00 25/07/2011] [22:28 23/10/2011]
vdl34.vdb --a---- 495787 bytes [21:00 25/07/2011] [21:51 23/10/2011]
vdl35.vdb --a---- 494873 bytes [21:00 25/07/2011] [22:29 23/10/2011]
vdl36.vdb --a---- 484703 bytes [21:00 25/07/2011] [22:23 23/10/2011]
vdl37.vdb --a---- 447925 bytes [21:00 25/07/2011] [22:06 23/10/2011]
vdl38.vdb --a---- 502298 bytes [21:00 25/07/2011] [21:35 23/10/2011]
vdl39.vdb --a---- 425520 bytes [21:00 25/07/2011] [22:25 23/10/2011]
vdl40.vdb --a---- 975718 bytes [21:00 25/07/2011] [21:39 23/10/2011]
vdl41.vdb --a---- 1194445 bytes [21:00 25/07/2011] [21:57 23/10/2011]
vdl42.vdb --a---- 1766130 bytes [21:00 25/07/2011] [21:41 23/10/2011]
vdl43.vdb --a---- 1108299 bytes [21:00 25/07/2011] [22:17 23/10/2011]
vdl44.vdb --a---- 760262 bytes [21:00 25/07/2011] [22:18 23/10/2011]
vdl45.vdb --a---- 728199 bytes [21:00 25/07/2011] [21:52 23/10/2011]
vdl46.vdb --a---- 605108 bytes [10:19 12/10/2011] [22:32 23/10/2011]
veex.dll --a---- 2465816 bytes [21:00 25/07/2011] [09:56 12/10/2011]
VirusDetection.dll --a---- 635928 bytes [20:26 25/07/2011] [20:26 25/07/2011]
vvf.xml --a---- 130323 bytes [21:00 25/07/2011] [19:27 07/11/2011]
WSCClient.exe --a---- 157960 bytes [20:29 25/07/2011] [20:29 25/07/2011]
xvdl01.vdb --a---- 1592742 bytes [21:00 25/07/2011] [21:35 23/10/2011]
xvdl02.vdb --a---- 1590270 bytes [21:00 25/07/2011] [22:08 23/10/2011]
xvdl03.vdb --a---- 1591797 bytes [21:00 25/07/2011] [22:16 23/10/2011]
xvdl04.vdb --a---- 1590148 bytes [21:00 25/07/2011] [21:45 23/10/2011]
xvdl05.vdb --a---- 1590280 bytes [21:00 25/07/2011] [22:28 23/10/2011]
xvdl06.vdb --a---- 1590886 bytes [21:00 25/07/2011] [21:36 23/10/2011]
xvdl07.vdb --a---- 1590577 bytes [21:00 25/07/2011] [22:24 23/10/2011]
xvdl08.vdb --a---- 1590999 bytes [21:00 25/07/2011] [21:31 23/10/2011]
xvdl09.vdb --a---- 1591426 bytes [21:00 25/07/2011] [22:25 23/10/2011]
xvdl10.vdb --a---- 1591517 bytes [21:00 25/07/2011] [21:50 23/10/2011]
xvdl11.vdb --a---- 1590795 bytes [21:00 25/07/2011] [22:04 23/10/2011]
xvdl12.vdb --a---- 1591732 bytes [21:00 25/07/2011] [22:15 23/10/2011]
xvdl13.vdb --a---- 1590253 bytes [21:00 25/07/2011] [22:21 23/10/2011]
xvdl14.vdb --a---- 1588980 bytes [21:00 25/07/2011] [21:32 23/10/2011]
xvdl15.vdb --a---- 1589326 bytes [21:00 25/07/2011] [22:07 23/10/2011]
xvdl16.vdb --a---- 1538701 bytes [21:00 25/07/2011] [22:11 23/10/2011]
xvdl17.vdb --a---- 1616237 bytes [21:00 25/07/2011] [21:46 23/10/2011]
xvdl18.vdb --a---- 1090709 bytes [21:00 25/07/2011] [22:05 23/10/2011]
xvdl19.vdb --a---- 1679903 bytes [21:00 25/07/2011] [21:49 23/10/2011]
xvdl20.vdb --a---- 1592627 bytes [21:00 25/07/2011] [22:24 23/10/2011]
xvdl21.vdb --a---- 1577758 bytes [21:00 25/07/2011] [22:21 23/10/2011]
xvdl22.vdb --a---- 1947486 bytes [21:00 25/07/2011] [21:53 23/10/2011]
xvdl23.vdb --a---- 1240736 bytes [21:00 25/07/2011] [21:47 23/10/2011]
xvdl24.vdb --a---- 1635726 bytes [21:00 25/07/2011] [22:05 23/10/2011]
xvdl25.vdb --a---- 1479097 bytes [21:00 25/07/2011] [22:13 23/10/2011]
xvdl26.vdb --a---- 1377283 bytes [21:00 25/07/2011] [21:55 23/10/2011]
xvdl27.vdb --a---- 1381105 bytes [01:07 28/07/2011] [21:48 23/10/2011]
xvdl28.vdb --a---- 1485495 bytes [10:19 12/10/2011] [22:00 23/10/2011]
xvdl29.vdb --a---- 1972508 bytes [10:19 12/10/2011] [21:34 23/10/2011]
xvdl30.vdb --a---- 273626 bytes [10:19 12/10/2011] [22:05 23/10/2011]

C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence d------ [21:00 25/07/2011]
scf.dat --a---- 2863 bytes [09:57 12/10/2011] [09:57 12/10/2011]
swi_config.exe --a---- 1351704 bytes [09:48 12/10/2011] [09:48 12/10/2011]
swi_filter_0001.dll --a---- 461848 bytes [20:33 25/07/2011] [20:33 25/07/2011]
swi_lsp.dll --a---- 45592 bytes [20:35 25/07/2011] [20:35 25/07/2011]
swi_lsp_installer.exe --a---- 204824 bytes [20:15 25/07/2011] [20:15 25/07/2011]
swi_lsp_install_wrapper.exe --a---- 85016 bytes [20:08 25/07/2011] [20:08 25/07/2011]
swi_service.exe --a---- 1543704 bytes [09:47 12/10/2011] [09:47 12/10/2011]

-= EOF =-

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 09 November 2011 - 06:21 AM

Hello, hunkie.


Step 1

For x86 bit systems please download GrantPerms.zip and save it to your desktop.
For x64 bit systems please download GrantPerms64.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\AutoUpdate\ALUpdate.exe
C:\Program Files\Sophos\Remote Management System\AutoUpdateAgentNT.exe
C:\Program Files\Sophos\Remote Management System\ClientMRInit.exe
C:\Program Files\Sophos\Remote Management System\EMLibUpdateAgentNT.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\Program Files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe
C:\Program Files\Sophos\Sophos Anti-Virus\ConfigureSAV.exe
C:\Program Files\Sophos\Sophos Anti-Virus\sav32cli.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVCleanupService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavMain.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavProgress.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavProxy.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\sdcdevcon.exe
C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe
C:\Program Files\Sophos\Sophos Anti-Virus\WSCClient.exe
C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_config.exe
C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_lsp_installer.exe
C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_lsp_install_wrapper.exe
C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe


Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 hunkie

hunkie
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 09 November 2011 - 11:20 AM

Thanks etavares for your time again. Here is the log:


GrantPerms by Farbar
Ran by jcarbonilla (administrator) at 2011-11-10 00:18:28

===============================================
\\?\C:\Program Files\Sophos\AutoUpdate\ALMon.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\AutoUpdate\ALUpdate.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Remote Management System\AutoUpdateAgentNT.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Remote Management System\ClientMRInit.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Remote Management System\EMLibUpdateAgentNT.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Remote Management System\RouterNT.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Sophos Anti-Virus\ConfigureSAV.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Sophos Anti-Virus\sav32cli.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Sophos Anti-Virus\SAVCleanupService.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Sophos Anti-Virus\SavMain.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Sophos Anti-Virus\SavProgress.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Sophos Anti-Virus\SavProxy.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\C:\Program Files\Sophos\Sophos Anti-Virus\sdcdevcon.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Sophos Anti-Virus\WSCClient.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_config.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_lsp_installer.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_lsp_install_wrapper.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)

#9 hunkie

hunkie
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 09 November 2011 - 11:58 AM

Hi Etavares,

Upon restarting the laptop, I can see that SOPHOS is now enabled and able to update. Great work. Will wait for your further instructions.

Thanks!

hunkie

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 09 November 2011 - 06:08 PM

Hello, hunkie.


Step 1

We need to create an OTL report,
  • Please download OTL from this link.
  • (If that link doesn't work, try this alternate link
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select "Use Safelist" under "Extra Registry"
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT


  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 hunkie

hunkie
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 09 November 2011 - 06:43 PM

Here it is, thanks again:

OTL Extras logfile created on: 11/10/2011 7:29:22 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jcarbonilla\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.59% Memory free
7.47 Gb Paging File | 6.21 Gb Available in Paging File | 83.17% Paging File free
Paging file location(s): c:\pagefile.sys 4591 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.79 Gb Total Space | 263.57 Gb Free Space | 88.51% Space Free | Partition Type: NTFS
Drive Z: | 85.00 Gb Total Space | 6.28 Gb Free Space | 7.39% Space Free | Partition Type: NTFS

Computer Name: XXX-01DG-8440P | User Name: jcarbonilla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2091216543-2084118436-3301855118-7090\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"8192:TCP:10.70.63.20:enabled:RMS" = 8192:TCP:10.70.63.20:enabled:RMS
"8193:TCP:10.70.63.20:enabled:RMS" = 8193:TCP:10.70.63.20:enabled:RMS
"8194:TCP:10.70.63.20:enabled:RMS" = 8194:TCP:10.70.63.20:enabled:RMS

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22CFB202-3D2D-44E2-BB7C-6F703B99919B}" = pdfforge Toolbar v4.7
"{26A24AE4-039D-4CA4-87B4-2F83216014F0}" = Java™ 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 24
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{748FCC32-0905-4C50-A569-2654C78E6FA0}" = Cisco IP Communicator
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78365FC6-09CA-4AC3-BC01-70FB46596047}" = Validity Fingerprint Driver
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{871732B3-1EE5-4C54-8462-8BFF516880B7}" = HP ESU for Microsoft Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AE2F53E7-290C-47FD-AFE3-A1EE4EE87B42}" = Cisco AnyConnect VPN Client Start Before Login Components
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEB0D85D-25BA-46BC-AA3D-54CE74989D40}" = SysAid Agent
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E84D1C9D-6669-4156-992B-17557D64F1D3}" = Microsoft Office Communicator 2007 R2
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{FC271F2D-5F1C-4366-AD4A-5AFF83BE15F0}" = EEG Anywhere 2.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"Globe Broadband" = Globe Broadband
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"Junction Link Magic_is1" = Junction Link Magic 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MP4 Player" = MP4 Player
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"PROSet" = Intel® Network Connections Drivers
"RealVNC_is1" = VNC Free Edition 4.1.3
"Sun Broadband Wireless" = Sun Broadband Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysAid_is1" = SysAid Agent version 8.0.05
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2091216543-2084118436-3301855118-7090\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

OTL logfile created on: 11/10/2011 7:29:20 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jcarbonilla\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.59% Memory free
7.47 Gb Paging File | 6.21 Gb Available in Paging File | 83.17% Paging File free
Paging file location(s): c:\pagefile.sys 4591 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.79 Gb Total Space | 263.57 Gb Free Space | 88.51% Space Free | Partition Type: NTFS
Drive Z: | 85.00 Gb Total Space | 6.28 Gb Free Space | 7.39% Space Free | Partition Type: NTFS

Computer Name: XXX-01DG-8440P | User Name: jcarbonilla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 07:22:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jcarbonilla\Desktop\OTL.exe
PRC - [2011/11/08 03:05:30 | 000,806,912 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2011/11/08 03:04:13 | 000,282,624 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2011/10/24 04:17:13 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2011/10/24 04:17:05 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe
PRC - [2011/10/24 04:17:00 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011/10/24 04:16:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/10/24 04:16:36 | 000,167,960 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/10/24 04:16:29 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/10/24 04:16:21 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2011/10/24 04:16:12 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2011/10/24 04:16:03 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2011/10/24 04:15:47 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/20 19:48:57 | 000,748,568 | ---- | M] (Sophos Limited) -- \\vmsrv10\SophosUpdate\CIDs\S000\SAVSCFXP\setup.exe
PRC - [2011/10/18 06:59:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/12 17:47:24 | 001,543,704 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011/09/27 21:34:02 | 000,894,304 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/09/27 20:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/07/26 04:53:02 | 000,099,864 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011/06/24 12:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/05/07 03:36:09 | 000,494,616 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2011/05/07 03:36:08 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 20:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010/03/30 09:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/02/18 14:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vcsFPService.exe
PRC - [2010/01/22 17:35:44 | 000,309,304 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2009/11/18 20:19:46 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/11/12 03:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/11/05 05:46:30 | 001,098,264 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PRIVACYICONCLIENT.EXE
PRC - [2009/09/05 01:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/08/26 00:57:44 | 000,186,904 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
PRC - [2009/08/04 04:32:22 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/03/03 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/18 06:59:07 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/15 18:54:12 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/15 18:53:44 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/15 18:53:40 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/15 18:53:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/15 18:53:31 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/15 18:53:10 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/09 07:55:09 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/04 21:52:56 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/03/25 10:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WinDefend)
SRV - File not found [Auto | Stopped] -- -- (STacSV)
SRV - File not found [Auto | Stopped] -- -- (nvsvc)
SRV - [2011/11/08 03:05:30 | 000,806,912 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2011/11/08 03:04:13 | 000,282,624 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2011/10/24 04:17:13 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2011/10/24 04:17:05 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2011/10/24 04:17:00 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011/10/24 04:16:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/10/24 04:16:36 | 000,167,960 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011/10/24 04:16:29 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/10/24 04:16:21 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2011/10/24 04:16:12 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2011/10/24 04:16:03 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011/10/24 04:15:47 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/12 17:47:24 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/09/27 20:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/07/26 04:53:02 | 000,099,864 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/07/26 02:41:42 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Administrator\Downloads\B-Service.exe -- (B-Service)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/19 13:00:34 | 001,086,976 | ---- | M] () [Auto | Stopped] -- C:\Program Files\SysAid\\IliAS.exe -- (SysAidAgent)
SRV - [2011/05/07 03:36:08 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2011/01/19 21:37:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/18 14:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009/08/04 04:32:22 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/14 09:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/03 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/10/12 17:57:32 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2011/07/26 04:32:58 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2011/07/26 04:28:01 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2011/07/26 04:13:50 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011/04/13 01:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/12/04 18:45:00 | 010,370,152 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/20 20:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 20:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 20:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 20:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 20:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 18:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 18:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/18 15:20:48 | 007,122,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel®
DRV - [2010/07/17 04:03:36 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/07/17 04:03:18 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/04/14 14:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/02/26 13:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/01/14 05:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2009/12/18 06:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/12/07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/12/07 19:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/11/18 20:19:46 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/11/12 12:14:30 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/11/06 06:35:22 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2009/10/29 06:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
DRV - [2009/10/27 03:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
DRV - [2009/10/12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/29 03:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
DRV - [2009/09/18 08:04:28 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/09/18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/08/04 04:32:22 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/21 04:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/07/14 07:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 07:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/26 05:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/26 05:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/26 05:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/29 20:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/03/11 00:06:32 | 000,035,692 | ---- | M] (Cisco Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CdpPacket.sys -- (CdpPacket)
DRV - [2007/12/19 01:46:34 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/07/16 11:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2091216543-2084118436-3301855118-7090\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portal.dataroad.com/portal/page?_pageid=35,1&_dad=portal&_schema=PORTAL
IE - HKU\S-1-5-21-2091216543-2084118436-3301855118-7090\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2091216543-2084118436-3301855118-7090\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2091216543-2084118436-3301855118-7090\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2091216543-2084118436-3301855118-7090\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jcarbonilla\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jcarbonilla\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/18 06:59:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/24 05:11:47 | 000,000,000 | ---D | M]

[2011/10/14 20:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jcarbonilla\AppData\Roaming\mozilla\Extensions
[2011/11/07 06:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/08 23:22:46 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/11/07 06:36:44 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2011/10/18 06:59:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/18 06:59:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jcarbonilla\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jcarbonilla\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jcarbonilla\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\jcarbonilla\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/10/24 05:05:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Users\jcarbonilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\jpascual\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2091216543-2084118436-3301855118-7090\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2091216543-2084118436-3301855118-7090\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2091216543-2084118436-3301855118-7090\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O15 - HKLM\..Trusted Domains: srv12m ([]file in Trusted sites)
O15 - HKLM\..Trusted Domains: zanett.com ([ebs] http in Local intranet)
O15 - HKLM\..Trusted Domains: zanett.com ([mysites] http in Local intranet)
O15 - HKLM\..Trusted Domains: zanett.com ([planet] http in Trusted sites)
O15 - HKLM\..Trusted Domains: zanett.com ([planett] http in Local intranet)
O15 - HKU\S-1-5-21-2091216543-2084118436-3301855118-7090\..Trusted Domains: zanett.com ([ebs] http in Local intranet)
O15 - HKU\S-1-5-21-2091216543-2084118436-3301855118-7090\..Trusted Domains: zanett.com ([mysites] http in Local intranet)
O15 - HKU\S-1-5-21-2091216543-2084118436-3301855118-7090\..Trusted Domains: zanett.com ([planett] http in Local intranet)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.zanett.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {EB01EBAB-25F9-4C5B-A704-BB532C6B0A24} http://imanage.dataroad.com/em/console/monitoring/website/txn/lib/OraDHTMLRec.CAB (Oracle Web Transaction Recorder)
O16 - DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} https://vpn.zanett.com/CACHE/sdesktop/install/binaries/instweb.cab (CSD ActiveX Installer)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.99.0.26 10.70.3.8 10.26.1.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zanett.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BAEF255-0E62-41C7-B687-FB3D6AB7E214}: NameServer = 202.126.40.5 222.127.143.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54056187-069B-44D0-BAEC-377F19F62D9A}: DhcpNameServer = 10.99.0.26 10.70.3.8 10.26.1.25
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) -C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/09/07 01:31:25 | 000,000,046 | RHS- | M] () - Z:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 07:22:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jcarbonilla\Desktop\OTL.exe
[2011/11/08 02:42:34 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\jcarbonilla\Desktop\aswMBR.exe
[2011/11/07 06:38:08 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
[2011/11/07 06:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/11/07 06:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2011/11/07 06:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/11/07 05:59:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\jcarbonilla\Desktop\dds.scr
[2011/10/31 01:33:54 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Local\Rekenwonder_Software
[2011/10/31 01:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Rekenwonder Software
[2011/10/31 01:33:07 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Junction Link Magic
[2011/10/31 01:14:59 | 000,000,000 | ---D | C] -- C:\Windows\2901981
[2011/10/24 05:28:30 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Roaming\Malwarebytes
[2011/10/24 05:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/10/24 05:07:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/24 04:17:14 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Local\temp
[2011/10/24 02:09:16 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Roaming\TuneAid
[2011/10/24 01:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\Aimersoft
[2011/10/22 22:55:41 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Local\Yahoo
[2011/10/20 07:40:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/20 07:28:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/20 07:28:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/20 07:28:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/20 07:26:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/20 07:26:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/20 07:08:36 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Roaming\DiskAid
[2011/10/20 07:00:39 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Local\MediaMonkey
[2011/10/20 06:50:45 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Roaming\WindSolutions
[2011/10/20 06:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2011/10/20 03:43:20 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/20 03:01:20 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Local\Google
[2011/10/20 00:11:36 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Roaming\Apple Computer
[2011/10/20 00:11:36 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Local\Apple Computer
[2011/10/20 00:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/20 00:11:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/10/20 00:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/20 00:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/20 00:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/10/20 00:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/20 00:10:22 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Local\Apple
[2011/10/20 00:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/10/20 00:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/20 00:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/10/20 00:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/10/18 23:47:25 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Roaming\SSH
[2011/10/16 06:56:47 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Local\Sophos
[2011/10/16 02:57:51 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Roaming\vlc
[2011/10/16 01:20:35 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Local\Microsoft Help
[2011/10/16 01:15:47 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\Documents\OneNote Notebooks
[2011/10/15 21:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/10/15 21:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/10/15 19:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Globe Broadband
[2011/10/15 19:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Globe Broadband
[2011/10/15 18:57:32 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Local\ElevatedDiagnostics
[2011/10/14 21:33:18 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Roaming\Cisco
[2011/10/14 21:26:10 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Local\Cisco
[2011/10/14 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Roaming\Mozilla
[2011/10/14 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Local\Mozilla
[2011/10/13 04:44:03 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Users\jcarbonilla\Desktop\putty.exe
[2011/10/13 03:53:42 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\Documents\Outlook Files
[2011/10/13 03:47:52 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Local\Adobe
[2011/10/12 22:12:53 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Roaming\Identities
[2011/10/12 22:06:46 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Roaming\Macromedia
[2011/10/12 22:03:44 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Roaming\Adobe
[2011/10/12 22:03:40 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Roaming\Yahoo!
[2011/10/12 22:03:37 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\Tracing
[2011/10/12 22:03:30 | 000,000,000 | R--D | C] -- C:\Users\jcarbonilla\Virtual Machines
[2011/10/12 22:03:30 | 000,000,000 | R--D | C] -- C:\Users\jcarbonilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/10/12 22:03:30 | 000,000,000 | R--D | C] -- C:\Users\jcarbonilla\Searches
[2011/10/12 22:03:30 | 000,000,000 | R--D | C] -- C:\Users\jcarbonilla\Contacts
[2011/10/12 22:03:30 | 000,000,000 | R--D | C] -- C:\Users\jcarbonilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/10/12 22:03:30 | 000,000,000 | -H-D | C] -- C:\Users\jcarbonilla\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/10/12 22:03:16 | 000,000,000 | -HSD | C] -- C:\Users\jcarbonilla\AppData\Local\Temporary Internet Files
[2011/10/12 22:03:16 | 000,000,000 | -HSD | C] -- C:\Users\jcarbonilla\Templates
[2011/10/12 22:03:16 | 000,000,000 | -HSD | C] -- C:\Users\jcarbonilla\Start Menu
[2011/10/12 22:03:16 | 000,000,000 | -HSD | C] -- C:\Users\jcarbonilla\SendTo
[2011/10/12 22:03:16 | 000,000,000 | -HSD | C] -- C:\Users\jcarbonilla\Recent
[2011/10/12 22:03:16 | 000,000,000 | -HSD | C] -- C:\Users\jcarbonilla\PrintHood
[2011/10/12 22:03:16 | 000,000,000 | -HSD | C] -- C:\Users\jcarbonilla\NetHood
[2011/10/12 22:03:16 | 000,000,000 | -HSD | C] -- C:\Users\jcarbonilla\Documents\My Videos
[2011/10/12 22:03:16 | 000,000,000 | -HSD | C] -- C:\Users\jcarbonilla\Documents\My Pictures
[2011/10/12 22:03:16 | 000,000,000 | -HSD | C] -- C:\Users\jcarbonilla\Documents\My Music
[2011/10/12 22:03:16 | 000,000,000 | -HSD | C] -- C:\Users\jcarbonilla\My Documents
[2011/10/12 22:03:16 | 000,000,000 | -HSD | C] -- C:\Users\jcarbonilla\Local Settings
[2011/10/12 22:03:16 | 000,000,000 | -HSD | C] -- C:\Users\jcarbonilla\AppData\Local\History
[2011/10/12 22:03:16 | 000,000,000 | -HSD | C] -- C:\Users\jcarbonilla\Cookies
[2011/10/12 22:03:16 | 000,000,000 | -HSD | C] -- C:\Users\jcarbonilla\Application Data
[2011/10/12 22:03:16 | 000,000,000 | -HSD | C] -- C:\Users\jcarbonilla\AppData\Local\Application Data
[2011/10/12 22:03:15 | 000,000,000 | --SD | C] -- C:\Users\jcarbonilla\AppData\Roaming\Microsoft
[2011/10/12 22:03:15 | 000,000,000 | R--D | C] -- C:\Users\jcarbonilla\Videos
[2011/10/12 22:03:15 | 000,000,000 | R--D | C] -- C:\Users\jcarbonilla\Saved Games
[2011/10/12 22:03:15 | 000,000,000 | R--D | C] -- C:\Users\jcarbonilla\Pictures
[2011/10/12 22:03:15 | 000,000,000 | R--D | C] -- C:\Users\jcarbonilla\Music
[2011/10/12 22:03:15 | 000,000,000 | R--D | C] -- C:\Users\jcarbonilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/10/12 22:03:15 | 000,000,000 | R--D | C] -- C:\Users\jcarbonilla\Links
[2011/10/12 22:03:15 | 000,000,000 | R--D | C] -- C:\Users\jcarbonilla\Favorites
[2011/10/12 22:03:15 | 000,000,000 | R--D | C] -- C:\Users\jcarbonilla\Downloads
[2011/10/12 22:03:15 | 000,000,000 | R--D | C] -- C:\Users\jcarbonilla\Documents
[2011/10/12 22:03:15 | 000,000,000 | R--D | C] -- C:\Users\jcarbonilla\Desktop
[2011/10/12 22:03:15 | 000,000,000 | R--D | C] -- C:\Users\jcarbonilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/10/12 22:03:15 | 000,000,000 | -H-D | C] -- C:\Users\jcarbonilla\AppData
[2011/10/12 22:03:15 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Local\Microsoft
[2011/10/12 22:03:15 | 000,000,000 | ---D | C] -- C:\Users\jcarbonilla\AppData\Roaming\Media Center Programs
[2011/10/12 17:57:24 | 000,123,680 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2011/01/19 06:28:13 | 000,256,560 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2011/01/19 06:28:13 | 000,213,040 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[7 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/10 07:25:58 | 000,021,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 07:25:58 | 000,021,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 07:22:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jcarbonilla\Desktop\OTL.exe
[2011/11/10 07:18:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/10 07:18:17 | 2407,837,696 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/10 00:48:58 | 000,628,674 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/10 00:48:58 | 000,107,948 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/08 23:38:40 | 000,139,264 | ---- | M] () -- C:\Users\jcarbonilla\Desktop\SystemLook.exe
[2011/11/08 05:06:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2091216543-2084118436-3301855118-7090UA.job
[2011/11/08 03:39:52 | 000,030,744 | ---- | M] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2011/11/08 03:06:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2091216543-2084118436-3301855118-7090Core.job
[2011/11/08 02:44:50 | 000,000,512 | ---- | M] () -- C:\Users\jcarbonilla\Desktop\MBR.dat
[2011/11/08 02:42:58 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\jcarbonilla\Desktop\aswMBR.exe
[2011/11/08 01:52:23 | 000,000,921 | ---- | M] () -- C:\Program Files\Program Files - Shortcut.lnk
[2011/11/07 06:07:51 | 000,002,399 | ---- | M] () -- C:\Users\jcarbonilla\Desktop\Google Chrome.lnk
[2011/11/07 06:02:46 | 000,302,592 | ---- | M] () -- C:\Users\jcarbonilla\Desktop\673c5kez.exe
[2011/11/07 05:57:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\jcarbonilla\Desktop\dds.scr
[2011/11/02 17:13:10 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/10/27 05:52:00 | 000,001,272 | ---- | M] () -- C:\Users\jcarbonilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/10/26 07:05:54 | 000,000,600 | ---- | M] () -- C:\Users\jcarbonilla\AppData\Local\PUTTY.RND
[2011/10/26 06:45:55 | 000,002,030 | -H-- | M] () -- C:\Users\jcarbonilla\Documents\Default.rdp
[2011/10/25 03:49:04 | 001,376,246 | ---- | M] () -- C:\Windows\umcat_01.db
[2011/10/24 05:05:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/24 01:45:10 | 000,187,612 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/10/20 00:11:29 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/17 22:39:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/10/16 07:31:22 | 000,410,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/16 07:24:04 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/15 19:04:51 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Globe Broadband.lnk
[2011/10/14 21:55:13 | 000,001,034 | ---- | M] () -- C:\Users\jcarbonilla\Desktop\Run VNC Viewer.lnk
[2011/10/12 22:12:51 | 000,001,111 | ---- | M] () -- C:\Users\jcarbonilla\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/10/12 22:03:40 | 000,001,417 | ---- | M] () -- C:\Users\jcarbonilla\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/12 22:03:18 | 000,002,254 | RHS- | M] () -- C:\Users\jcarbonilla\ntuser.pol
[2011/10/12 17:57:32 | 000,123,680 | ---- | M] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[7 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/08 23:38:39 | 000,139,264 | ---- | C] () -- C:\Users\jcarbonilla\Desktop\SystemLook.exe
[2011/11/08 02:44:50 | 000,000,512 | ---- | C] () -- C:\Users\jcarbonilla\Desktop\MBR.dat
[2011/11/08 01:52:23 | 000,000,921 | ---- | C] () -- C:\Program Files\Program Files - Shortcut.lnk
[2011/11/07 06:02:56 | 000,302,592 | ---- | C] () -- C:\Users\jcarbonilla\Desktop\673c5kez.exe
[2011/11/02 17:13:10 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/10/24 01:45:10 | 000,187,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/10/20 07:28:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/20 07:28:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/20 07:28:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/20 07:28:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/20 07:28:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/20 04:13:54 | 001,376,246 | ---- | C] () -- C:\Windows\umcat_01.db
[2011/10/20 03:43:23 | 000,002,399 | ---- | C] () -- C:\Users\jcarbonilla\Desktop\Google Chrome.lnk
[2011/10/20 03:01:27 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2091216543-2084118436-3301855118-7090UA.job
[2011/10/20 03:01:23 | 000,001,054 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2091216543-2084118436-3301855118-7090Core.job
[2011/10/20 00:11:29 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/20 00:10:20 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/10/17 22:39:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/10/16 07:24:04 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/16 07:24:04 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/16 01:15:49 | 000,001,272 | ---- | C] () -- C:\Users\jcarbonilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/10/15 19:04:51 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Globe Broadband.lnk
[2011/10/14 21:55:13 | 000,001,034 | ---- | C] () -- C:\Users\jcarbonilla\Desktop\Run VNC Viewer.lnk
[2011/10/13 05:08:26 | 000,000,600 | ---- | C] () -- C:\Users\jcarbonilla\AppData\Local\PUTTY.RND
[2011/10/13 04:39:58 | 000,002,030 | -H-- | C] () -- C:\Users\jcarbonilla\Documents\Default.rdp
[2011/10/12 22:12:51 | 000,001,111 | ---- | C] () -- C:\Users\jcarbonilla\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/10/12 22:03:40 | 000,001,417 | ---- | C] () -- C:\Users\jcarbonilla\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/12 22:03:31 | 000,001,423 | ---- | C] () -- C:\Users\jcarbonilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/12 22:03:18 | 000,002,254 | RHS- | C] () -- C:\Users\jcarbonilla\ntuser.pol
[2011/10/12 22:03:15 | 000,000,290 | ---- | C] () -- C:\Users\jcarbonilla\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/10/12 22:03:15 | 000,000,272 | ---- | C] () -- C:\Users\jcarbonilla\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/07/12 11:29:02 | 000,000,889 | ---- | C] () -- C:\Windows\dis51usr.INI
[2011/07/12 10:45:47 | 000,094,720 | ---- | C] () -- C:\Windows\System32\SH30W32.DLL
[2011/07/12 10:45:47 | 000,080,624 | ---- | C] () -- C:\Windows\System32\SH31W32.DLL
[2011/07/12 10:45:46 | 000,254,464 | ---- | C] () -- C:\Windows\System32\MSVCRT2X.DLL
[2011/06/13 07:25:31 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2011/06/13 07:25:30 | 000,684,032 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2011/06/09 07:52:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/16 16:58:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/05/15 14:59:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/14 13:54:42 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/01/19 22:48:40 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2011/01/19 06:47:55 | 000,007,803 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/19 06:37:08 | 000,260,712 | ---- | C] () -- C:\Windows\nViewSetup.exe
[2011/01/19 06:28:13 | 001,765,168 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2011/01/19 06:28:13 | 000,034,480 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2011/01/19 06:28:13 | 000,027,184 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2011/01/19 06:28:13 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011/01/09 06:42:15 | 000,036,044 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2010/02/19 09:43:00 | 000,000,256 | ---- | C] () -- C:\Windows\System32\vcsAPIShared.dll.hpsign
[2009/07/14 12:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:33:53 | 000,410,384 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 10:05:48 | 000,628,674 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 10:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 10:05:48 | 000,107,948 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 10:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 10:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 10:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 07:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/07/16 11:58:10 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

========== LOP Check ==========

[2011/07/20 04:48:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DigitalPersona
[2011/07/19 10:38:25 | 000,000,000 | ---D | M] -- C:\Users\bbrigham\AppData\Roaming\DigitalPersona
[2011/04/26 23:44:05 | 000,000,000 | ---D | M] -- C:\Users\broth\AppData\Roaming\KONICA MINOLTA
[2011/10/14 21:33:18 | 000,000,000 | ---D | M] -- C:\Users\jcarbonilla\AppData\Roaming\Cisco
[2011/10/27 00:45:53 | 000,000,000 | ---D | M] -- C:\Users\jcarbonilla\AppData\Roaming\DiskAid
[2011/10/19 00:42:12 | 000,000,000 | ---D | M] -- C:\Users\jcarbonilla\AppData\Roaming\SSH
[2011/10/24 03:00:22 | 000,000,000 | ---D | M] -- C:\Users\jcarbonilla\AppData\Roaming\TuneAid
[2011/10/27 00:45:35 | 000,000,000 | ---D | M] -- C:\Users\jcarbonilla\AppData\Roaming\WindSolutions
[2011/11/03 11:50:04 | 000,000,000 | ---D | M] -- C:\Users\jpascual\AppData\Roaming\Cisco
[2011/07/20 01:22:05 | 000,000,000 | ---D | M] -- C:\Users\mbalingit\AppData\Roaming\DigitalPersona
[2011/06/21 07:19:06 | 000,000,000 | ---D | M] -- C:\Users\oragd\AppData\Roaming\DigitalPersona
[2011/10/24 04:08:38 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/11 05:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 10:39:00 | 000,383,562 | ---- | M] () -- C:\bootmgr
[2011/01/19 06:28:21 | 000,000,171 | ---- | M] () -- C:\camera.log
[2011/10/24 05:07:01 | 000,020,642 | ---- | M] () -- C:\ComboFix.txt
[2011/05/30 15:09:06 | 000,201,426 | ---- | M] () -- C:\CommunicatorInstall.log
[2009/06/11 05:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/11/10 07:18:17 | 2407,837,696 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/19 06:39:20 | 000,000,186 | ---- | M] () -- C:\hpqlb.log
[2010/09/07 15:39:20 | 000,150,392 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
[2011/11/10 07:18:20 | 519,045,119 | -HS- | M] () -- C:\pagefile.sys
[2011/01/19 06:40:05 | 000,000,187 | ---- | M] () -- C:\setup.log
[2011/10/24 04:44:55 | 000,179,012 | ---- | M] () -- C:\TDSSKiller.2.6.12.0_24.10.2011_04.42.48_log.txt
[7 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/02/13 20:22:00 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\hpzpp4wm.DLL
[2009/07/14 09:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2010/11/20 20:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >
[2011/09/06 10:28:37 | 002,334,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32k.sys

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\* >
[2009/07/14 12:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2011/11/08 01:52:23 | 000,000,921 | ---- | M] () -- C:\Program Files\Program Files - Shortcut.lnk

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/18 06:59:05 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/18 06:59:05 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/18 06:59:05 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/18 06:59:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/18 06:59:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/18 06:59:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\hprotacio\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\hprotacio\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\hprotacio\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\hprotacio\AppData\Local\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.jcarbonilla\InstallInfo\\ShowIconsCommand: "C:\Users\jcarbonilla\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/10/26 16:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.jcarbonilla\InstallInfo\\HideIconsCommand: "C:\Users\jcarbonilla\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/10/26 16:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.jcarbonilla\InstallInfo\\ReinstallCommand: "C:\Users\jcarbonilla\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/10/26 16:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.jcarbonilla\shell\open\command\\: "C:\Users\jcarbonilla\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/10/26 16:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 20:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 20:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 20:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 20:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2010/11/20 20:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/18 06:59:05 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/18 06:59:05 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/18 06:59:05 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/18 06:59:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/18 06:59:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/18 06:59:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\hprotacio\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\hprotacio\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\hprotacio\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\hprotacio\AppData\Local\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.jcarbonilla\InstallInfo\\ShowIconsCommand: "C:\Users\jcarbonilla\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/10/26 16:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.jcarbonilla\InstallInfo\\HideIconsCommand: "C:\Users\jcarbonilla\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/10/26 16:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.jcarbonilla\InstallInfo\\ReinstallCommand: "C:\Users\jcarbonilla\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/10/26 16:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.jcarbonilla\shell\open\command\\: "C:\Users\jcarbonilla\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/10/26 16:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 20:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 20:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 20:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 20:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2010/11/20 20:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

< End of report >

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 09 November 2011 - 08:52 PM

Hello, hunkie.
Please delete your copy of Combofix and download a new one.



Step 1



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 hunkie

hunkie
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 11 November 2011 - 12:56 PM

Hi Etavares,

Here is the log. I'm not part of sophos admin so I wasn't able to disable it. But it appears it is not running. Thanks for your help!

ComboFix 11-11-11.04 - jcarbonilla 11/12/2011 1:35.4.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.2035 [GMT 8:00]
Running from: c:\users\jcarbonilla\Desktop\etavaresCF.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\~wt1E97.tmp
C:\~wtB27.tmp
C:\~wtE204.tmp
C:\~wtE56E.tmp
C:\~wtEF6C.tmp
C:\~wtF527.tmp
C:\~wtF758.tmp
c:\windows\2901981
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 17:41 . 2011-11-11 17:43 -------- d-----w- c:\users\jcarbonilla\AppData\Local\temp
2011-11-11 17:41 . 2011-11-11 17:41 -------- d-----w- c:\users\hprotacio\AppData\Local\temp
2011-11-11 17:41 . 2011-11-11 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-11 17:41 . 2011-11-11 17:41 -------- d-----w- c:\users\oragd\AppData\Local\temp
2011-11-11 17:41 . 2011-11-11 17:41 -------- d-----w- c:\users\mbalingit\AppData\Local\temp
2011-11-11 17:41 . 2011-11-11 17:41 -------- d-----w- c:\users\jgrothe\AppData\Local\temp
2011-11-11 17:41 . 2011-11-11 17:41 -------- d-----w- c:\users\Delete-Me\AppData\Local\temp
2011-11-11 17:41 . 2011-11-11 17:41 -------- d-----w- c:\users\broth\AppData\Local\temp
2011-11-11 17:41 . 2011-11-11 17:41 -------- d-----w- c:\users\bbrigham\AppData\Local\temp
2011-11-11 17:41 . 2011-11-11 17:41 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-06 22:38 . 2010-09-07 07:39 150392 ----a-w- C:\junction.exe
2011-11-06 22:36 . 2011-11-06 22:36 -------- d-----w- c:\program files\pdfforge Toolbar
2011-11-06 22:36 . 2011-11-06 22:36 -------- d-----w- c:\program files\Application Updater
2011-11-06 22:36 . 2011-11-06 22:36 -------- d-----w- c:\program files\Common Files\Spigot
2011-11-02 01:50 . 2011-11-02 01:50 -------- d-----w- c:\users\jpascual
2011-10-30 17:33 . 2011-10-30 17:33 -------- d-----w- c:\users\jcarbonilla\AppData\Local\Rekenwonder_Software
2011-10-30 17:33 . 2011-10-30 17:33 -------- d-----w- c:\program files\Rekenwonder Software
2011-10-25 21:22 . 2006-02-21 11:27 81987 ----a-w- c:\windows\system32\AUCPLMNT.DLL
2011-10-23 21:28 . 2011-10-23 21:28 -------- d-----w- c:\users\jcarbonilla\AppData\Roaming\Malwarebytes
2011-10-23 20:06 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-23 18:09 . 2011-10-23 19:00 -------- d-----w- c:\users\jcarbonilla\AppData\Roaming\TuneAid
2011-10-23 17:16 . 2011-10-23 17:16 -------- d-----w- c:\program files\Aimersoft
2011-10-22 19:48 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACF4057B-AD41-4C83-9579-EC83CB469B96}\mpengine.dll
2011-10-22 14:55 . 2011-10-22 14:55 -------- d-----w- c:\users\jcarbonilla\AppData\Local\Yahoo
2011-10-19 23:08 . 2011-10-26 16:45 -------- d-----w- c:\users\jcarbonilla\AppData\Roaming\DiskAid
2011-10-19 23:00 . 2011-10-23 17:24 -------- d-----w- c:\users\jcarbonilla\AppData\Local\MediaMonkey
2011-10-19 22:50 . 2011-10-26 16:45 -------- d-----w- c:\users\jcarbonilla\AppData\Roaming\WindSolutions
2011-10-19 22:50 . 2011-10-23 19:13 -------- d-----w- c:\programdata\WindSolutions
2011-10-19 19:01 . 2011-10-19 19:43 -------- d-----w- c:\users\jcarbonilla\AppData\Local\Google
2011-10-19 16:11 . 2011-10-19 20:07 -------- d-----w- c:\users\jcarbonilla\AppData\Roaming\Apple Computer
2011-10-19 16:11 . 2011-10-19 16:11 -------- d-----w- c:\users\jcarbonilla\AppData\Local\Apple Computer
2011-10-19 16:11 . 2011-10-19 16:11 -------- dc----w- c:\windows\system32\DRVSTORE
2011-10-19 16:11 . 2009-05-18 05:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-19 16:11 . 2008-04-17 04:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-10-19 16:10 . 2011-10-19 16:10 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-10-19 16:10 . 2011-10-19 16:10 -------- d-----w- c:\program files\iTunes
2011-10-19 16:10 . 2011-10-19 16:10 -------- d-----w- c:\programdata\Apple Computer
2011-10-19 16:10 . 2011-10-19 16:10 -------- d-----w- c:\program files\iPod
2011-10-19 16:10 . 2011-10-19 16:10 -------- d-----w- c:\users\jcarbonilla\AppData\Local\Apple
2011-10-19 16:10 . 2011-10-19 16:10 -------- d-----w- c:\program files\Apple Software Update
2011-10-19 16:09 . 2011-10-23 20:15 -------- d-----w- c:\program files\Bonjour
2011-10-19 16:09 . 2011-10-19 16:10 -------- d-----w- c:\program files\Common Files\Apple
2011-10-19 16:09 . 2011-10-19 16:10 -------- d-----w- c:\programdata\Apple
2011-10-18 15:47 . 2011-10-18 16:42 -------- d-----w- c:\users\jcarbonilla\AppData\Roaming\SSH
2011-10-15 23:24 . 2011-10-17 22:59 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-15 23:24 . 2011-10-17 22:59 713016 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-10-15 22:56 . 2011-10-15 22:56 -------- d-----w- c:\users\jcarbonilla\AppData\Local\Sophos
2011-10-15 18:57 . 2011-10-16 18:25 -------- d-----w- c:\users\jcarbonilla\AppData\Roaming\vlc
2011-10-15 17:20 . 2011-10-15 17:20 -------- d-----w- c:\users\jcarbonilla\AppData\Local\Microsoft Help
2011-10-15 13:49 . 2011-10-15 13:49 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-10-15 11:04 . 2011-10-15 11:05 -------- d-----w- c:\program files\Globe Broadband
2011-10-15 10:57 . 2011-10-23 23:41 -------- d-----w- c:\users\jcarbonilla\AppData\Local\ElevatedDiagnostics
2011-10-15 02:39 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-15 02:39 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-15 02:37 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-15 02:37 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-14 14:22 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-10-14 13:33 . 2011-10-14 13:33 -------- d-----w- c:\users\jcarbonilla\AppData\Roaming\Cisco
2011-10-14 13:26 . 2011-10-14 13:26 -------- d-----w- c:\users\jcarbonilla\AppData\Local\Cisco
2011-10-14 12:53 . 2011-10-14 12:53 -------- d-----w- c:\users\jcarbonilla\AppData\Local\Mozilla
2011-10-12 19:47 . 2011-10-12 19:47 -------- d-----w- c:\users\jcarbonilla\AppData\Local\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-07 19:39 . 2011-07-25 21:00 30744 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-10-12 09:57 . 2011-10-12 09:57 123680 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2011-08-30 15:05 . 2011-08-30 15:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 15:05 . 2011-08-30 15:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 15:05 . 2011-08-30 15:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 15:05 . 2011-08-30 15:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-10-17 22:59 . 2011-10-15 23:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-11-18 495708]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2011-06-03 5150560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-09-27 894304]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-05-06 494616]
.
c:\users\jpascual\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-30 227712]
.
c:\users\jcarbonilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-30 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 795936]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2011-5-15 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-1511\Scripts\Logon\0\0]
"Script"=PushPrinterConnections.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-1511\Scripts\Logon\1\0]
"Script"=sophos_install_script.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-1511\Scripts\Logon\2\0]
"Script"=Install.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-1511\Scripts\Logon\3\0]
"Script"=Final_Install_Sysaid.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-1511\Scripts\Logon\3\1]
"Script"=copy_icon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-1511\Scripts\Logon\4\0]
"Script"=PushPrinterConnections.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-6019\Scripts\Logon\0\0]
"Script"=sophos_install_script.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-6019\Scripts\Logon\1\0]
"Script"=copy_icon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-6019\Scripts\Logon\1\1]
"Script"=Sysaid_Install.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-6019\Scripts\Logon\2\0]
"Script"=Install.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-6908\Scripts\Logon\0\0]
"Script"=PushPrinterConnections.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-6908\Scripts\Logon\1\0]
"Script"=sophos_install_script.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-6908\Scripts\Logon\2\0]
"Script"=Install.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-6908\Scripts\Logon\3\0]
"Script"=Final_Install_Sysaid.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-6908\Scripts\Logon\3\1]
"Script"=copy_icon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-6908\Scripts\Logon\4\0]
"Script"=PushPrinterConnections.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-6951\Scripts\Logon\0\0]
"Script"=sophos_install_script.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-6951\Scripts\Logon\1\0]
"Script"=copy_icon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-6951\Scripts\Logon\1\1]
"Script"=Sysaid_Install.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-6951\Scripts\Logon\2\0]
"Script"=Install.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-7089\Scripts\Logon\0\0]
"Script"=sophos_install_script.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-7089\Scripts\Logon\1\0]
"Script"=copy_icon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-7089\Scripts\Logon\1\1]
"Script"=Sysaid_Install.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-7089\Scripts\Logon\2\0]
"Script"=Install.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-7090\Scripts\Logon\0\0]
"Script"=sophos_install_script.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-7090\Scripts\Logon\1\0]
"Script"=copy_icon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-7090\Scripts\Logon\1\1]
"Script"=Sysaid_Install.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-7090\Scripts\Logon\2\0]
"Script"=Install.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-7697\Scripts\Logon\0\0]
"Script"=sophos_install_script.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-7697\Scripts\Logon\1\0]
"Script"=copy_icon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-7697\Scripts\Logon\1\1]
"Script"=Sysaid_Install.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-7697\Scripts\Logon\2\0]
"Script"=Install.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2091216543-2084118436-3301855118-7697\Scripts\Logon\3\0]
"Script"=PushPrinterConnections.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 B-Service;B-Service;c:\users\Administrator\Downloads\B-Service.exe [2011-07-25 185640]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 45464]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 201168]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-10-28 47616]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-09-28 38912]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2011-07-25 24312]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-19 1343400]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2011-07-25 22536]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2011-10-12 123680]
S1 SKMScan;SKMScan;c:\windows\system32\DRIVERS\skmscan.sys [2011-07-25 31736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-10-23 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\aestsrv.exe [2009-03-03 81920]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-09-27 745880]
S2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\DRIVERS\CdpPacket.sys [2009-03-10 35692]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-10-23 167960]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2011-07-25 99864]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-10-12 1543704]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-23 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 1664304]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-10-23 497856]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2011-10-23 228408]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-11-05 214696]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2007-12-18 44800]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2091216543-2084118436-3301855118-7090Core.job
- c:\users\jcarbonilla\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19 19:01]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2091216543-2084118436-3301855118-7090UA.job
- c:\users\jcarbonilla\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19 19:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://portal.dataroad.com/portal/page?_pageid=35,1&_dad=portal&_schema=PORTAL
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll
Trusted Zone: srv12m
Trusted Zone: zanett.com\planet
TCP: DhcpNameServer = 10.99.0.26 10.70.3.8 10.26.1.25
TCP: Interfaces\{0BAEF255-0E62-41C7-B687-FB3D6AB7E214}: NameServer = 202.126.40.5 222.127.143.5
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.zanett.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {EB01EBAB-25F9-4C5B-A704-BB532C6B0A24} - hxxp://imanage.dataroad.com/em/console/monitoring/website/txn/lib/OraDHTMLRec.CAB
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} - hxxps://vpn.zanett.com/CACHE/sdesktop/install/binaries/instweb.cab
FF - ProfilePath - c:\users\jcarbonilla\AppData\Roaming\Mozilla\Firefox\Profiles\vsa5zfto.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5560)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Sophos\Remote Management System\RouterNT.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2011-11-12 01:46:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-11 17:46
ComboFix2.txt 2011-10-23 21:07
ComboFix3.txt 2011-10-23 20:22
ComboFix4.txt 2011-10-19 23:39
.
Pre-Run: 282,271,375,360 bytes free
Post-Run: 282,463,653,888 bytes free
.
- - End Of File - - 99A7816657BFCBDD1462D10D184E3194

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 AM

Posted 11 November 2011 - 06:07 PM

Hello, hunkie.


Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 29 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 6 Update 14
    Java 6 Update 24
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u29-windows-i586-s.exe to install the newest version. If you downloaded the 64-bit version, make sure to install that as well.




Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (WinDefend)
    SRV - File not found [Auto | Stopped] -- -- (STacSV)
    SRV - File not found [Auto | Stopped] -- -- (nvsvc)
    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
    "DisableMonitoring"=-
    :Commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 3

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 hunkie

hunkie
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 11 November 2011 - 06:42 PM

Hi etavares,

Here is the first log of OTL.

All processes killed
========== OTL ==========
Service WinDefend stopped successfully!
Service WinDefend deleted successfully!
Service STacSV stopped successfully!
Service STacSV deleted successfully!
Service nvsvc stopped successfully!
Service nvsvc deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus\\DisableMonitoring deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->FireFox cache emptied: 12418845 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: bbrigham
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328041 bytes
->Flash cache emptied: 456 bytes

User: broth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328041 bytes
->Java cache emptied: 30703 bytes
->Flash cache emptied: 613 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Delete-Me
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: hprotacio
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: jcarbonilla
->Temp folder emptied: 6292096 bytes
->Temporary Internet Files folder emptied: 1890520 bytes
->Java cache emptied: 50008570 bytes
->FireFox cache emptied: 42666845 bytes
->Google Chrome cache emptied: 6320462 bytes
->Flash cache emptied: 470 bytes

User: jgrothe
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328041 bytes

User: jpascual
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 762953 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 21938408 bytes
->Flash cache emptied: 1929 bytes

User: mbalingit
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328041 bytes

User: oragd
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3684101 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 141.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11122011_073449

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users