Inactive-A Virus or malware

rpicon · 2013/04/12

ComboFix 13-04-12.02 - mdcolliano 04/12/2013 16:49:11.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3036.1891 [GMT -4:00]
Running from: c:\users\mdcolliano\Desktop\ComboFix.exe
AV: AVG Internet Security Network Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security Network Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\michael\GoToAssistDownloadHelper.exe
c:\windows\system32\test
.
.
((((((((((((((((((((((((( Files Created from 2013-03-12 to 2013-04-12 )))))))))))))))))))))))))))))))
.
.
2013-04-12 21:04 . 2013-04-12 21:04 -------- d-----w- c:\users\mdcolliano\AppData\Local\VirtualStore
2013-04-12 20:56 . 2013-04-12 21:05 -------- d-----w- c:\users\mdcolliano\AppData\Local\temp
2013-04-12 20:56 . 2013-04-12 20:56 -------- d-----w- c:\users\pwalsh\AppData\Local\temp
2013-04-12 20:44 . 2013-04-12 20:45 -------- d-----w- c:\users\mdcolliano\AppData\Local\Avg2013
2013-04-11 15:39 . 2013-03-06 22:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-04-11 15:39 . 2013-03-06 22:33 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-04-11 15:39 . 2013-03-06 22:33 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-04-11 15:39 . 2013-03-06 22:33 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-04-11 15:39 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-04-11 15:39 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-11 15:39 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-11 15:39 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-11 15:39 . 2013-03-06 22:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-11 15:38 . 2013-04-11 15:38 -------- d-----w- c:\users\mdcolliano\AppData\Local\Programs
2013-04-11 15:38 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-04-11 15:38 . 2013-04-11 15:38 -------- d-----w- c:\program files\AVAST Software
2013-04-11 15:37 . 2013-04-11 15:38 -------- d-----w- c:\programdata\AVAST Software
2013-04-11 14:00 . 2009-08-20 03:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2013-04-08 14:10 . 2009-08-20 03:50 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2013-04-05 12:33 . 2013-04-05 12:33 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-04-04 15:27 . 2013-04-04 15:27 -------- d-----w- c:\users\mdcolliano\AppData\Roaming\TuneUp Software
2013-04-04 15:06 . 2013-04-12 20:45 -------- d-----w- c:\programdata\MFAData
2013-04-04 15:06 . 2013-04-04 15:06 -------- d-----w- c:\users\mdcolliano\AppData\Local\MFAData
2013-04-04 14:56 . 2013-04-04 14:56 -------- d-----w- c:\users\mdcolliano\AppData\Roaming\Malwarebytes
2013-04-03 14:16 . 2013-04-03 14:16 -------- d-----w- c:\users\mdcolliano\AppData\Local\Mozilla
2013-03-29 00:55 . 2013-03-29 00:55 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-04 18:50 . 2012-10-15 18:37 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-12 04:48 . 2013-03-13 11:27 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 11:27 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-25 20:37 . 2011-03-08 18:15 84352 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-01-25 20:37 . 2011-03-08 18:15 53096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-01-25 20:37 . 2011-03-08 18:15 31592 ----a-w- c:\windows\system32\LMIport.dll
2013-01-25 20:37 . 2011-03-08 18:15 92520 ----a-w- c:\windows\system32\LMIinit.dll
2013-01-23 16:08 . 2012-12-10 13:21 0 ----a-w- c:\users\ga-admin\AppData\Local\WavXMapDrive.bat
2013-01-23 16:04 . 2013-01-23 15:22 0 ----a-w- c:\users\mdcolliano\AppData\Local\WavXMapDrive.bat
2013-01-23 15:24 . 2013-01-23 15:24 0 ----a-w- c:\users\pwalsh\AppData\Local\WavXMapDrive.bat
2013-01-23 12:09 . 2010-03-04 15:52 0 ----a-w- c:\users\michael\AppData\Local\WavXMapDrive.bat
2013-01-23 11:12 . 2013-01-23 11:12 9584 ----a-w- c:\windows\system32\ractrlkeyhook.dll
2012-05-29 17:14 . 2013-01-22 22:10 172416 ----a-w- c:\program files\64res.dll
2013-04-12 11:54 . 2013-04-12 11:54 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtDCpl.exe" [2009-08-26 2691072]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-08-22 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-08-22 174104]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-08-22 151064]
"DBRMTray "= "c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2009-11-12 203776]
"LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-11-29 63048]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-12-18 16:14 642816 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-12-19 10:38 44280 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DBRMTray]
2009-10-18 11:48 7168 ----a-w- c:\dell\DBRM\Reminder\TrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-06-25 02:19 140520 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 aswVmm;aswVmm; [x]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [x]
S2 KaseyaAVService;Kaseya Security Service;c:\program files\Kaseya\ADVNDS86727148827432\KasAVSrv.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWRVRT
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-12 c:\windows\Tasks\SDD_Daily.job
- c:\progra~1\INTERN~1\iexplore.exe [2013-03-29 00:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.113
FF - ProfilePath - c:\users\mdcolliano\AppData\Roaming\Mozilla\Firefox\Profiles\nuig2h3n.default\
FF - ExtSQL: 2013-04-11 11:39; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-ChangeTPMAuth - c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe
SafeBoot-KAADVNDS86727148827432
MSConfigStartUp-PCFixSpeed - c:\program files\PCFixSpeed\PCFixTray.exe
MSConfigStartUp-TelevisionFanatic Browser Plugin Loader - c:\progra~1\TELEVI~2\bar\1.bin\64brmon.exe
MSConfigStartUp-TelevisionFanatic Search Scope Monitor - c:\progra~1\TELEVI~2\bar\1.bin\64srchmn.exe
MSConfigStartUp-USCService - c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(616)
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2013-04-12 17:08:00 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-12 21:08
.
Pre-Run: 79,150,051,328 bytes free
Post-Run: 79,074,951,168 bytes free
.
- - End Of File - - D6B4234BE85CC87A22077F96F4CFF5EF

broni · 2013/04/12

Looks good.

How is computer doing?

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

rpicon · 2013/04/15

# AdwCleaner v2.200 - Logfile created 04/15/2013 at 11:06:00
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : mdcolliano - MICHAELDELCOLLI
# Boot Mode : Normal
# Running from : C:\Users\mdcolliano\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\g5x2m9ln.default\prefs.js

C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\g5x2m9ln.default\user.js ... Deleted !

[OK] File is clean.

File : C:\Users\mdcolliano\AppData\Roaming\Mozilla\Firefox\Profiles\nuig2h3n.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [909 octets] - [15/04/2013 11:06:00]

########## EOF - C:\AdwCleaner[S1].txt - [968 octets] ##########

rpicon · 2013/04/15

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Professional x86
Ran by mdcolliano on Mon 04/15/2013 at 11:11:29.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\drivercure "

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/15/2013 at 11:15:49.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

rpicon · 2013/04/15

OTL logfile created on: 4/15/2013 11:18:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mdcolliano\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 68.24% Memory free
5.93 Gb Paging File | 4.80 Gb Available in Paging File | 81.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.32 Gb Total Space | 72.53 Gb Free Space | 53.99% Space Free | Partition Type: NTFS

Computer Name: MICHAELDELCOLLI | User Name: mdcolliano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/15 11:03:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mdcolliano\Desktop\OTL.exe
PRC - [2013/04/12 07:54:25 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/01/25 16:37:28 | 000,137,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/01/25 16:37:24 | 000,375,144 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/11/29 11:56:52 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/11/29 11:56:52 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/04/11 07:16:56 | 000,229,376 | ---- | M] () -- C:\Program Files\Kaseya\ADVNDS86727148827432\KasAVSrv.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/02 19:26:20 | 000,132,464 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2009/08/26 18:49:00 | 002,691,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe

========== Modules (No Company Name) ==========

MOD - [2013/04/12 07:54:24 | 003,133,336 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

========== Services (SafeList) ==========

SRV - [2013/04/12 07:54:25 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/01/25 16:37:28 | 000,137,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/01/25 16:37:24 | 000,375,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/11/29 11:56:52 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2012/04/11 07:16:56 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\Program Files\Kaseya\ADVNDS86727148827432\KasAVSrv.exe -- (KaseyaAVService)
SRV - [2010/06/02 19:26:20 | 000,132,464 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2010/03/11 17:02:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/08 15:38:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\KAPFA.SYS -- (KAPFA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MDCOLL~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/06 18:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/06 18:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/06 18:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/06 18:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/06 18:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/06 18:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/06 18:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/03/06 18:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/01/25 16:37:44 | 000,084,352 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/11/29 11:56:52 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/11/29 11:56:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 10:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/09/04 13:35:00 | 002,747,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTDVHDA.sys -- (IntcAzAudAddService)
DRV - [2009/06/20 08:34:56 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009/05/11 13:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008/06/04 16:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{B8E7FD63-91DB-4B27-9F06-5FA06B8CAF47}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1156\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1156\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1156\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D 9E 0B DF C1 36 CE 01 [binary data]
IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1156\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1156\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1156\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1156\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/11 11:39:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 07:54:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/04/03 10:16:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mdcolliano\AppData\Roaming\mozilla\Extensions
[2013/04/12 07:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/12 07:54:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/04/04 08:44:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/04 08:44:36 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/04/12 17:04:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1156\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1156\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1156\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://schwab.webex.com/client/T27L10NSP11EP5/training/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.113
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aribaglb.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E4EC44F-D7E7-44EE-9386-96081B51ED83}: DhcpNameServer = 192.168.1.113
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/15 11:11:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/15 11:11:22 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/15 11:03:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mdcolliano\Desktop\OTL.exe
[2013/04/15 11:02:39 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\mdcolliano\Desktop\JRT.exe
[2013/04/12 18:02:19 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\mdcolliano\Desktop\rkill.exe
[2013/04/12 17:04:53 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/04/12 17:04:33 | 000,000,000 | ---D | C] -- C:\Users\mdcolliano\AppData\Local\VirtualStore
[2013/04/12 16:56:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/12 16:56:04 | 000,000,000 | ---D | C] -- C:\Users\mdcolliano\AppData\Local\temp
[2013/04/12 16:47:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/12 16:47:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/12 16:47:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/12 16:46:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/12 16:46:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/12 16:44:43 | 000,000,000 | ---D | C] -- C:\Users\mdcolliano\AppData\Local\Avg2013
[2013/04/12 16:44:05 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/04/12 16:41:33 | 005,052,582 | R--- | C] (Swearware) -- C:\Users\mdcolliano\Desktop\ComboFix.exe
[2013/04/12 07:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/11 16:19:11 | 000,000,000 | ---D | C] -- C:\Users\mdcolliano\Desktop\mbar
[2013/04/11 15:55:48 | 000,000,000 | ---D | C] -- C:\Users\mdcolliano\Desktop\RK_Quarantine
[2013/04/11 12:30:09 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\mdcolliano\Desktop\dds.com
[2013/04/11 12:29:28 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\mdcolliano\Desktop\aswMBR.exe
[2013/04/11 11:39:32 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/04/11 11:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/04/11 11:39:31 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/04/11 11:39:28 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/04/11 11:39:28 | 000,060,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/04/11 11:39:26 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/04/11 11:39:23 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/04/11 11:39:22 | 000,228,600 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/04/11 11:38:58 | 000,000,000 | ---D | C] -- C:\Users\mdcolliano\AppData\Local\Programs
[2013/04/11 11:38:44 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/04/11 11:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/04/11 11:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/04/04 11:27:18 | 000,000,000 | ---D | C] -- C:\Users\mdcolliano\AppData\Roaming\TuneUp Software
[2013/04/04 11:06:53 | 000,000,000 | ---D | C] -- C:\Users\mdcolliano\AppData\Local\MFAData
[2013/04/04 11:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/04/04 10:56:34 | 000,000,000 | ---D | C] -- C:\Users\mdcolliano\AppData\Roaming\Malwarebytes
[2013/04/03 10:16:04 | 000,000,000 | ---D | C] -- C:\Users\mdcolliano\AppData\Local\Mozilla
[2013/04/03 10:16:03 | 000,000,000 | ---D | C] -- C:\Users\mdcolliano\AppData\Roaming\Mozilla

========== Files - Modified Within 30 Days ==========

[2013/04/15 11:15:53 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/15 11:15:53 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/15 11:07:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/15 11:07:23 | 2387,329,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/15 11:03:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mdcolliano\Desktop\OTL.exe
[2013/04/15 11:02:41 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\mdcolliano\Desktop\JRT.exe
[2013/04/15 11:02:17 | 000,613,083 | ---- | M] () -- C:\Users\mdcolliano\Desktop\adwcleaner.exe
[2013/04/15 09:52:00 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\SDD_Daily.job
[2013/04/12 18:02:20 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\mdcolliano\Desktop\rkill.exe
[2013/04/12 17:04:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/12 16:41:38 | 005,052,582 | R--- | M] (Swearware) -- C:\Users\mdcolliano\Desktop\ComboFix.exe
[2013/04/11 16:00:13 | 012,894,739 | ---- | M] () -- C:\Users\mdcolliano\Desktop\mbar-1.01.0.1022.zip
[2013/04/11 15:54:26 | 000,816,128 | ---- | M] () -- C:\Users\mdcolliano\Desktop\RogueKiller.exe
[2013/04/11 14:00:06 | 000,000,512 | ---- | M] () -- C:\Users\mdcolliano\Desktop\MBR.dat
[2013/04/11 12:30:56 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\mdcolliano\Desktop\aswMBR.exe
[2013/04/11 12:30:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\mdcolliano\Desktop\dds.com
[2013/04/11 11:39:32 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/04/11 11:39:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/04/11 11:39:12 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/11 10:16:51 | 000,015,390 | ---- | M] () -- C:\Users\mdcolliano\Desktop\PrintPositionDetails.pdf
[2013/04/10 09:50:45 | 000,037,001 | ---- | M] () -- C:\Users\mdcolliano\Documents\westbourne commentary apr 13 V - revised.pdf
[2013/04/09 15:36:28 | 000,358,189 | ---- | M] () -- C:\Users\mdcolliano\Documents\wii commentary april,2013 draft(3).dotx
[2013/04/05 15:14:17 | 000,047,462 | ---- | M] () -- C:\Users\mdcolliano\Documents\WII Commentary, 2013, Second Q Draft III.rtf
[2013/04/04 15:58:12 | 000,045,675 | ---- | M] () -- C:\Users\mdcolliano\Documents\wII Commentary 2013, 2nd quarter draft.rtf
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/03 15:51:35 | 000,001,990 | ---- | M] () -- C:\Users\mdcolliano\Documents\wII Commentary 2013, 2nd quarter.rtf
[2013/03/28 21:13:37 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/28 21:13:37 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/28 20:56:46 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

========== Files Created - No Company Name ==========

[2013/04/15 11:02:15 | 000,613,083 | ---- | C] () -- C:\Users\mdcolliano\Desktop\adwcleaner.exe
[2013/04/12 16:47:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/12 16:47:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/12 16:47:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/12 16:47:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/12 16:47:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/11 16:00:12 | 012,894,739 | ---- | C] () -- C:\Users\mdcolliano\Desktop\mbar-1.01.0.1022.zip
[2013/04/11 15:54:24 | 000,816,128 | ---- | C] () -- C:\Users\mdcolliano\Desktop\RogueKiller.exe
[2013/04/11 14:00:06 | 000,000,512 | ---- | C] () -- C:\Users\mdcolliano\Desktop\MBR.dat
[2013/04/11 11:39:32 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/04/11 11:39:26 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/04/11 11:39:25 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/04/11 10:16:51 | 000,015,390 | ---- | C] () -- C:\Users\mdcolliano\Desktop\PrintPositionDetails.pdf
[2013/04/10 09:50:45 | 000,037,001 | ---- | C] () -- C:\Users\mdcolliano\Documents\westbourne commentary apr 13 V - revised.pdf
[2013/04/09 15:36:27 | 000,358,189 | ---- | C] () -- C:\Users\mdcolliano\Documents\wii commentary april,2013 draft(3).dotx
[2013/04/05 15:14:15 | 000,047,462 | ---- | C] () -- C:\Users\mdcolliano\Documents\WII Commentary, 2013, Second Q Draft III.rtf
[2013/04/03 15:51:59 | 000,045,675 | ---- | C] () -- C:\Users\mdcolliano\Documents\wII Commentary 2013, 2nd quarter draft.rtf
[2013/04/03 15:51:24 | 000,001,990 | ---- | C] () -- C:\Users\mdcolliano\Documents\wII Commentary 2013, 2nd quarter.rtf
[2013/03/28 20:56:46 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/01/23 11:22:50 | 000,000,000 | ---- | C] () -- C:\Users\mdcolliano\AppData\Local\WavXMapDrive.bat
[2013/01/23 07:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2013/01/22 18:10:18 | 000,172,416 | ---- | C] () -- C:\Program Files\64res.dll
[2012/04/11 16:00:40 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/06/27 07:41:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/03/04 11:51:20 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
" " = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/04/05 08:33:00 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/04/05 08:33:00 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/12/10 09:21:15 | 000,000,000 | ---D | M] -- C:\Users\ga-admin\AppData\Roaming\Broadcom
[2012/12/10 09:21:16 | 000,000,000 | ---D | M] -- C:\Users\ga-admin\AppData\Roaming\Wave Systems Corp
[2013/03/28 20:52:22 | 000,000,000 | -H-D | M] -- C:\Users\mdcolliano\AppData\Roaming\407469A9
[2013/04/04 11:27:18 | 000,000,000 | ---D | M] -- C:\Users\mdcolliano\AppData\Roaming\TuneUp Software
[2013/01/23 11:22:49 | 000,000,000 | ---D | M] -- C:\Users\mdcolliano\AppData\Roaming\Wave Systems Corp
[2010/03/04 11:52:56 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Broadcom
[2010/03/08 14:53:38 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\DriverCure
[2010/03/08 15:38:14 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\FileMaker
[2010/03/08 15:41:04 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\FileMaker Pro
[2011/05/27 13:55:58 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Juniper Networks
[2012/04/12 07:07:10 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Lidyy
[2012/03/20 14:34:56 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Lyzax
[2010/03/04 11:52:52 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Wave Systems Corp
[2010/05/20 14:49:46 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\webex
[2010/08/20 09:22:05 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Windows Live Writer
[2010/03/04 11:37:28 | 000,000,000 | ---D | M] -- C:\Users\Michael Del Colliano\AppData\Roaming\Broadcom
[2010/03/04 11:37:29 | 000,000,000 | ---D | M] -- C:\Users\Michael Del Colliano\AppData\Roaming\Wave Systems Corp
[2013/01/23 11:24:25 | 000,000,000 | ---D | M] -- C:\Users\pwalsh\AppData\Roaming\Wave Systems Corp

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 788 bytes -> C:\Users\mdcolliano\Documents\mike kurtz.eml:OECustomProperty
@Alternate Data Stream - 780 bytes -> C:\Users\mdcolliano\Documents\Michael PFANN.eml:OECustomProperty
@Alternate Data Stream - 768 bytes -> C:\Users\mdcolliano\Documents\Annette's IRA.eml:OECustomProperty
@Alternate Data Stream - 733 bytes -> C:\Users\mdcolliano\Documents\Re_ Hi, Mark!.eml:OECustomProperty
@Alternate Data Stream - 704 bytes -> C:\Users\mdcolliano\Documents\For Kevin.eml:OECustomProperty
@Alternate Data Stream - 566 bytes -> C:\Users\mdcolliano\Documents\Rollins Letter.eml:OECustomProperty
@Alternate Data Stream - 566 bytes -> C:\Users\mdcolliano\Documents\Rollins Letter 2.eml:OECustomProperty

< End of report >

rpicon · 2013/04/15

pc is acting well. able to print again.

rpicon · 2013/04/15

spoke too soon. Still having some issues printing. It looks like I cant print PDF with either browser. It was working before I ran the last set of ADWcleaner, junk removal and OTL

not sure what happened. Should I restart the PC?

broni · 2013/04/15

Go ahead and see what happens.

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\KAPFA.SYS -- (KAPFA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MDCOLL~1\AppData\Local\Temp\catchme.sys -- (catchme)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 788 bytes -> C:\Users\mdcolliano\Documents\mike kurtz.eml:OECustomProperty
@Alternate Data Stream - 780 bytes -> C:\Users\mdcolliano\Documents\Michael PFANN.eml:OECustomProperty
@Alternate Data Stream - 768 bytes -> C:\Users\mdcolliano\Documents\Annette's IRA.eml:OECustomProperty
@Alternate Data Stream - 733 bytes -> C:\Users\mdcolliano\Documents\Re_ Hi, Mark!.eml:OECustomProperty
@Alternate Data Stream - 704 bytes -> C:\Users\mdcolliano\Documents\For Kevin.eml:OECustomProperty
@Alternate Data Stream - 566 bytes -> C:\Users\mdcolliano\Documents\Rollins Letter.eml:OECustomProperty
@Alternate Data Stream - 566 bytes -> C:\Users\mdcolliano\Documents\Rollins Letter 2.eml:OECustomProperty

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

broni · 2013/04/19

Still with me?

broni · 2013/04/24

This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.

Log in or Sign up

Inactive-A Virus or malware

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive-A Virus or malware

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches