Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: bud51360 on October 25, 2011, 09:01:23 AM

Title: Malware Infection
Post by: bud51360 on October 25, 2011, 09:01:23 AM

I am having multiple issues and nothing I have tried so far has completely removed it.  It started with a "System Restore" malware issue which I have managed to remove twice.  I am now facing an issue with iexplore.exe running multiple times in processes by itself as well as a Google redirect whenever I perform Google searches.  I will also hear random audio clips playing from time to time.  I have tried multiple things and I can't seem to remove.

Thanks in advance for your time and help with this matter!

Bud

Title: Re: Malware Infection
Post by: Allan on October 25, 2011, 09:16:40 AM

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

Title: Re: Malware Infection
Post by: bud51360 on October 25, 2011, 02:54:59 PM

This is a machine at my place of Business.

Step 1 - Nothing out of the normal in Add or Remove Programs.

Step 2 - Ran CCleaner Slim.

Step 3 - SAS Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/25/2011 at 01:59 PM

Application Version : 5.0.1134

Core Rules Database Version : 7845
Trace Rules Database Version: 5657

Scan type       : Quick Scan
Total Scan Time : 00:21:05

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 804
Memory threats detected   : 0
Registry items scanned    : 32088
Registry threats detected : 0
File items scanned        : 38109
File threats detected     : 64

Adware.Tracking Cookie
   .atdmt.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .pointroll.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .adxpose.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .pointroll.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .realmedia.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .realmedia.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .apmebf.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   accounts.google.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   accounts.google.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]
   accounts.google.com [ C:\DOCUMENTS AND SETTINGS\BFRERICHS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7YBPLH7B.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-FSG
   ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\BFRERICHS\DESKTOP\JASON\GRAND.THEFT.AUTO.SA.PLUS16TRN.DEVIOUS.ZIP )/TRAINER.EXE
   C:\DOCUMENTS AND SETTINGS\BFRERICHS\DESKTOP\JASON\GRAND.THEFT.AUTO.SA.PLUS16TRN.DEVIOUS.ZIP

Browser Hijacker.Favorites
   C:\DOCUMENTS AND SETTINGS\BFRERICHS\DESKTOP\~2 MOVE\BFRERICHS-OLDSVR\MY DOCUMENTS\FAVORITES\ONLINE SECURITY TEST.URL

Adware.GloboLook
   C:\DOCUMENTS AND SETTINGS\BFRERICHS\DESKTOP\~2 MOVE\~SAVED STUFF\BWF\ICONS\COMPUTER\RECYCLE BIN\MAR FULL.ICO
   C:\DOCUMENTS AND SETTINGS\BFRERICHS\DESKTOP\~2 MOVE\~SAVED STUFF\BWF\ICONS\MISC1\MONEY.ICO
   C:\DOCUMENTS AND SETTINGS\BFRERICHS\DESKTOP\~2 MOVE\~SAVED STUFF\BWF\ICONS\MISC2\PRESCRIPTION.ICO
   C:\DOCUMENTS AND SETTINGS\BFRERICHS\DESKTOP\~2 MOVE\~SAVED STUFF\BWF\ICONS\MONTHS\AUGUST.ICO
   C:\DOCUMENTS AND SETTINGS\BFRERICHS\DESKTOP\~2 MOVE\~SAVED STUFF\BWF\ICONS\TRANSPORTATION\CARS\58 CORVETTE.ICO


Step 4 - MBAM Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8020

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/25/2011 2:43:58 PM
mbam-log-2011-10-25 (14-43-58).txt

Scan type: Quick scan
Objects scanned: 183483
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Step 5 - Java was up to date.


Step 6 - Part 1 - DDS.txt Log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_29
Run by BFRERICHS at 15:27:29 on 2011-10-25
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.1911 [GMT -5:00]
.
AV: LANDesk Antivirus client *Enabled/Updated* {C386CD1A-44E8-4B9D-885E-4751A79CE5BD}
AV: LANDesk Endpoint Security *Enabled/Updated* {06FEC33C-5159-42A2-BDDE-DBEBBC1A128E}
AV: LANDesk Endpoint Security *Disabled/Updated* {15D8B765-BF1A-42AB-8FB8-686D00C9E220}
AV: LANDesk Endpoint Security *Disabled/Updated* {E3018ECE-EF1A-479C-A854-69389D6B349D}
AV: LANDesk Endpoint Security *Disabled/Updated* {E39A6D8E-E54E-443A-B734-81E7AA75AA22}
AV: LANDesk Endpoint Security *Disabled/Updated* {AD893661-E3D8-4B02-95C3-A007AD05476D}
AV: LANDesk Endpoint Security *Disabled/Updated* {C1454AA1-FD36-4367-B447-D0927DEA4578}
AV: LANDesk Endpoint Security *Disabled/Updated* {E9565059-DFF2-4E53-9D76-CA52827AB344}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\LANDesk\LDClient\HIPS\LDSecSvc.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\All Users\Application Data\bomgar-scc-4E9CA32B\bomgar-scc.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\Dell\PanelMgr\SSMMgr.exe
C:\WINDOWS\twain_32\Dell\DELL2145\Scan2Pc.exe
C:\Program Files\LANDesk\LDClient\HIPS\ViGUARD.EXE
C:\Program Files\LANDesk\LDClient\antivirus\LDav.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Bomgar\Representative\rs.nfcremote.com\bomgar-rep.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Avaya\IP Office\Phone Manager\PhoneManager.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Documents and Settings\All Users\Application Data\bomgar-scc-4E9CA32B\bomgar-scc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\Program Files\LANDesk\LDClient\antivirus\avservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\agent.exe
C:\Program Files\LANDesk\LDClient\localsch.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\Program Files\LANDesk\LDClient\antivirus\kavehost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = 10.0.0.8:80
uInternet Settings,ProxyOverride = 10.0.0.26;10.0.0.25;10.0.0.27;192.168.7.21;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [DLPSP] "c:\program files\dell printers\additional color laser software\status monitor\DLPSP.EXE"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe"  /autorun
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Dell PanelMgr] c:\windows\dell\panelmgr\SSMMgr.exe /autorun
mRun: [2145cn Scan2PC] "c:\windows\twain_32\dell\dell2145\Scan2Pc.exe"
mRun: [LANDesk Endpoint Security] "c:\program files\landesk\ldclient\hips\ViGUARD.EXE" /STARTUP
mRun: [LANDesk Antivirus] "c:\program files\landesk\ldclient\antivirus\LDav.exe" /systray
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bomgar~1.lnk - c:\program files\bomgar\representative\rs.nfcremote.com\bomgar-rep.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\phonem~1.lnk - c:\program files\avaya\ip office\phone manager\PhoneManager.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Web Capture - c:\program files\smarthru office\WebCapture.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: cr-exchdc2
Trusted Zone: localhost
Trusted Zone: sv-mimosa-np
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245183394289
DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} - hxxps://sv-blackberry:664/webconsole/RIMWebComponents.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://landesk.webex.com/client/T27L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://remotesupport.unisys.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: Interfaces\{0428620C-D4DB-48AD-9333-97872633B53B} : NameServer = 192.168.110.13,10.0.0.8
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bfrerichs\application data\mozilla\firefox\profiles\7ybplh7b.default\
FF - prefs.js: browser.startup.homepage - msn.com
FF - component: c:\documents and settings\bfrerichs\application data\mozilla\firefox\profiles\7ybplh7b.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\bfrerichs\application data\mozilla\firefox\profiles\7ybplh7b.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\bfrerichs\application data\move networks\plugins\npqmp071502000008.dll
FF - plugin: c:\documents and settings\bfrerichs\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwdplugin821.dll
.
============= SERVICES / DRIVERS ===============
.
R0 LDSecDrv;LDSecDrv;c:\windows\system32\drivers\LDSecDrv.sys [2010-11-18 197344]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-11-18 320400]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 bomgar-ps-1318888235-1318902157;Bomgar Jump Client [1318888235-1318902157];c:\documents and settings\all users\application data\bomgar-scc-4e9ca32b\bomgar-scc.exe [2011-10-17 919488]
R2 CBA8;LANDesk(R) Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2010-10-15 147456]
R2 CISMBIOS;CISMBIOS;c:\windows\system32\drivers\cismbios.sys [2010-3-23 14848]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2009-6-23 135168]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2010-11-18 205312]
R2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\landesk\ldclient\tmcsvc.exe [2010-11-18 178688]
R2 LDAVService;LANDesk(R) Antivirus;c:\program files\landesk\ldclient\antivirus\AVService.exe [2010-11-18 563576]
R2 LDSecSvc;LANDesk Endpoint Security;c:\program files\landesk\ldclient\hips\LDSecSvc.exe [2010-11-18 1824232]
R2 Softmon;LANDesk(R) Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2010-11-18 385024]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
S2 a2free;a-squared Free Service;"c:\program files\a-squared free\a2service.exe" --> c:\program files\a-squared free\a2service.exe [?]
S2 bomgar-ps-1266772894-1291233131;Bomgar Jump Client [1266772894-1291233131];"c:\documents and settings\all users\application data\bomgar-scc-4b816b9e\bomgar-scc.exe" -pinned elevated --> c:\documents and settings\all users\application data\bomgar-scc-4b816b9e\bomgar-scc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S2 ProcTrigger;LANDesk(R) Process Trigger Service;c:\program files\landesk\ldclient\ProcTriggerSvc.exe [2010-11-18 143360]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S2 tracksvc;LANDesk(R) Power Management Track Service;c:\program files\landesk\ldclient\tracksvc.exe [2010-11-18 66048]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-2-19 198168]
S3 Ctedcdwbn_3.;Ctedcdwbn_3.;

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-2-19 1353240]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-2-19 73752]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2009-2-19 1222680]
.
=============== Created Last 30 ================
.
2011-10-25 18:36:19   --------   d-----w-   c:\documents and settings\bfrerichs\application data\SUPERAntiSpyware.com
2011-10-25 18:35:23   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-10-25 18:35:23   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-10-24 21:54:52   23624   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2011-10-24 21:54:26   --------   d-----w-   c:\documents and settings\all users\application data\Hitman Pro
2011-10-24 18:04:16   208896   ----a-w-   c:\windows\MBR.exe
2011-10-24 18:04:13   98816   ----a-w-   c:\windows\sed.exe
2011-10-24 18:04:13   518144   ----a-w-   c:\windows\SWREG.exe
2011-10-24 18:02:52   --------   d-----w-   C:\ComboFix
2011-10-24 16:06:45   --------   d-----w-   C:\TDSSKiller_Quarantine
2011-10-19 17:49:01   --------   d-sha-r-   C:\cmdcons
2011-10-17 21:50:35   --------   d-----w-   c:\documents and settings\all users\application data\bomgar-scc-4E9CA32B
2011-10-17 19:59:17   --------   d-----w-   c:\documents and settings\bfrerichs\local settings\application data\Ilium_Software,_Inc
2011-10-10 20:26:58   --------   d-----w-   c:\program files\LizardLabs
2011-10-10 20:26:24   --------   d-----w-   c:\program files\Log Parser 2.2
.
==================== Find3M  ====================
.
2011-10-20 16:46:51   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 10:06:03   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-10-03 07:37:52   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-09-26 16:41:20   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 16:41:14   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-06 13:20:51   1858944   ----a-w-   c:\windows\system32\win32k.sys
2011-08-31 22:00:50   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-08-22 23:48:54   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39   385024   ----a-w-   c:\windows\system32\html.iec
2011-08-17 13:49:54   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
.
============= FINISH: 15:34:32.93 ===============


Step 6 - Part 2 - Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/16/2009 11:33:20 AM
System Uptime: 10/25/2011 3:19:53 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0RW203
Processor: Intel Pentium III Xeon processor | CPU | 2493/1333mhz
.
==== Disk Partitions =========================
.
B: is Removable
C: is FIXED (NTFS) - 298 GiB total, 232.554 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is NetworkDisk (NTFS) - 422 GiB total, 399.958 GiB free.
G: is Removable
Q: is Removable
R: is Removable
S: is Removable
T: is Removable
W: is Removable
X: is CDROM (CDFS)
Y: is NetworkDisk (NTFS) - 422 GiB total, 399.958 GiB free.
Z: is NetworkDisk (NTFS) - 233 GiB total, 30.023 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP463: 7/27/2011 7:18:44 PM - System Checkpoint
RP464: 7/28/2011 7:49:52 PM - System Checkpoint
RP465: 7/29/2011 8:50:50 PM - System Checkpoint
RP466: 7/30/2011 9:24:50 PM - System Checkpoint
RP467: 7/31/2011 10:24:49 PM - System Checkpoint
RP468: 8/1/2011 10:36:49 PM - System Checkpoint
RP469: 8/2/2011 11:24:49 PM - System Checkpoint
RP470: 8/3/2011 11:50:17 PM - System Checkpoint
RP471: 8/5/2011 12:24:50 AM - System Checkpoint
RP472: 8/6/2011 12:36:49 AM - System Checkpoint
RP473: 8/7/2011 12:38:46 AM - System Checkpoint
RP474: 8/8/2011 12:59:34 PM - System Checkpoint
RP475: 8/8/2011 2:22:27 PM - Software Distribution Service 3.0
RP476: 8/8/2011 2:29:15 PM - Software Distribution Service 3.0
RP477: 8/9/2011 3:33:17 PM - System Checkpoint
RP478: 8/10/2011 3:36:06 PM - System Checkpoint
RP479: 8/11/2011 5:20:40 PM - System Checkpoint
RP480: 8/12/2011 5:29:26 PM - System Checkpoint
RP481: 8/13/2011 5:36:35 PM - System Checkpoint
RP482: 8/14/2011 6:37:07 PM - System Checkpoint
RP483: 8/15/2011 7:01:06 PM - System Checkpoint
RP484: 8/16/2011 8:15:07 PM - System Checkpoint
RP485: 8/17/2011 9:20:48 PM - System Checkpoint
RP486: 8/18/2011 9:24:43 PM - System Checkpoint
RP487: 8/19/2011 9:36:43 PM - System Checkpoint
RP488: 8/20/2011 10:24:41 PM - System Checkpoint
RP489: 8/21/2011 11:36:40 PM - System Checkpoint
RP490: 8/23/2011 12:24:39 AM - System Checkpoint
RP491: 8/24/2011 1:24:38 AM - System Checkpoint
RP492: 8/25/2011 1:49:08 AM - System Checkpoint
RP493: 8/26/2011 1:49:39 AM - System Checkpoint
RP494: 8/27/2011 2:50:05 AM - System Checkpoint
RP495: 8/28/2011 3:50:07 AM - System Checkpoint
RP496: 8/29/2011 3:50:37 AM - System Checkpoint
RP497: 8/30/2011 3:51:07 AM - System Checkpoint
RP498: 8/31/2011 4:36:36 AM - System Checkpoint
RP499: 9/1/2011 5:36:37 AM - System Checkpoint
RP500: 9/1/2011 2:42:42 PM - Software Distribution Service 3.0
RP501: 9/2/2011 4:18:19 PM - System Checkpoint
RP502: 9/3/2011 5:23:18 PM - System Checkpoint
RP503: 9/4/2011 7:00:49 PM - System Checkpoint
RP504: 9/5/2011 7:13:04 PM - System Checkpoint
RP505: 9/6/2011 7:14:06 PM - System Checkpoint
RP506: 9/7/2011 8:11:33 PM - System Checkpoint
RP507: 9/8/2011 9:11:36 PM - System Checkpoint
RP508: 9/9/2011 9:59:30 PM - System Checkpoint
RP509: 9/10/2011 10:11:29 PM - System Checkpoint
RP510: 9/11/2011 10:59:27 PM - System Checkpoint
RP511: 9/12/2011 10:59:41 PM - System Checkpoint
RP512: 9/14/2011 12:11:25 AM - System Checkpoint
RP513: 9/15/2011 12:59:24 AM - System Checkpoint
RP514: 9/16/2011 1:59:25 AM - System Checkpoint
RP515: 9/16/2011 8:11:38 AM - Software Distribution Service 3.0
RP516: 9/17/2011 9:27:46 AM - System Checkpoint
RP517: 9/18/2011 10:25:24 AM - System Checkpoint
RP518: 9/19/2011 12:08:28 PM - System Checkpoint
RP519: 9/20/2011 12:51:21 PM - System Checkpoint
RP520: 9/22/2011 12:01:10 PM - Installed Staples USB-to-Serial Adapter
RP521: 9/24/2011 7:11:18 PM - System Checkpoint
RP522: 9/25/2011 7:58:48 PM - System Checkpoint
RP523: 9/26/2011 8:11:20 PM - System Checkpoint
RP524: 9/27/2011 8:59:20 PM - System Checkpoint
RP525: 9/28/2011 9:11:17 PM - System Checkpoint
RP526: 9/29/2011 9:47:03 AM - Software Distribution Service 3.0
RP527: 9/29/2011 10:17:40 AM - Software Distribution Service 3.0
RP528: 9/30/2011 12:37:47 PM - System Checkpoint
RP529: 10/1/2011 1:01:23 PM - System Checkpoint
RP530: 10/2/2011 2:02:22 PM - System Checkpoint
RP531: 10/3/2011 3:00:21 PM - System Checkpoint
RP532: 10/4/2011 4:05:01 PM - System Checkpoint
RP533: 10/5/2011 4:46:52 PM - System Checkpoint
RP534: 10/6/2011 5:23:04 PM - System Checkpoint
RP535: 10/7/2011 5:34:15 PM - System Checkpoint
RP536: 10/8/2011 5:56:21 PM - System Checkpoint
RP537: 10/9/2011 7:20:42 PM - System Checkpoint
RP538: 10/10/2011 3:26:23 PM - Installed Log Parser 2.2
RP539: 10/10/2011 3:26:56 PM - Installed Log Parser Lizard
RP540: 10/11/2011 4:02:34 PM - System Checkpoint
RP541: 10/12/2011 7:32:48 PM - System Checkpoint
RP542: 10/13/2011 12:35:32 PM - Software Distribution Service 3.0
RP543: 10/13/2011 2:55:00 PM - Software Distribution Service 3.0
RP544: 10/14/2011 3:05:28 PM - System Checkpoint
RP545: 10/15/2011 4:17:26 PM - System Checkpoint
RP546: 10/16/2011 5:17:27 PM - System Checkpoint
RP547: 10/17/2011 5:31:09 PM - System Checkpoint
RP548: 10/18/2011 7:17:39 PM - System Checkpoint
RP549: 10/19/2011 8:00:27 PM - System Checkpoint
RP550: 10/20/2011 9:00:53 PM - System Checkpoint
RP551: 10/21/2011 9:01:21 PM - System Checkpoint
RP552: 10/22/2011 9:02:21 PM - System Checkpoint
RP553: 10/23/2011 10:02:49 PM - System Checkpoint
RP554: 10/24/2011 10:27:36 PM - System Checkpoint
RP555: 10/25/2011 2:32:33 PM - Installed Java(TM) 6 Update 29
.
==== Installed Programs ======================
.
32 bit Windows Card Reader Driver
a-squared Free 4.5
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.1.0 Professional
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS
Adobe Shockwave Player 11.6
Advanced SystemCare 3
APC PowerChute Personal Edition
Apple Application Support
Apple Software Update
BlackBerry Desktop Software 6.0
BlackBerry Device Communication Components
Bomgar Jump Client [rs.nfcremote.com] [1247521220]
Bomgar Jump Client 11.1.3 [rs.nfcremote.com] [1318888235]
Bomgar Representative Console 11.1.3 [rs.nfcremote.com]
Broadcom Gigabit Integrated Controller
CCleaner
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell 2145cn Color Laser MFP
Dell Printer Software
Dell Resource CD
Deskcalc Pro
Deskcalc SE
eWallet 7.2 for BlackBerry
Fences
ffdshow [rev 3072] [2009-09-12]
Google Chrome
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.457
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IDEAL Administration
Intel(R) SMBus
IP Office User Suite
Java Auto Updater
Java(TM) 6 Update 29
Juniper Networks Secure Meeting 5.5.0
KhalInstallWrapper
LANDesk Advance Agent
LANDesk(R) Antivirus
LANDesk(R) Common Base Agent 8
LightEdge WebShare
Log Parser 2.2
Log Parser Lizard
Logitech Desktop Messenger
Logitech SetPoint
Logitech Updater
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Visio Standard 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft XML Parser
Move Media Player
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Opera 9.64
PhoneManager
PowerDVD
QuickTime
Readiris Pro 10
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
RTC Client API v1.2
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SnagIt 7
Sonic CinePlayer Decoder Pack
Staples USB-to-Serial Adapter 2.03
SUPERAntiSpyware
swMSM
TAPI
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Tyre
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
WebEx
WebFldrs XP
WinAVI Video Converter
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
XP Codec Pack
ZixMail
.
==== Event Viewer Messages From Past Week ========
.
10/25/2011 9:32:44 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Dell Printer Status Database service to connect.
10/24/2011 3:55:36 PM, error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
10/24/2011 12:32:25 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss sptd Tcpip
10/24/2011 12:32:25 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
10/24/2011 12:32:25 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/24/2011 12:32:25 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/24/2011 12:32:25 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
10/24/2011 12:29:08 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Bomgar Jump Client [1318888235-1318902157] service to connect.
10/24/2011 12:29:08 PM, error: Service Control Manager [7000]  - The Bomgar Jump Client [1318888235-1318902157] service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/24/2011 12:28:07 PM, error: Service Control Manager [7031]  - The Bomgar Jump Client [1318888235-1318902157] service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/24/2011 12:05:45 PM, error: Service Control Manager [7031]  - The Bomgar Jump Client [1318888235-1318902157] service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/24/2011 11:11:01 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  sptd
10/24/2011 11:10:52 AM, error: Service Control Manager [7000]  - The SSPORT service failed to start due to the following error:  The system cannot find the file specified.
10/24/2011 11:10:52 AM, error: Service Control Manager [7000]  - The Bomgar Jump Client [1266772894-1291233131] service failed to start due to the following error:  The system cannot find the file specified.
10/24/2011 11:10:51 AM, error: Service Control Manager [7000]  - The a-squared Free Service service failed to start due to the following error:  The system cannot find the file specified.
10/21/2011 2:39:50 AM, error: Kerberos [4]  - The kerberos client received a KRB_AP_ERR_MODIFIED error from the server dp-dsanculi2$.  This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named  machine accounts in the target realm (FNB_DOMAIN.LOCAL), and the client realm.   Please contact your system administrator.
10/20/2011 11:45:39 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  atapi sptd
10/19/2011 2:42:33 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/19/2011 12:02:29 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips intelppm KLIF sptd
10/19/2011 12:00:54 PM, error: NETLOGON [5776]  - Failed to create/open file \system32\config\netlogon.ftl with the following error:  Access is denied.
10/19/2011 1:57:48 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
.
==== End Of File ===========================

Title: Re: Malware Infection
Post by: Dr Jay on October 26, 2011, 07:19:40 AM

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Title: Re: Malware Infection
Post by: bud51360 on November 08, 2011, 12:01:35 PM

I have been out of the office for a while now but will run ComboFix today and post logs.  Since my last posting my antivirus program (LANDesk) has reported the following two infected files:

1.  A0063632.exe infected with Trojan.Win32.Jorik.Fraud.gox in C:\System Volume Information\_restore{4F04266C-32D0-417F-B7C0-33D3A850294A}\RP553\
2.  A0063633.exe infected with Trojan.Win32.Jorik.Fraud.hhy in C:\System Volume Information\_restore{4F04266C-32D0-417F-B7C0-33D3A850294A}\RP553\

These files have been quarantined but thought I should mention this.

Bud

Title: Re: Malware Infection
Post by: bud51360 on November 09, 2011, 07:14:09 AM

ComboFix Log:

ComboFix 11-11-08.02 - BFRERICHS 11/08/2011  16:03:45.5.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2441 [GMT -6:00]
Running from: C:\Documents and Settings\bfrerichs\Desktop\ComboFix.exe
AV: LANDesk Endpoint Security *Disabled/Updated* {15D8B765-BF1A-42AB-8FB8-686D00C9E220}
AV: LANDesk Endpoint Security *Disabled/Updated* {AD893661-E3D8-4B02-95C3-A007AD05476D}
AV: LANDesk Endpoint Security *Disabled/Updated* {C1454AA1-FD36-4367-B447-D0927DEA4578}
AV: LANDesk Endpoint Security *Disabled/Updated* {E3018ECE-EF1A-479C-A854-69389D6B349D}
AV: LANDesk Endpoint Security *Disabled/Updated* {E39A6D8E-E54E-443A-B734-81E7AA75AA22}
AV: LANDesk Endpoint Security *Disabled/Updated* {E9565059-DFF2-4E53-9D76-CA52827AB344}


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\BFRERI~1\LOCALS~1\Temp\IadHide5.dll
C:\Documents and Settings\bfrerichs\Local Settings\temp\IadHide5.dll

---- Previous Run -------

C:\DOCUME~1\BFRERI~1\LOCALS~1\Temp\IadHide5.dll
C:\Documents and Settings\bfrerichs\Local Settings\temp\IadHide5.dll


(((((((((((((((((((((((((   Files Created from 2011-10-08 to 2011-11-08  )))))))))))))))))))))))))))))))


2011-10-25 19:33:30 . 2011-10-25 19:33:30   --------   d-----w-   C:\Program Files\Common Files\Java
2011-10-25 18:36:19 . 2011-10-25 18:36:19   --------   d-----w-   C:\Documents and Settings\bfrerichs\Application Data\SUPERAntiSpyware.com
2011-10-25 18:35:23 . 2011-10-25 18:36:11   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2011-10-25 18:35:23 . 2011-10-25 18:35:23   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-24 21:54:52 . 2011-10-24 21:54:52   23624   ----a-w-   C:\WINDOWS\system32\drivers\hitmanpro35.sys
2011-10-24 21:54:26 . 2011-10-24 21:54:27   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Hitman Pro
2011-10-24 16:06:45 . 2011-10-25 13:04:25   --------   d-----w-   C:\TDSSKiller_Quarantine
2011-10-17 21:50:35 . 2011-11-08 22:40:30   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\bomgar-scc-4E9CA32B
2011-10-17 19:59:17 . 2011-10-17 19:59:18   --------   d-----w-   C:\Documents and Settings\bfrerichs\Local Settings\Application Data\Ilium_Software,_Inc
2011-10-10 20:26:58 . 2011-10-10 20:26:58   --------   d-----w-   C:\Program Files\LizardLabs
2011-10-10 20:26:24 . 2011-10-10 20:26:27   --------   d-----w-   C:\Program Files\Log Parser 2.2
.


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-10-20 16:46:51 . 2011-05-26 13:23:54   414368   ----a-w-   C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-10-03 10:06:03 . 2010-05-17 16:40:18   472808   ----a-w-   C:\WINDOWS\system32\deployJava1.dll
2011-10-03 07:37:52 . 2010-05-17 16:40:18   73728   ----a-w-   C:\WINDOWS\system32\javacpl.cpl
2011-09-26 16:41:20 . 2008-07-30 00:59:58   611328   ----a-w-   C:\WINDOWS\system32\uiautomationcore.dll
2011-09-26 16:41:20 . 2004-08-04 05:00:00   220160   ----a-w-   C:\WINDOWS\system32\oleacc.dll
2011-09-26 16:41:14 . 2004-08-04 05:00:00   20480   ----a-w-   C:\WINDOWS\system32\oleaccrc.dll
2011-09-09 09:12:13 . 2004-08-04 05:00:00   599040   ----a-w-   C:\WINDOWS\system32\crypt32.dll
2011-09-06 13:20:51 . 2004-08-04 05:00:00   1858944   ----a-w-   C:\WINDOWS\system32\win32k.sys
2011-08-31 22:00:50 . 2010-02-19 14:32:24   22216   ----a-w-   C:\WINDOWS\system32\drivers\mbam.sys
2011-08-22 23:48:55 . 2006-03-03 22:33:46   916480   ----a-w-   C:\WINDOWS\system32\wininet.dll
2011-08-22 23:48:54 . 2004-08-04 05:00:00   43520   ----a-w-   C:\WINDOWS\system32\licmgr10.dll
2011-08-22 23:48:54 . 2004-08-04 05:00:00   1469440   ------w-   C:\WINDOWS\system32\inetcpl.cpl
2011-08-22 11:56:39 . 2004-08-04 05:00:00   385024   ----a-w-   C:\WINDOWS\system32\html.iec
2011-08-17 13:49:54 . 2004-08-04 05:00:00   138496   ----a-w-   C:\WINDOWS\system32\drivers\afd.sys
2010-09-30 20:37:48 . 2010-09-30 20:37:49   101768   ----a-w-   C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
2011-10-13 17:41:42 . 2011-05-27 14:24:27   134104   ----a-w-   C:\Program Files\mozilla firefox\components\browsercomps.dll


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[7] 2008-04-14 00:12:51 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[7] 2008-04-14 00:12:01 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ERDNT\cache\msvcrt.dll
[7] 2008-04-14 00:12:01 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 00:12:01 . 4536290D501FB1FDC0D18C8B95DDBA6E . 343040 . . [7.0.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\msvcrt.dll
[7] 2004-08-04 05:00:00 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\msvcrt.dll
[7] 2004-08-04 05:00:00 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0 (xpclient.010817-1148)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[7] 2004-08-04 05:00:00 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll


(((((((((((((((((((((((((((((   SnapShot_2011-10-19_18.32.18   )))))))))))))))))))))))))))))))))))))))))

+ 2011-11-08 22:37:50 . 2011-11-08 22:37:50   16384              C:\WINDOWS\temp\Perflib_Perfdata_1a4.dat
+ 2004-08-04 05:00:00 . 2011-11-08 20:31:38   72370              C:\WINDOWS\system32\perfc009.dat
+ 2011-11-08 22:38:00 . 2011-11-08 22:38:00   16384              C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\Perflib_Perfdata_9fc.dat
+ 2009-07-09 13:50:18 . 2011-11-08 22:36:43   1660              C:\WINDOWS\bthservsdp.dat
- 2009-07-09 13:50:18 . 2011-10-19 16:59:44   1660              C:\WINDOWS\bthservsdp.dat
+ 2004-08-04 05:00:00 . 2011-11-08 20:31:38   444494              C:\WINDOWS\system32\perfh009.dat
+ 2011-10-20 16:46:50 . 2011-10-20 16:46:50   247968              C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
+ 2011-10-20 16:46:50 . 2011-10-20 16:46:51   335520              C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.dll
+ 2011-10-25 19:33:02 . 2011-10-03 10:06:16   157472              C:\WINDOWS\system32\javaws.exe
- 2011-06-24 18:08:20 . 2011-05-04 09:52:34   157472              C:\WINDOWS\system32\javaws.exe
+ 2011-10-25 19:33:02 . 2011-10-03 10:06:15   145184              C:\WINDOWS\system32\javaw.exe
- 2011-06-24 18:08:20 . 2011-05-04 09:52:33   145184              C:\WINDOWS\system32\javaw.exe
+ 2011-10-25 19:33:02 . 2011-10-03 10:06:14   145184              C:\WINDOWS\system32\java.exe
- 2011-06-24 18:08:20 . 2011-05-04 09:52:32   145184              C:\WINDOWS\system32\java.exe
+ 2011-10-25 19:33:30 . 2011-10-25 19:33:30   203776              C:\WINDOWS\Installer\e1996.msi

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-14 00:10:56 1688872]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-07-08 15:41:19 32768]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 12:21:10 247728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-20 15:19:51 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-04 16:39:00 8466432]
"CTHelper"="CTHELPER.EXE" [2008-01-14 17:44:16 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-02-19 13:57:58 24576]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 19:06:08 128296]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 08:08:13 483328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 19:57:24 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 19:21:24 2213160]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-14 00:12:26 143360]
"DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2005-01-13 05:00:30 126976]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 00:12:41 110592]
"Google Quick Search Box"="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-20 15:19:49 122368]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 09:12:38 76304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-02-16 00:50:12 417792]
"Dell PanelMgr"="C:\WINDOWS\Dell\PanelMgr\SSMMgr.exe" [2009-05-29 05:34:11 541936]
"2145cn Scan2PC"="C:\WINDOWS\twain_32\Dell\DELL2145\Scan2Pc.exe" [2008-12-16 19:15:46 503808]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 18:06:06 254696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "C:\Program Files\Stardock\Fences\FencesMenu.dll" [2009-10-02 17:38:46 128360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 00:02:18 113024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54:14   551296   ----a-w-   C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 08:42:30   72208   ----a-w-   c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\LANDesk\\Shared Files\\residentAgent.exe"=
"C:\\Program Files\\Avaya\\IP Office\\Phone Manager\\PhoneManager.exe"=
"C:\\WINDOWS\\twain_32\\Dell\\DELL2145\\Sscan2io.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27:02 AM 12880]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55:22 PM 67664]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38:07 PM 116608]
R2 bomgar-ps-1318888235-1318902157;Bomgar Jump Client [1318888235-1318902157];C:\Documents and Settings\All Users\Application Data\bomgar-scc-4E9CA32B\bomgar-scc.exe [10/17/2011 3:50:35 PM 919488]
R2 CBA8;LANDesk(R) Management Agent;C:\Program Files\LANDesk\Shared Files\residentAgent.exe [10/15/2010 7:41:22 AM 147456]
R2 DLSDB;Dell Printer Status Database;C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [6/23/2009 8:55:49 AM 135168]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 6:21:10 AM 92592]
S0 sptd;sptd;C:\WINDOWS\system32\Drivers\sptd.sys --> C:\WINDOWS\system32\Drivers\sptd.sys [?]
S2 a2free;a-squared Free Service;"C:\Program Files\a-squared Free\a2service.exe" --> C:\Program Files\a-squared Free\a2service.exe [?]
S2 bomgar-ps-1266772894-1291233131;Bomgar Jump Client [1266772894-1291233131];"C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4B816B9E\bomgar-scc.exe" -pinned elevated --> C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4B816B9E\bomgar-scc.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [1/29/2010 9:23:19 AM 135664]
S2 SSPORT;SSPORT;\??\C:\WINDOWS\system32\Drivers\SSPORT.sys --> C:\WINDOWS\system32\Drivers\SSPORT.sys [?]
S3 CT20XUT;CT20XUT;C:\WINDOWS\system32\drivers\CT20XUT.sys [2/19/2009 9:42:26 AM 198168]
S3 Ctedcdwbn_3.;Ctedcdwbn_3.;

S3 CTEXFIFX;CTEXFIFX;C:\WINDOWS\system32\drivers\CTEXFIFX.sys [2/19/2009 9:43:50 AM 1353240]
S3 CTHWIUT;CTHWIUT;C:\WINDOWS\system32\drivers\CTHWIUT.sys [2/19/2009 9:43:10 AM 73752]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [1/29/2010 9:23:19 AM 135664]
S3 ha20x22k;Creative 20X2 HAL Driver;C:\WINDOWS\system32\drivers\ha20x22k.sys [2/19/2009 9:54:48 AM 1222680]

Contents of the 'Scheduled Tasks' folder

2011-11-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34:12 . 2008-07-30 18:34:12]

2011-11-08 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29 15:23:19 . 2010-01-29 15:23:17]

2011-11-08 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29 15:23:19 . 2010-01-29 15:23:17]

2011-11-08 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1229732116-1318610321-1845911597-1061Core.job
- C:\Documents and Settings\bfrerichs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-17 20:38:36 . 2009-06-17 20:38:36]

2011-11-08 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1229732116-1318610321-1845911597-1061UA.job
- C:\Documents and Settings\bfrerichs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-17 20:38:36 . 2009-06-17 20:38:36]


------- Supplementary Scan -------

uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = 10.0.0.8:80
uInternet Settings,ProxyOverride = 10.0.0.26;10.0.0.25;10.0.0.27;192.168.7.21;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Web Capture - C:\Program Files\SmarThru Office\WebCapture.dll
Trusted Zone: cr-exchdc2
Trusted Zone: localhost
Trusted Zone: sv-mimosa-np
TCP: Interfaces\{0428620C-D4DB-48AD-9333-97872633B53B}: NameServer = 192.168.110.13,10.0.0.8
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} - hxxps://sv-blackberry:664/webconsole/RIMWebComponents.cab
FF - ProfilePath - C:\Documents and Settings\bfrerichs\Application Data\Mozilla\Firefox\Profiles\7ybplh7b.default\
FF - prefs.js: browser.startup.homepage - msn.com

Title: Re: Malware Infection
Post by: Dr Jay on November 10, 2011, 06:32:54 AM

Scan for malware

(http://www.malwarebytes.org/forums/style_images/1/bf_new.gif) Please download Malwarebytes Anti-Malware from Download.CNET.com (http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html).
Alternate link: BleepingComputer.com (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe).
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.

Title: Re: Malware Infection
Post by: bud51360 on November 17, 2011, 08:23:53 AM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8182

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/17/2011 9:22:52 AM
mbam-log-2011-11-17 (09-22-52).txt

Scan type: Quick scan
Objects scanned: 190035
Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\bfrerichs\local settings\temp\wpbt0.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\bfrerichs\local settings\temporary internet files\Content.IE5\74HIFP70\readme[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Title: Re: Malware Infection
Post by: Dr Jay on November 18, 2011, 06:31:41 AM

Computer appears to be clean...

Title: Re: Malware Infection
Post by: bud51360 on November 18, 2011, 07:46:52 AM

My computer is not clean.   :(

I still have iexplore.exe running in my processes by itself.  I end the process and it comes back all by itself.

The Google redirect is still happening using Firefox, Internet Explorer and Chrome.  Firefox is my primary internet browser.  It crashes after about two minutes of use as does Internet Explorer when I try to use it.  Chrome in "incognito" mode is the only stable browser but the Google redirect is in effect on that browser as well.

I still get random audio files playing.