PDA

View Full Version : Help removing Win32.Download.gen


tskilken
2013-04-08, 17:18
I have run spybot at least 5 times and it still shows up. I am running Windows 7 32bit. Your help is greatly appreciated. Here is the DDS and aswMBR text files. Attach.zip is attached.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2
Run by tskilken at 10:10:49 on 2013-04-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1584 [GMT -4:00]
.
AV: Trend Micro Security Agent *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Security Agent *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\FTR\ForTheRecord\NMSAccess32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Roozz\Updater.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
C:\Program Files\FTR\ForTheRecord\FTR.TREdge.DeviceDetector.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Users\tskilken\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WORLDOX\WBGX.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Siber Systems\AI RoboForm\Identities.exe
C:\Windows\explorer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://companyweb
uProxyOverride = 192.168.*.*;*.local
uURLSearchHooks: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} -
mURLSearchHooks: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\program files\trend micro\amsp\module\20004\1.6.1106\6.6.1077\TmIEPlg.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WhiteSmoke New Toolbar: {739DF940-C5EE-4BAB-9D7E-270894AE687A} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: PracticeMaster: {4E4D87BA-2985-409B-8D81-1F4B0F990902} - c:\program files\tabs3\pmlinkie.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SearchProtect] c:\users\tskilken\appdata\roaming\searchprotect\bin\cltmng.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DLSService] "c:\program files\dymo\dymo label software\DLSService.exe"
mRun: [DeviceDetector] c:\program files\ftr\fortherecord\FTR.TREdge.DeviceDetector.exe
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SearchProtectAll] c:\program files\searchprotect\bin\cltmng.exe
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
dRun: [Bomgar_Cleanup_ZD2669115724] cmd.exe /C rd /S /Q "c:\programdata\bomgar-scc-4f552331" & reg delete hkcu\software\microsoft\windows\currentversion\Run /v Bomgar_Cleanup_ZD2669115724 /f
StartupFolder: c:\users\tskilken\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoho~1.lnk - c:\program files\autohotkey\AutoHotkey.exe
StartupFolder: c:\users\tskilken\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tskilken\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\altiview.lnk - c:\program files\altigen\altiview\AltiView.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\worldo~1.lnk - c:\worldox\WDMIRROR.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-System: RunStartupScriptSync = dword:1
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - {4E4D87BA-2985-409B-8D81-1F4B0F990902}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - file://serv1/EonServ1/Program%20Files/Trend%20Micro/Security%20Server/PCCSRV/Web_console/ClientInstall/WinNTChk.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://serv1.tslaw.local:4343/officescan/console/ClientInstall/setup.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.4.cab
DPF: {143B3E6F-2C70-4238-85A1-D4F414C792B8} - hxxp://www.tabs3.com/video/cmrp1/demox.cab
DPF: {7B62F6EE-D046-11D3-9C5E-0060082627F7} - hxxps://securemail.ccf.org/messenger/download/TWDownload.cab
DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} - hxxps://skilken-server:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBEDCC} - hxxps://skilken-server:4343/SMB/console/html/root/AtxConsole.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://rwlynch.webex.com/client/T27LC/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.3
TCP: Interfaces\{FF0B678F-BD71-454D-A840-C30F5DECF4F6} : NameServer = 192.168.0.3
TCP: Interfaces\{FF0B678F-BD71-454D-A840-C30F5DECF4F6} : DHCPNameServer = 192.168.0.3
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.6.1106\6.6.1077\TmIEPlg.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\client server security agent\uiframework\ProToolbarIMRatingActiveX.dll
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\223\g2ax_winlogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.43\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tskilken\appdata\roaming\mozilla\firefox\profiles\4xzrw5a2.default\
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\dymo\dymo label software\framework\npDYMOLabelFramework.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\program files\roozz\nproozz.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\tskilken\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-03-12 15:44; {22119944-ED35-4ab1-910B-E619EA06A115}; c:\program files\siber systems\ai roboform\Firefox
FF - ExtSQL: 2013-03-31 12:32; {22C7F6C6-8D67-4534-92B5-529A0EC09405}; c:\program files\trend micro\amsp\module\20004\1.6.1106\6.6.1077\firefoxextension
.
============= SERVICES / DRIVERS ===============
.
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-7-9 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-12 176128]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-4-7 196320]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-3-6 93984]
R2 DymoPnpService;DYMO PnP Service;c:\program files\dymo\dymo label software\DymoPnpService.exe [2012-6-20 32368]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-11-4 6656]
R2 monblanking;monblanking;c:\windows\system32\drivers\monblanking.sys [2013-3-31 28416]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-6 214896]
R2 Roozz Updater;Roozz Updater;c:\program files\roozz\Updater.exe [2013-2-12 423936]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-4-7 65296]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-6-6 211984]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\drivers\PciPPorts.sys [2009-7-23 82944]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\drivers\PciSPorts.sys [2008-12-19 115200]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\223\g2ax_service.exe [2010-3-15 161144]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-13 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-13 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-9 1343400]
S4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb19 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
S4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-02 14:13:32 -------- d-----w- c:\users\tskilken\appdata\local\Macromedia
2013-04-01 17:51:51 -------- d-----w- c:\users\tskilken\appdata\roaming\SearchProtect
2013-03-31 16:21:55 53080 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\GoToPrintProcessor.dll
2013-03-31 16:21:53 -------- d-----w- c:\programdata\CitrixLogs
2013-03-31 16:21:52 126296 ----a-w- c:\windows\system32\gotomon.dll
2013-03-31 16:21:46 28416 ----a-w- c:\windows\system32\drivers\monblanking.sys
2013-03-29 14:29:20 -------- d-----w- c:\program files\Anatronica
2013-03-29 14:08:12 -------- d-----w- c:\program files\Anatronica Free
2013-03-29 14:05:50 -------- d-----w- c:\users\tskilken\appdata\roaming\Unity
2013-03-29 14:01:47 -------- d-----w- c:\users\tskilken\appdata\local\Unity
2013-03-26 20:35:18 -------- d-----w- c:\program files\Microsoft Lync
2013-03-26 20:34:54 -------- d-----w- c:\program files\OCSetup
2013-03-23 23:08:07 -------- d-----w- c:\program files\SearchProtect
2013-03-23 23:07:57 -------- d-----w- c:\users\tskilken\appdata\local\CRE
2013-03-22 18:47:35 -------- d-----w- c:\program files\MSECache
2013-03-13 07:01:48 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
==================== Find3M ====================
.
2013-04-02 14:13:25 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-02 14:13:25 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-07 15:27:48 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-07 15:27:46 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-07 15:27:46 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-06 10:38:36 770384 ----a-w- c:\windows\system32\msvcr100.dll
2013-03-06 10:38:36 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 10:11:59.81 ===============


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-08 09:58:11
-----------------------------
09:58:11.432 OS Version: Windows 6.1.7601 Service Pack 1
09:58:11.432 Number of processors: 2 586 0x170A
09:58:11.434 ComputerName: TOM-PC UserName:
09:58:16.055 Initialize success
10:00:11.765 AVAST engine defs: 13040801
10:00:38.063 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:00:38.066 Disk 0 Vendor: ST316031 CC45 Size: 152587MB BusType: 3
10:00:38.071 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
10:00:38.074 Disk 1 Vendor: ST316031 CC45 Size: 152587MB BusType: 3
10:00:38.256 Disk 0 MBR read successfully
10:00:38.260 Disk 0 MBR scan
10:00:38.287 Disk 0 Windows VISTA default MBR code
10:00:38.291 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
10:00:38.319 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
10:00:38.344 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 137546 MB offset 30801920
10:00:38.357 Disk 0 scanning sectors +312497952
10:00:38.541 Disk 0 scanning C:\Windows\system32\drivers
10:00:52.247 Service scanning
10:01:41.412 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:02:01.639 Modules scanning
10:02:41.313 Disk 0 trace - called modules:
10:02:41.334 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spvy.sys halmacpi.dll
10:02:41.342 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87268030]
10:02:41.350 3 CLASSPNP.SYS[8bf9c59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x866a6028]
10:02:44.436 AVAST engine scan C:\Windows
10:02:47.017 AVAST engine scan C:\Windows\system32
10:07:07.547 AVAST engine scan C:\Windows\system32\drivers
10:07:27.651 AVAST engine scan C:\Users\tskilken
10:08:12.816 Disk 0 MBR has been saved successfully to "C:\Users\tskilken\Downloads\Software\Spybot\MBR.dat"
10:08:12.824 The log file has been saved successfully to "C:\Users\tskilken\Downloads\Software\Spybot\aswMBR.txt"
ken545
2013-04-18, 11:06
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , Right Click and select RUN AS ADMINISTATOR



Let me ask you, is this a company computer ?
tskilken
2013-04-18, 17:49
By "company computer", I'm not sure I understand the question. It is my desktop and I own it. It is connected to Windows SBS 2008 network in which I share ownership.
ken545
2013-04-18, 19:14
Hi,

Can you read this please and clarify your situation

http://forums.spybot.info/showpost.php?p=25712&postcount=5
tskilken
2013-04-19, 21:05
To clarify, I am in a small officewith just 3 lawyers. We do not have an IT staff or corporate group policies to contend with. I manage most of the IT issues with occasional help from an outside consultant when necessary.

I value spybot and will purchase a Corporate edition. I am not clear about the support options available. I hope this answers your quetions. I value spybot and will purchase a Corporate edition regardless of the outcome of this issue. Any further direction will be appreciated.
ken545
2013-04-19, 23:26
Hi,

Thanks so much for your patience and understanding but I am afraid we cant help you on the forum, some of the scans we run and fixes we do can sometimes pick up sensitive company info and possibly change network settings that we don't want to be responsible for. People from all over the world can read these forums and it could lead to sensitive info being exposed . I would suggest you contact the outside consultant that you mentioned.

Ken :)