Inactive Is A Virus Blocking My Internet?

Status
Not open for further replies.

timbo412

Posts: 16   +0
Hello,

Two days ago, after storms and a power outage, I restarted my work computer. Since that time, no web browsers (IE, Firefox, Chrome) will make a connection. I cannot update any software programs. I also cannot use our membership database program, which runs via TCP/IP. I can ping internal and external IP's with no problem, and I can access everything on our network. I can even use LogMeIn from home to access my work computer. Our offsite tech person said it might be a virus.

I followed the 8-step Viruses/Spyware/Malware Preliminary Removal Instructions, and logs are included. One exception is MBAM. I saved the log file, but it would not completion of deleting the two infected entries it found. The program hung, and I had to quit and start it over. It keeps finding the same two entries.

Thanks for any help you can give!

Tim

--------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4049

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4/14/2011 1:33:23 PM
mbam-log-2011-04-14 (13-33-23).txt

Scan type: Quick scan
Objects scanned: 216915
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------------------------------------

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-14 13:07:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000067 ST3160815AS rev.3.ADA
Running: gmer.exe; Driver: C:\DOCUME~1\tdavis\LOCALS~1\Temp\pxtdipob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0BBC.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat SSFS0BBC.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Tcpip \Device\Ip 8A187218
Device \Driver\Tcpip \Device\Ip 8A278190
Device \Driver\Tcpip \Device\Ip 8A40C198
Device \Driver\Tcpip \Device\Tcp 8A187218
Device \Driver\Tcpip \Device\Tcp 8A278190
Device \Driver\Tcpip \Device\Tcp 8A40C198
Device \Driver\Tcpip \Device\Udp 8A187218
Device \Driver\Tcpip \Device\Udp 8A278190
Device \Driver\Tcpip \Device\Udp 8A40C198
Device \Driver\Tcpip \Device\RawIp 8A187218
Device \Driver\Tcpip \Device\RawIp 8A278190
Device \Driver\Tcpip \Device\RawIp 8A40C198

---- EOF - GMER 1.0.15 ----
----------------------------------------------------------------------------

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by tdavis at 13:11:51.09 on Thu 04/14/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1309 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\authServer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaseya\MSSLNK22553580818899\AgentMon.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\OpenBase\bin\openexec.exe
C:\Program Files\Acink Corp\Parent Pager\PPUM.2323.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Webroot\Client\commagent.exe
C:\Program Files\Webroot\Client\SpySweeperUI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaseya\MSSLNK22553580818899\KaUsrTsk.exe
C:\OpenBase\bin\openinfo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Webroot\Client\spysweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
\\faclex2\users\tdavis\Desktop\virus\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [Google Update] "c:\documents and settings\tdavis\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] "stsystra.exe"
mRun: [Synchronization Manager] "%SystemRoot%\system32\mobsync.exe" /logon
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [WebrootClientUI] "c:\program files\webroot\client\SpySweeperUI.EXE" /StartInTray
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KASHMSSLNK22553580818899] "c:\program files\kaseya\msslnk22553580818899\KaUsrTsk.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
LSP: CESpy.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209155705967
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://192.168.1.113/program/SonySncRz25View.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxp://managed.missinglinklex.com/inc/kaxRemote.dll
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: {9BD9336D-DE2F-450A-BBC8-88F48A31533E} = 192.168.1.15
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\tdavis\applic~1\mozilla\firefox\profiles\qv46ad0s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.icontact.com/
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\tdavis\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\tdavis\application data\mozilla\firefox\profiles\qv46ad0s.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\tdavis\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\tdavis\application data\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R0 ssfs0bbc;Spy Sweeper File System Filter Driver: 0BBC;c:\windows\system32\drivers\ssfs0bbc.sys [2009-8-25 30136]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
R2 Auth Service;Auth Service;c:\windows\system32\authServer.exe [2011-3-21 246272]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 KAMSSLNK22553580818899;Kaseya Agent;c:\program files\kaseya\msslnk22553580818899\AgentMon.exe [2011-4-13 737280]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-4-6 47640]
R2 openexec;OpenBase Service;c:\openbase\bin\openexec.exe [2009-7-1 731853]
R2 PPUpdateManager;Parent Pager Update Manager 2323;c:\program files\acink corp\parent pager\PPUM.2323.exe [2010-5-5 446464]
R2 WebrootCommAgentService;Webroot CommAgent Service;c:\program files\webroot\client\CommAgent.exe [2009-8-25 715176]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.sys [2011-4-13 13824]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-4-13 38224]
R3 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\client\SPYSWEEPER.EXE [2009-8-25 4110352]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-17 136176]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-6-13 42112]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-04-13 18:26:38 -------- d-----w- C:\CCleaner
2011-04-13 18:26:33 855464 ----a-w- c:\temp\ccsetup208.exe
2011-04-13 18:10:37 -------- d-----w- c:\docume~1\tdavis\applic~1\Malwarebytes
2011-04-13 18:09:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-13 18:09:19 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-13 18:09:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-13 18:09:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-13 18:09:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\avg9
2011-04-13 18:08:38 -------- d-----w- C:\apps
2011-04-13 17:45:02 -------- d-----w- c:\program files\RealVNC
2011-04-13 17:14:39 13824 ----a-w- c:\windows\system32\drivers\KAPFA.sys
2011-04-13 17:14:39 135168 ----a-w- c:\windows\system32\KaseyaSP.dll
2011-04-13 17:14:37 -------- d-----w- c:\program files\Kaseya
2011-04-11 18:57:52 -------- d-----w- c:\program files\Emicsoft Studio
2011-03-21 13:08:03 246272 ----a-w- c:\windows\system32\authServer.exe
2011-03-16 20:58:38 -------- d-----w- c:\program files\OW2010
.
==================== Find3M ====================
.
2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 01:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-20 19:38:38 241912 ----a-w- c:\windows\system32\nmNsp.dll
2011-01-20 19:38:14 193272 ----a-w- c:\windows\system32\CESpy.dll
.
============= FINISH: 13:12:01.87 ===============

----------------------------------------------------------------------------------------

Attach log file from DDS

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/21/2008 2:55:34 PM
System Uptime: 4/14/2011 12:45:07 PM (1 hours ago)
.
Motherboard: Dell Inc | | 0TT708
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket M2 | 2605/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 87.919 GiB free.
D: is CDROM ()
E: is Removable
P: is NetworkDisk (NTFS) - 931 GiB total, 520.242 GiB free.
S: is NetworkDisk (NTFS) - 931 GiB total, 520.242 GiB free.
Y: is NetworkDisk (NTFS) - 931 GiB total, 520.242 GiB free.
Z: is NetworkDisk (NTFS) - 931 GiB total, 520.242 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3ivx MPEG-4 5.0.3 (remove only)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.6
Adobe Shockwave Player
Advanced IP Scanner v1.5
Advanced Security for Outlook
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Audacity 1.2.6
Audacity 1.3.12
Avidemux 2.5
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
CCleaner (remove only)
CDM+ 9.0
Compatibility Pack for the 2007 Office system
Countdown Creator 2.0
Covenant Eyes
Dell ETS Factory Installation
DivX Setup
Dropbox
DVDStyler v1.7.4
EncFlac 1.1.2
Evernote
FinalBurner Free v2.2.0.132
FlipShare
Foxit PDF Editor
Foxit Reader
Google Calendar Sync
Google Chrome
Google Earth Plug-in
Google Gmail Notifier
Google Update Helper
Google Updater
Graph paper printer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kaseya Agent (tim.root.first_alliance_church - agent.missinglinklex.com)
LAME v3.98.2 for Audacity
Lexmark Software Uninstall
LiveUpdate 3.3 (Symantec Corporation)
Logitech Webcam Software
Logitech Webcam Software Driver Package
LogMeIn
Malwarebytes' Anti-Malware
Media Player Classic - Home Cinema v1.4.2499.0
Media Player Codec Pack 3.1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.3
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Converter Pack
Microsoft Office Professional Edition 2003
Microsoft OpenType Font File Properties Extension
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works 6-9 Converter
Move Media Player
Mozilla Firefox (3.6.13)
Mpeg2Decoder 1.3
mpegable DS decoder
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
msxml4
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
OpenLibraries
OW Professional Edition
Parent Pager
Plato DVD Ripper Professional 6.66.14
PowerDVD
PrimoPDF
Prism Video File Converter
QuickTime
RealPlayer
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Segoe UI
Serif PagePlus 9.0
Skype™ 5.1
Sonic Activation Module
StuffIt Expander 2009
Super Video Converter 5.8
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Video Edit Magic 4.4
WAV MP3 Converter v4.2 build 1259
WebFldrs XP
Webroot® Client
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
4/9/2011 3:02:02 AM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library Generic Flash Disk USB Device.
4/7/2011 1:02:49 PM, error: Print [6161] - The document \\faclex2\users\tdavis\Desktop\Publication1.PDF owned by tdavis failed to print on printer Lexmark E352dn XL. Data type: NT EMF 1.008. Size of the spool file in bytes: 90825816. Number of bytes printed: 90825668. Total number of pages in the document: 1. Number of pages printed: 1. Client machine: \\TIM. Win32 error code returned by the print processor: 1 (0x1).
4/7/2011 1:00:29 PM, error: Print [6161] - The document Publication1 owned by tdavis failed to print on printer Lexmark E352dn XL. Data type: NT EMF 1.008. Size of the spool file in bytes: 29491200. Number of bytes printed: 26313752. Total number of pages in the document: 1. Number of pages printed: 1. Client machine: \\TIM. Win32 error code returned by the print processor: 1 (0x1).
4/14/2011 12:44:05 PM, error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:05 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The Webroot CommAgent Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The VNC Server Version 4 service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The SecuROM User Access Service (V7) service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:02 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:01 PM, error: Service Control Manager [7034] - The Broadcom ASF IP Monitor service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:01 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:01 PM, error: Service Control Manager [7034] - The Auth Service service terminated unexpectedly. It has done this 1 time(s).
4/14/2011 12:44:01 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/13/2011 1:57:33 PM, error: Service Control Manager [7034] - The Parent Pager Update Manager 2323 service terminated unexpectedly. It has done this 1 time(s).
4/12/2011 3:53:33 PM, error: NETLOGON [5719] - No Domain Controller is available for domain FACLEX due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
4/11/2011 2:07:06 PM, error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/11/2011 2:06:59 PM, error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/11/2011 2:06:54 PM, error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).
4/11/2011 2:06:33 PM, error: Service Control Manager [7034] - The OpenBase Service service terminated unexpectedly. It has done this 1 time(s).
4/11/2011 2:02:03 PM, error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================

I can't see any AV program running.
Why is that?

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.
 
Hi Broni,

We use WebRoot on our network. I turned it off completely when running the initial scans and saving the logs. Will follow your instructions and post.
 
Ran the scan. Initial "Results" window gave me this:

-------------------------------------------------------------------------------------

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=static addr=192.168.1.15 register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : Tim Primary Dns Suffix . . . . . . . : faclex.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : faclex.local faclex.localEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : faclex.local Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller Physical Address. . . . . . . . . : 00-1D-09-23-83-2F Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.137 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.15 DNS Servers . . . . . . . . . . . : 192.168.1.15 Lease Obtained. . . . . . . . . . : Thursday, April 14, 2011 1:20:02 PM Lease Expires . . . . . . . . . . : Friday, April 15, 2011 1:20:02 PM

------------------------------------------------------------------------------------------------

which I saved to a txt file. After saving and opening the file, it contained this:

--------------------------------------------------------------------------------------------------

MiniToolBox by Farbar
Ran by tdavis (administrator) at 2011-04-14 14:43:49
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================
================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/14/2011 02:10:05 PM) (Source: Google Update) (User: tdavis)tdavis
Description: Google Update has encountered a fatal error.
ver=1.2.183.39;lang=en;is_machine=0;upload=0;minidump=C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\CrashReports\3b52142b-0c35-4fe9-af23-e6884426a570.dmp

Error: (04/14/2011 02:10:02 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/14/2011 01:35:13 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.45.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/14/2011 01:05:50 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/14/2011 01:04:53 PM) (Source: Application Error) (User: )
Description: Faulting application googlecalendarsync.exe, version 0.9.3.5, faulting module nmsvc.dll, version 0.0.0.0, fault address 0x000139df.
Processing media-specific event for [googlecalendarsync.exe!ws!]

Error: (04/14/2011 00:59:24 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.45.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/14/2011 00:47:28 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.45.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/14/2011 00:15:46 PM) (Source: Google Update) (User: tdavis)tdavis
Description: Google Update has encountered a fatal error.
ver=1.2.183.39;lang=en;is_machine=0;upload=0;minidump=C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\CrashReports\dabe5ace-75ac-4ad9-8055-0861adfab062.dmp

Error: (04/14/2011 11:32:42 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/14/2011 11:15:47 AM) (Source: Google Update) (User: tdavis)tdavis
Description: Google Update has encountered a fatal error.
ver=1.2.183.39;lang=en;is_machine=0;upload=0;minidump=C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\CrashReports\ded5f7f2-f4ff-4efd-b2f4-51c75718a2eb.dmp


System errors:
=============
Error: (04/14/2011 01:23:13 PM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/14/2011 00:44:05 PM) (Source: Service Control Manager) (User: )
Description: The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).

Error: (04/14/2011 00:44:05 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/14/2011 00:44:04 PM) (Source: Service Control Manager) (User: )
Description: The Parent Pager Update Manager 2323 service terminated unexpectedly. It has done this 1 time(s).

Error: (04/14/2011 00:44:04 PM) (Source: Service Control Manager) (User: )
Description: The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).

Error: (04/14/2011 00:44:04 PM) (Source: Service Control Manager) (User: )
Description: The VNC Server Version 4 service terminated unexpectedly. It has done this 1 time(s).

Error: (04/14/2011 00:44:04 PM) (Source: Service Control Manager) (User: )
Description: The Webroot CommAgent Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/14/2011 00:44:04 PM) (Source: Service Control Manager) (User: )
Description: The SecuROM User Access Service (V7) service terminated unexpectedly. It has done this 1 time(s).

Error: (04/14/2011 00:44:04 PM) (Source: Service Control Manager) (User: )
Description: The OpenBase Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/14/2011 00:44:04 PM) (Source: Service Control Manager) (User: )
Description: The Process Monitor service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (04/14/2011 02:10:05 PM) (Source: Google Update)(User: tdavis)tdavis
Description: Google Update has encountered a fatal error.
ver=1.2.183.39;lang=en;is_machine=0;upload=0;minidump=C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\CrashReports\3b52142b-0c35-4fe9-af23-e6884426a570.dmp

Error: (04/14/2011 02:10:02 PM) (Source: Application Hang)(User: )
Description: iexplore.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (04/14/2011 01:35:13 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.45.0.0hungapp0.0.0.000000000

Error: (04/14/2011 01:05:50 PM) (Source: Application Hang)(User: )
Description: iexplore.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (04/14/2011 01:04:53 PM) (Source: Application Error)(User: )
Description: googlecalendarsync.exe0.9.3.5nmsvc.dll0.0.0.0000139df

Error: (04/14/2011 00:59:24 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.45.0.0hungapp0.0.0.000000000

Error: (04/14/2011 00:47:28 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.45.0.0hungapp0.0.0.000000000

Error: (04/14/2011 00:15:46 PM) (Source: Google Update)(User: tdavis)tdavis
Description: Google Update has encountered a fatal error.
ver=1.2.183.39;lang=en;is_machine=0;upload=0;minidump=C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\CrashReports\dabe5ace-75ac-4ad9-8055-0861adfab062.dmp

Error: (04/14/2011 11:32:42 AM) (Source: Application Hang)(User: )
Description: iexplore.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (04/14/2011 11:15:47 AM) (Source: Google Update)(User: tdavis)tdavis
Description: Google Update has encountered a fatal error.
ver=1.2.183.39;lang=en;is_machine=0;upload=0;minidump=C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\CrashReports\ded5f7f2-f4ff-4efd-b2f4-51c75718a2eb.dmp


========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 31%
Total physical RAM: 1981.85 MB
Available physical RAM: 1354.35 MB
Total Pagefile: 5920.95 MB
Available Pagefile: 5416.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 2007.26 MB

======================= Partitions: =======================================

1 Drive c: () (Fixed) (Total:148.96 GB) (Free:87.92 GB) NTFS
3 Drive e: (CM FLASH) (Removable) (Total:1.97 GB) (Free:1.51 GB) FAT
4 Drive p: (Data) (Network) (Total:931 GB) (Free:520.24 GB) NTFS
5 Drive s: (Data) (Network) (Total:931 GB) (Free:520.24 GB) NTFS
6 Drive y: (Data) (Network) (Total:931 GB) (Free:520.24 GB) NTFS
7 Drive z: (Data) (Network) (Total:931 GB) (Free:520.24 GB) NTFS

================= Users: ==================================================
================= End of Users ============================================


I'm also noticing that, at times, Windows Explorer is responding very slowly, whether I'm opening a network or local folder/drive. Most of the time it's normal, but I thought I'd mention it.

Tim
 
Your network settings seem to be fine, so we'll keep checking for an infection.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Is it a problem that CF was unable to d/l the recovery console due to my internet access problem? It's continuing with the scan.
 
Okey dokey - here they are...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0304801c

Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 SSHRMD.SYS
0xBA0C8000 SSFS0BBC.SYS
0xB9F3A000 SSIDRV.SYS
0xB9F0D000 \WINDOWS\SYSTEM32\Drivers\NDIS.SYS
0xBA328000 \WINDOWS\SYSTEM32\Drivers\TDI.SYS
0xBA670000 pciide.sys
0xBA330000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9EEE000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9EC8000 dmio.sys
0xBA338000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9EB0000 atapi.sys
0xB9E96000 nvata.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E76000 fltmgr.sys
0xBA118000 PxHelp20.sys
0xB9E5F000 KSecDD.sys
0xB9E4C000 WudfPf.sys
0xB9DBF000 Ntfs.sys
0xB9DA5000 Mup.sys
0xB897E000 \SystemRoot\system32\DRIVERS\processr.sys
0xB88D4000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xB850C000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB84F8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA4A0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB84D4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA4A8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB896E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB895E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB894E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB84B1000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA4B0000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB8489000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB893E000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9D7D000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8475000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA72A000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0xBA72B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB892E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D79000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB845E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB891E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB890E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB844D000 \SystemRoot\system32\DRIVERS\psched.sys
0xB88FE000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA348000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA358000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB841D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA360000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA368000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5D8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB83BF000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D61000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA208000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA218000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5EA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB4F97000 \SystemRoot\system32\drivers\sthda.sys
0xB4F73000 \SystemRoot\system32\drivers\portcls.sys
0xBA228000 \SystemRoot\system32\drivers\drmk.sys
0xBA548000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA5EE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6D1000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5F0000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA380000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA388000 \SystemRoot\System32\drivers\vga.sys
0xBA5F2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA390000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA398000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA550000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB4F40000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB4EE7000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB4EBF000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB4E99000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA248000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA55C000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB4E4F000 \SystemRoot\System32\drivers\afd.sys
0xBA258000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB4E24000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB4DB4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA268000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA288000 \SystemRoot\System32\Drivers\usbaapl.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB941C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA584000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA3C0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB4D39000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA588000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\point32.sys
0xBA590000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB4D1F000 \SystemRoot\System32\Drivers\dump_nvata.sys
0xBA60C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB768B000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3D8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6D2000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF45B000 \SystemRoot\System32\ATMFD.DLL
0xB3C4F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3A7B000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB3BA7000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB3A4E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA3E0000 \SystemRoot\System32\drivers\aspi32.sys
0xBA5E2000 \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
0xB36FE000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA626000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xB380E000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
0xB2C91000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3556000 \SystemRoot\system32\drivers\sysaudio.sys
0xB240B000 \??\C:\WINDOWS\system32\drivers\KAPFA.SYS
0xBA3A0000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xB22C2000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA400000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB14B2000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 60):
0 System Idle Process
4 System
564 C:\WINDOWS\system32\smss.exe
628 csrss.exe
652 C:\WINDOWS\system32\winlogon.exe
696 C:\WINDOWS\system32\services.exe
708 C:\WINDOWS\system32\lsass.exe
896 C:\WINDOWS\system32\svchost.exe
980 svchost.exe
1084 C:\WINDOWS\system32\svchost.exe
1120 C:\WINDOWS\system32\svchost.exe
1216 svchost.exe
1284 svchost.exe
1488 C:\WINDOWS\system32\spoolsv.exe
1604 svchost.exe
1664 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1712 C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
1740 C:\WINDOWS\system32\authServer.exe
1760 C:\Program Files\Bonjour\mDNSResponder.exe
1796 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
216 C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
360 C:\Program Files\Google\Update\GoogleUpdate.exe
400 C:\Program Files\Java\jre6\bin\jqs.exe
448 C:\Program Files\Kaseya\MSSLNK22553580818899\AgentMon.exe
320 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
576 C:\Program Files\LogMeIn\x86\ramaint.exe
1048 C:\Program Files\LogMeIn\x86\LogMeIn.exe
2028 C:\WINDOWS\explorer.exe
244 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1036 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1208 C:\WINDOWS\system32\nvsvc32.exe
860 C:\OpenBase\bin\openexec.exe
616 C:\Program Files\Acink Corp\Parent Pager\PPUM.2323.exe
1936 C:\WINDOWS\system32\svchost.exe
2136 C:\WINDOWS\system32\UAService7.exe
2168 C:\Program Files\Webroot\Client\CommAgent.exe
2352 C:\WINDOWS\stsystra.exe
2368 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2440 C:\Program Files\Microsoft IntelliType Pro\itype.exe
2456 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
2508 C:\Program Files\RealVNC\VNC4\WinVNC4.exe
2516 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2660 C:\Program Files\Webroot\Client\SpySweeperUI.exe
2760 C:\Program Files\iTunes\iTunesHelper.exe
2820 C:\OpenBase\bin\openinfo.exe
2836 C:\WINDOWS\system32\wuauclt.exe
2920 C:\Program Files\Kaseya\MSSLNK22553580818899\KaUsrTsk.exe
3052 C:\WINDOWS\system32\ctfmon.exe
3136 wmiprvse.exe
3152 C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
3184 C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
3316 wmiprvse.exe
3484 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
3588 C:\Program Files\Webroot\Client\SPYSWEEPER.EXE
3832 unsecapp.exe
3264 alg.exe
776 C:\Program Files\iPod\bin\iPodService.exe
3612 wmiprvse.exe
2004 C:\WINDOWS\system32\svchost.exe
3444 \Device\LanmanRedirector\faclex2\users\tdavis\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: ST3160815AS, Rev: 3.ADA

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!




ComboFix 11-04-13.06 - tdavis 04/14/2011 16:25:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1363 [GMT -4:00]
Running from: \\faclex2\users\tdavis\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-14 to 2011-04-14 )))))))))))))))))))))))))))))))
.
.
2011-04-13 18:26 . 2011-04-14 13:23 -------- d-----w- C:\CCleaner
2011-04-13 18:26 . 2011-04-13 18:26 855464 ----a-w- c:\temp\ccsetup208.exe
2011-04-13 18:10 . 2011-04-13 18:10 -------- d-----w- c:\documents and settings\tdavis\Application Data\Malwarebytes
2011-04-13 18:09 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-13 18:09 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-13 18:09 . 2011-04-13 18:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-13 18:09 . 2011-04-13 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-13 18:09 . 2011-04-13 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2011-04-13 18:08 . 2011-04-13 18:08 -------- d-----w- C:\apps
2011-04-13 17:56 . 2011-04-13 17:56 -------- d-----w- c:\documents and settings\mlmsadmin\Local Settings\Application Data\Mozilla
2011-04-13 17:45 . 2011-04-13 17:45 -------- d-----w- c:\program files\RealVNC
2011-04-13 17:14 . 2010-02-25 20:17 13824 ----a-w- c:\windows\system32\drivers\KAPFA.sys
2011-04-13 17:14 . 2010-02-25 20:17 135168 ----a-w- c:\windows\system32\KaseyaSP.dll
2011-04-13 17:14 . 2011-04-13 17:14 -------- d-----w- c:\program files\Kaseya
2011-04-11 18:57 . 2011-04-11 18:57 -------- d-----w- c:\program files\Emicsoft Studio
2011-03-21 13:10 . 2011-03-21 13:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\CE
2011-03-21 13:08 . 2011-01-20 19:31 246272 ----a-w- c:\windows\system32\authServer.exe
2011-03-16 20:58 . 2011-03-16 20:58 -------- d-----w- c:\program files\OW2010
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 21:36 . 2010-04-06 12:48 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 21:36 . 2010-04-06 12:48 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-09 13:53 . 2004-08-11 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 01:40 . 2010-05-14 18:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:19 . 2008-04-21 19:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2004-08-11 22:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-11 22:11 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-11 22:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-20 19:38 . 2008-06-16 15:12 241912 ----a-w- c:\windows\system32\nmNsp.dll
2011-01-20 19:38 . 2008-06-16 15:12 193272 ----a-w- c:\windows\system32\CESpy.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\tdavis\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\tdavis\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\tdavis\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\tdavis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-16 133104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-03 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-03 86016]
"SigmatelSysTrayApp"="stsystra.exe" [2007-12-02 282624]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"WebrootClientUI"="c:\program files\Webroot\Client\SpySweeperUI.EXE" [2009-08-25 435624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"KASHMSSLNK22553580818899"="c:\program files\Kaseya\MSSLNK22553580818899\KaUsrTsk.exe" [2011-01-13 323584]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 18:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1112\Scripts\Logon\0\0]
"Script"=Q_map.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1112\Scripts\Logon\1\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1113\Scripts\Logon\0\0]
"Script"=Q_map.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1113\Scripts\Logon\1\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1114\Scripts\Logon\0\0]
"Script"=Q_map.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1114\Scripts\Logon\1\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1115\Scripts\Logon\0\0]
"Script"=DriveMappings.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1115\Scripts\Logon\1\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1116\Scripts\Logon\0\0]
"Script"=DriveMappings.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1116\Scripts\Logon\1\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1149\Scripts\Logon\0\0]
"Script"=Logon2010.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1162\Scripts\Logon\0\0]
"Script"=Q_map.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1162\Scripts\Logon\1\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1165\Scripts\Logon\0\0]
"Script"=Logon2010.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-500\Scripts\Logon\0\0]
"Script"=Logon2010.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KAMSSLNK22553580818899]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2008-10-24 13:14 206112 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2008-10-24 13:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-06-08 22:40 128560 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AllAlertsDisabled"=dword:00000001
"TermService"=dword:00000001
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R0 ssfs0bbc;Spy Sweeper File System Filter Driver: 0BBC;c:\windows\system32\drivers\ssfs0bbc.sys [8/25/2009 9:50 AM 30136]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 5:25 PM 65536]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 2:22 PM 1085440]
R2 KAMSSLNK22553580818899;Kaseya Agent;c:\program files\Kaseya\MSSLNK22553580818899\AgentMon.exe [4/13/2011 1:14 PM 737280]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 10:11 AM 374152]
R2 PPUpdateManager;Parent Pager Update Manager 2323;c:\program files\Acink Corp\Parent Pager\PPUM.2323.exe [5/5/2010 11:23 AM 446464]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.sys [4/13/2011 1:14 PM 13824]
S2 Auth Service;Auth Service;c:\windows\system32\authServer.exe [3/21/2011 9:08 AM 246272]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/17/2010 11:37 AM 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
S2 openexec;OpenBase Service;c:\openbase\bin\openexec.exe [7/1/2009 2:01 PM 731853]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/13/2011 2:09 PM 38224]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [6/13/2008 3:33 PM 42112]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-04-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-12 07:10]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 05:17]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 05:17]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019615205-160102905-4016203181-1149Core.job
- c:\documents and settings\tdavis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 15:57]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019615205-160102905-4016203181-1149UA.job
- c:\documents and settings\tdavis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 15:57]
.
2011-04-11 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2010-11-03 15:25]
.
2011-04-14 c:\windows\Tasks\Windows Backup of MyDocs.job
- c:\windows\system32\ntbackup.exe [2004-08-11 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: CESpy.dll
TCP: {9BD9336D-DE2F-450A-BBC8-88F48A31533E} = 192.168.1.15
FF - ProfilePath - c:\documents and settings\tdavis\Application Data\Mozilla\Firefox\Profiles\qv46ad0s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.icontact.com/
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\tdavis\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-nwiz - nwiz.exe
Notify-NavLogon - (no file)
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\tdavis\Application Data\Macromedia\Flash Player\
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-14 16:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\openexec]
"ImagePath"="c:\\OpenBase/bin/openexec.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3019615205-160102905-4016203181-1149\Software\SecuROM\License information*]
"datasecu"=hex:28,20,5c,ea,a8,eb,59,e0,dc,b8,96,d5,bb,f7,93,0d,ab,91,d3,28,91,
60,b2,21,59,b7,b1,25,db,65,75,b7,66,67,c1,44,57,f9,89,77,86,a8,7d,d7,71,20,\
"rkeysecu"=hex:7e,3b,e5,b8,79,7c,cb,46,4d,c4,ec,3e,99,85,fe,49
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\CESpy.dll
.
- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\CESpy.dll
c:\windows\System32\nmNsp.dll
.
Completion time: 2011-04-14 16:31:58
ComboFix-quarantined-files.txt 2011-04-14 20:31
.
Pre-Run: 94,304,645,120 bytes free
Post-Run: 94,342,004,736 bytes free
.
- - End Of File - - E7913A850A85ACB81D54BCCB5C323151
 
I don't see much there.

Restart computer in Safe Mode with Networking and see, if you can connect there.
 
Yes - nine other machines on the network all functioning fine. I was using a co-worker's computer to download the programs you posted, then transfer them to my computer via flash drive. Even our wireless is working - I made some replies to you on my iPhone. Up until three days ago, my machine had been running fine, too - no glaring signs of something going wrong.
 
Try some basic steps...

Make sure, your computer is set to obtain IP address automatically.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
6. Click Obtain an IP Address Automatically, and then click OK.

If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.


If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
Restart computer, and check again.

If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

Have XP CD available in case DAF needs a file. Likely not!

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here, one at a time, do the below:

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking

Watch for any File not found or other errors and make note as this may lead to the fix!

Restart computer.
 
Well......

Was finally able to try all of these things, but still the same issue. Our offsite system guy says he wants to take my machine in for a "thorough cleaning on the bench". Is there anything else we should try before I have him do that?
 
Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL log, part 1

OTL logfile created on: 4/19/2011 9:13:45 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = \\faclex2\users\tdavis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 8184 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 69.60 Gb Free Space | 46.72% Space Free | Partition Type: NTFS
Drive E: | 1.97 Gb Total Space | 1.50 Gb Free Space | 76.32% Space Free | Partition Type: FAT
Drive P: | 931.00 Gb Total Space | 501.48 Gb Free Space | 53.87% Space Free | Partition Type: NTFS
Drive S: | 931.00 Gb Total Space | 501.48 Gb Free Space | 53.87% Space Free | Partition Type: NTFS
Drive Y: | 931.00 Gb Total Space | 501.48 Gb Free Space | 53.87% Space Free | Partition Type: NTFS
Drive Z: | 931.00 Gb Total Space | 501.48 Gb Free Space | 53.87% Space Free | Partition Type: NTFS

Computer Name: TIM | User Name: tdavis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/19 20:03:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- \\faclex2\users\tdavis\Desktop\OTL.exe
PRC - [2011/04/13 13:45:07 | 000,438,272 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe
PRC - [2011/01/20 15:31:28 | 000,246,272 | ---- | M] () -- C:\WINDOWS\system32\authServer.exe
PRC - [2011/01/13 14:45:46 | 000,737,280 | ---- | M] (Kaseya International Limited) -- C:\Program Files\Kaseya\MSSLNK22553580818899\AgentMon.exe
PRC - [2011/01/13 14:39:50 | 000,323,584 | ---- | M] (Kaseya International Limited) -- C:\Program Files\Kaseya\MSSLNK22553580818899\KaUsrTsk.exe
PRC - [2010/12/15 14:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 14:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/16 15:02:45 | 000,446,464 | ---- | M] (Acink Corp) -- C:\Program Files\Acink Corp\Parent Pager\PPUM.2323.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/08/25 09:52:54 | 000,435,624 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Client\SpySweeperUI.exe
PRC - [2009/08/25 09:52:52 | 000,715,176 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Client\CommAgent.exe
PRC - [2009/08/25 09:51:08 | 000,166,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Client\SSU.EXE
PRC - [2009/08/25 09:51:06 | 004,110,352 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Client\SPYSWEEPER.EXE
PRC - [2008/11/06 09:46:05 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService7.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/06/10 04:29:45 | 000,674,770 | ---- | M] () -- C:\OpenBase\bin\openinfo.exe
PRC - [2008/06/10 04:29:34 | 000,731,853 | ---- | M] () -- C:\OpenBase\bin\openexec.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/02 13:51:10 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe


========== Modules (SafeList) ==========

MOD - [2011/04/19 20:03:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- \\faclex2\users\tdavis\Desktop\OTL.exe
MOD - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\LMIRfsClientNP.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:12:02 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/13 20:12:02 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/13 20:12:02 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/13 20:12:01 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/13 20:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/13 20:11:51 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2011/04/13 13:45:07 | 000,438,272 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2011/01/20 15:31:28 | 000,246,272 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\authServer.exe -- (Auth Service)
SRV - [2011/01/13 14:45:46 | 000,737,280 | ---- | M] (Kaseya International Limited) [Auto | Running] -- C:\Program Files\Kaseya\MSSLNK22553580818899\AgentMon.exe -- (KAMSSLNK22553580818899)
SRV - [2010/12/15 14:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 14:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/16 15:02:45 | 000,446,464 | ---- | M] (Acink Corp) [Auto | Running] -- C:\Program Files\Acink Corp\Parent Pager\PPUM.2323.exe -- (PPUpdateManager)
SRV - [2009/12/17 18:08:58 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/08/25 09:52:52 | 000,715,176 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Client\CommAgent.exe -- (WebrootCommAgentService)
SRV - [2009/08/25 09:51:06 | 004,110,352 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [On_Demand | Running] -- C:\Program Files\Webroot\Client\spysweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/12/10 15:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/11/06 09:46:05 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2008/06/10 04:29:34 | 000,731,853 | ---- | M] () [Auto | Running] -- C:\\OpenBase/bin/openexec.exe -- (openexec)
SRV - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/02/25 16:17:16 | 000,013,824 | ---- | M] (Kaseya) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KAPFA.sys -- (KAPFA)
DRV - [2009/10/07 04:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2009/10/07 04:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/25 09:51:06 | 000,023,424 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (sshrmd)
DRV - [2009/08/25 09:50:46 | 000,177,896 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (ssidrv)
DRV - [2009/08/25 09:50:42 | 000,030,136 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0BBC.SYS -- (ssfs0bbc)
DRV - [2009/04/15 03:04:36 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/12/02 13:51:06 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/10/10 17:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/25 22:25:12 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/08/14 03:30:02 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/04/24 16:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.icontact.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/06/25 15:21:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/17 17:09:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/27 13:01:59 | 000,000,000 | ---D | M]

[2009/02/20 12:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tdavis\Application Data\Mozilla\Extensions
[2009/02/20 12:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tdavis\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/07 16:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tdavis\Application Data\Mozilla\Firefox\Profiles\qv46ad0s.default\extensions
[2010/05/13 11:29:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\tdavis\Application Data\Mozilla\Firefox\Profiles\qv46ad0s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/12 15:41:00 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\tdavis\Application Data\Mozilla\Firefox\Profiles\qv46ad0s.default\extensions\LogMeInClient@logmein.com
[2011/04/19 13:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/14 14:55:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/14 14:55:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/14 14:57:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/14 15:59:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/15 09:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/03/18 15:54:44 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\TDAVIS\APPLICATION DATA\MOVE NETWORKS
[2010/05/14 14:55:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/19 09:42:07 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [KASHMSSLNK22553580818899] C:\Program Files\Kaseya\MSSLNK22553580818899\KaUsrTsk.exe (Kaseya International Limited)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WebrootClientUI] C:\Program Files\Webroot\Client\SpySweeperUI.EXE (Webroot Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nmNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O15 - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1209155705967 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} http://192.168.1.113/program/SonySncRz25View.cab (Sony SNC-RZ25 Control)
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} http://managed.missinglinklex.com/inc/kaxRemote.dll (kasRmtHlp Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = faclex.local
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\tdavis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\tdavis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.hfyu - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/19 21:13:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- \\faclex2\users\tdavis\Desktop\OTL.exe
[2011/04/18 18:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Dropbox
[2011/04/15 10:57:03 | 000,000,000 | ---D | C] -- C:\logs
[2011/04/15 03:05:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/14 16:43:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/14 16:17:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/14 16:17:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/14 16:17:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/14 16:17:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/14 16:02:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/14 16:02:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/14 09:08:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\tdavis\Recent
[2011/04/13 14:26:38 | 000,000,000 | ---D | C] -- C:\CCleaner
[2011/04/13 14:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tdavis\Application Data\Malwarebytes
[2011/04/13 14:09:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/13 14:09:19 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/13 14:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 14:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/13 14:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/13 14:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/04/13 14:08:38 | 000,000,000 | ---D | C] -- C:\apps
[2011/04/13 13:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\RealVNC
[2011/04/13 13:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaseya
[2011/04/13 13:14:39 | 000,135,168 | ---- | C] (Kaseya) -- C:\WINDOWS\System32\KaseyaSP.dll
[2011/04/13 13:14:39 | 000,013,824 | ---- | C] (Kaseya) -- C:\WINDOWS\System32\drivers\KAPFA.sys
[2011/04/13 13:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Kaseya
[2011/04/13 13:13:27 | 001,410,007 | ---- | C] (Kaseya) -- \\faclex2\users\tdavis\My Documents\KcsSetup.exe
[2011/04/13 13:12:43 | 000,000,000 | ---D | C] -- \\faclex2\users\tdavis\My Documents\Downloads
[2011/04/11 14:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Emicsoft Studio
[2011/04/05 16:34:27 | 000,000,000 | ---D | C] -- \\faclex2\users\tdavis\Desktop\Dist Conf videos
[2011/03/29 16:58:50 | 000,000,000 | ---D | C] -- \\faclex2\users\tdavis\Desktop\Dawn Treader Wing Clips
[2011/03/23 09:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit PDF Editor
[2011/03/21 09:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\CE

========== Files - Modified Within 30 Days ==========

[2011/04/19 20:47:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/19 20:27:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3019615205-160102905-4016203181-1149UA.job
[2011/04/19 20:03:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- \\faclex2\users\tdavis\Desktop\OTL.exe
[2011/04/19 14:35:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/19 14:03:51 | 000,006,058 | ---- | M] () -- C:\Documents and Settings\tdavis\Application Data\PrimoPDFSet.xml
[2011/04/19 14:03:47 | 000,000,310 | ---- | M] () -- C:\Documents and Settings\tdavis\Application Data\APUSet.xml
[2011/04/19 09:55:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/04/19 09:55:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/19 09:55:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/19 09:54:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/19 09:54:42 | 000,707,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/19 09:52:07 | 007,348,224 | ---- | M] () -- C:\WINDOWS\sectest.db
[2011/04/19 09:42:07 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2011/04/19 03:38:57 | 000,000,806 | ---- | M] () -- C:\WINDOWS\tasks\Windows Backup of MyDocs.job
[2011/04/19 03:27:03 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3019615205-160102905-4016203181-1149Core.job
[2011/04/18 18:30:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/18 14:48:20 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\tdavis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 14:44:52 | 000,013,312 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\yard sign labels.ppp
[2011/04/16 16:37:57 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\tdavis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/16 16:37:56 | 000,445,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/16 16:37:56 | 000,073,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/15 17:36:17 | 000,010,240 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\ped labels.ppp
[2011/04/15 14:31:43 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2011/04/15 03:08:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/14 09:18:17 | 000,008,300 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2011/04/13 13:12:44 | 001,410,007 | ---- | M] (Kaseya) -- \\faclex2\users\tdavis\My Documents\KcsSetup.exe
[2011/04/12 14:12:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/07 13:03:10 | 008,662,528 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\Publication1.ppp
[2011/04/05 19:44:40 | 002,903,622 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\david rambo.amr
[2011/03/29 15:25:50 | 000,042,602 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\print on 11x17 poster.pdf
[2011/03/29 14:43:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/03/29 14:43:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/03/29 14:07:00 | 083,129,892 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\Wing Clips - Dawn Treader - QT.zip
[2011/03/29 14:06:38 | 059,558,790 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\Wing Clips - Dawn Treader - WMV.zip
[2011/03/29 10:40:50 | 000,493,200 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\banner website.pdf
[2011/03/28 11:29:32 | 001,220,175 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\2011-04-24 2's Class.pdf
[2011/03/25 12:11:28 | 000,179,920 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\WSC3 half sheet for FCPS.PDF
[2011/03/24 09:36:45 | 000,001,204 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr
[2011/03/22 15:53:32 | 000,062,651 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\banner phone number.pdf
[2011/03/22 14:14:08 | 000,098,207 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\3x6 small.jpg

========== Files Created - No Company Name ==========

[2011/04/19 09:49:54 | 007,348,224 | ---- | C] () -- C:\WINDOWS\sectest.db
[2011/04/18 14:44:52 | 000,013,312 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\yard sign labels.ppp
[2011/04/15 17:36:17 | 000,010,240 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\ped labels.ppp
[2011/04/15 14:31:43 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2011/04/15 03:00:37 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/14 16:17:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/14 16:17:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/14 16:17:29 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/14 16:17:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/14 16:17:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/13 14:09:18 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 08:46:49 | 002,903,622 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\david rambo.amr
[2011/04/07 13:02:44 | 008,662,528 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\Publication1.ppp
[2011/03/29 15:25:32 | 000,042,602 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\print on 11x17 poster.pdf
[2011/03/29 14:02:48 | 059,558,790 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\Wing Clips - Dawn Treader - WMV.zip
[2011/03/29 14:02:01 | 083,129,892 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\Wing Clips - Dawn Treader - QT.zip
[2011/03/29 10:40:37 | 000,493,200 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\banner website.pdf
[2011/03/28 11:30:33 | 001,220,175 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\2011-04-24 2's Class.pdf
[2011/03/22 15:53:32 | 000,062,651 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\banner phone number.pdf
[2011/03/22 14:14:08 | 000,098,207 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\3x6 small.jpg
[2011/03/21 09:08:03 | 000,246,272 | ---- | C] () -- C:\WINDOWS\System32\authServer.exe
[2011/02/03 16:29:44 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/12/14 15:28:55 | 000,047,104 | ---- | C] () -- C:\WINDOWS\AKDeInstall.exe
[2010/09/14 09:06:01 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SonySNCRZ25.ini
[2010/06/17 20:23:59 | 000,001,438 | ---- | C] () -- C:\WINDOWS\LMAAV2DD.ini
[2010/06/17 18:36:31 | 000,008,300 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/05/19 11:55:39 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/14 08:59:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/03 16:20:40 | 000,175,952 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/18 13:38:14 | 000,038,456 | ---- | C] () -- C:\Documents and Settings\tdavis\Application Data\Comma Separated Values (Windows).ADR
[2009/04/03 12:17:53 | 000,038,443 | ---- | C] () -- C:\Documents and Settings\tdavis\Application Data\Microsoft Excel.ADR
[2009/04/03 12:02:11 | 000,007,604 | ---- | C] () -- C:\Documents and Settings\tdavis\Application Data\Tab Separated Values (Windows).EML
[2009/02/04 16:04:27 | 000,001,928 | ---- | C] () -- C:\WINDOWS\Palm OS Emulator.ini
[2009/01/15 17:21:27 | 000,000,079 | ---- | C] () -- C:\WINDOWS\fsplugin.ini
[2008/11/13 11:44:42 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2008/11/12 14:47:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/11/11 11:49:03 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSWQDRV.SYS
[2008/11/06 09:46:05 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService7.exe
[2008/06/25 15:21:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/06/25 10:48:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/16 11:12:08 | 000,241,912 | ---- | C] () -- C:\WINDOWS\System32\nmNsp.dll
[2008/06/16 11:12:08 | 000,193,272 | ---- | C] () -- C:\WINDOWS\System32\CESpy.dll
[2008/05/09 08:34:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/05/02 13:12:00 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\tdavis\Application Data\APUSet.xml
[2008/05/02 13:11:59 | 000,006,058 | ---- | C] () -- C:\Documents and Settings\tdavis\Application Data\PrimoPDFSet.xml
[2008/04/28 14:53:37 | 000,023,518 | ---- | C] () -- C:\Documents and Settings\tdavis\Application Data\Tab Separated Values (Windows).ADR
[2008/04/25 16:29:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/25 16:00:03 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/04/24 22:37:23 | 000,184,832 | ---- | C] () -- C:\Documents and Settings\tdavis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/23 08:11:35 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/04/23 08:11:35 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/04/23 08:11:35 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008/04/23 08:11:35 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008/04/23 08:11:35 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/04/23 08:11:34 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008/04/22 08:33:23 | 000,001,291 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/21 15:49:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/04/21 15:45:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/21 15:26:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/04/10 12:52:08 | 000,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/04/10 12:52:06 | 003,143,168 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/04/10 12:52:06 | 000,568,320 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/04/10 12:52:06 | 000,404,992 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/04/10 12:52:06 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008/04/10 12:52:06 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/04/10 12:52:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/04/10 12:52:06 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/04/10 12:52:06 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/04/10 12:52:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/04/10 12:52:06 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2008/04/10 12:52:06 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008/04/10 12:52:06 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/04/10 12:52:06 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/04/10 12:52:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/04/10 12:50:40 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/03/29 11:42:22 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2008/03/29 11:42:20 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/03/29 11:42:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2008/03/29 11:42:08 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2008/03/29 11:42:04 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2008/03/29 11:42:04 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2008/03/29 11:42:02 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2008/03/29 11:42:02 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2008/03/29 11:42:00 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2008/03/29 11:42:00 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2008/03/29 11:41:54 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2008/03/29 11:41:54 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2008/03/29 11:41:52 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2008/03/29 11:41:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/03/21 16:30:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/14 23:18:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/14 23:16:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/14 22:58:55 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2008/03/14 22:58:55 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/03/14 22:58:55 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2008/03/14 22:58:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/03/14 22:57:45 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/12/31 20:00:00 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/12/31 20:00:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/12/31 20:00:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/06/28 14:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/07 18:10:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2007/04/13 13:36:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2007/04/13 13:36:00 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2006/11/06 18:49:36 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 000,707,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:28 | 000,445,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:28 | 000,073,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
 
OTL log, part 2:


========== LOP Check ==========

[2011/04/12 15:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.FACLEX\Application Data\CE
[2009/06/02 10:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.FACLEX\Application Data\HotSync
[2010/06/23 11:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2011/04/13 14:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/17 23:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/12/27 14:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/11/11 14:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/04/19 09:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/12/14 15:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/12/15 10:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/17 08:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/06 08:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/15 09:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 09:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/03/21 09:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\CE
[2010/06/17 09:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jelliott\Application Data\CE
[2010/06/14 11:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jrowland\Application Data\CE
[2010/04/25 08:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kids\Application Data\CE
[2011/03/21 09:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\CE
[2010/12/27 14:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Flip Video
[2010/06/17 09:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mberry\Application Data\CE
[2011/04/13 13:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mlmsadmin\Application Data\CE
[2010/07/26 09:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\CE
[2011/04/18 18:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Dropbox
[2010/06/14 10:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scook\Application Data\CE
[2011/03/18 16:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\Audacity
[2010/12/28 14:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\avidemux
[2011/04/07 13:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\CE
[2011/04/12 14:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\Dropbox
[2009/09/15 15:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\FileZilla
[2008/08/14 17:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\FinalBurner AudioCD Ripper
[2008/04/24 23:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\FinalBurner Video DVD
[2011/02/06 13:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\Flip Video
[2010/10/15 11:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\HamsterSoft
[2010/12/14 15:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\jah
[2008/11/11 14:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\Leadertech
[2009/01/20 21:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\Moyea
[2009/12/17 23:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\No Company Name
[2008/08/27 12:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\Serif
[2011/02/17 16:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\Suran
[2011/04/15 14:31:43 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
[2011/04/19 03:38:57 | 000,000,806 | ---- | M] () -- C:\WINDOWS\Tasks\Windows Backup of MyDocs.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/04/06 17:06:40 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/02/26 16:20:07 | 004,761,600 | ---- | M] () -- C:\7puj14uc.iso
[2009/12/17 23:22:17 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2009/01/20 13:42:04 | 000,002,625 | -HS- | M] () -- C:\AlbumArtSmall.jpg
[2009/01/20 13:42:06 | 000,010,856 | -HS- | M] () -- C:\AlbumArt_{C8244E50-308F-44BA-9D8A-EA5F31B2EE7A}_Large.jpg
[2009/01/20 13:42:04 | 000,002,625 | -HS- | M] () -- C:\AlbumArt_{C8244E50-308F-44BA-9D8A-EA5F31B2EE7A}_Small.jpg
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/04/21 14:55:33 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/03/31 10:15:23 | 000,158,030 | ---- | M] () -- C:\cc_20100331_101448.reg
[2011/04/19 21:13:46 | 003,157,238 | ---- | M] () -- C:\ceProcesses.txt
[2011/04/14 16:31:59 | 000,019,846 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/04/19 09:53:11 | 000,000,420 | ---- | M] () -- C:\DAF-interface-resetlog.txt
[2008/03/14 22:59:22 | 000,006,287 | RH-- | M] () -- C:\dell.sdr
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2009/01/20 13:42:06 | 000,010,856 | -HS- | M] () -- C:\Folder.jpg
[2010/08/23 15:04:53 | 000,000,000 | ---- | M] () -- C:\foo.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2008/04/25 15:59:51 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/08/23 09:21:52 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2011/04/15 11:27:34 | 000,013,950 | ---- | M] () -- C:\lxeccomx.log
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/05/28 16:25:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/19 09:54:41 | 4290,772,992 | -HS- | M] () -- C:\pagefile.sys
[2010/12/14 16:11:00 | 000,005,379 | ---- | M] () -- C:\SetUp-Log-mpegable DS decoder.txt
[2008/05/06 08:57:04 | 000,150,192 | ---- | M] () -- C:\TweakUiPowertoySetup.exe
[2006/12/05 19:52:06 | 000,000,505 | ---- | M] () -- C:\unPDVDDX.iss
[2008/09/18 16:55:34 | 000,000,086 | ---- | M] () -- C:\unPDVDDX.log
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 18:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/01/28 04:15:04 | 000,026,624 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMAATB4C.DLL
[2007/01/25 10:30:36 | 000,053,248 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMABKC4C.DLL
[2010/12/08 14:11:52 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/05/28 16:28:34 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/05/28 17:18:37 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\tdavis\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/11 18:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\tdavis\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/05/28 17:18:37 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\tdavis\Favorites\Desktop.ini
[2010/11/03 11:25:16 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\tdavis\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/06/17 18:36:57 | 000,000,630 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/04/19 21:05:41 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\tdavis\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 02:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 02:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 02:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0
"AUOptions" = 4
"ScheduledInstallDay" = 0
"ScheduledInstallTime" = 3
"NoAutoRebootWithLoggedOnUsers" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-15 07:10:19


========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A19129
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AEE100C

< End of report >
 
Extras log:

OTL Extras logfile created on: 4/19/2011 9:13:45 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = \\faclex2\users\tdavis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 8184 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 69.60 Gb Free Space | 46.72% Space Free | Partition Type: NTFS
Drive E: | 1.97 Gb Total Space | 1.50 Gb Free Space | 76.32% Space Free | Partition Type: FAT
Drive P: | 931.00 Gb Total Space | 501.48 Gb Free Space | 53.87% Space Free | Partition Type: NTFS
Drive S: | 931.00 Gb Total Space | 501.48 Gb Free Space | 53.87% Space Free | Partition Type: NTFS
Drive Y: | 931.00 Gb Total Space | 501.48 Gb Free Space | 53.87% Space Free | Partition Type: NTFS
Drive Z: | 931.00 Gb Total Space | 501.48 Gb Free Space | 53.87% Space Free | Partition Type: NTFS

Computer Name: TIM | User Name: tdavis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3019615205-160102905-4016203181-1149\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AllAlertsDisabled" = 1
"TermService" = 1
"DisableMonitoring" = 1
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v2.2.0.132
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D4B689-722A-413B-BC6E-8ACA8C1E8636}" = Foxit Reader
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}" = FlipShare
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EA11B5-874D-480E-89B9-2545505BBE3E}" = Microsoft OpenType Font File Properties Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57DC8980-73DA-481E-AFD4-5E2D44B7F1AD}" = StuffIt Expander 2009
"{5AC5ED2E-2936-4B54-A429-703F9034938E}" = Covenant Eyes
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B4174E8-FE92-4269-808A-3B8D116D9538}" = Advanced Security for Outlook
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1" = WAV MP3 Converter v4.2 build 1259
"{A816264A-698B-49A3-BE87-E13886DD6C61}" = Webroot® Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BCA541B4-00B4-4D20-B38D-6623BF2F68BF}" = Serif PagePlus 9.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C39E84D2-0AE6-4692-9D05-63085B7CF8B1}" = CDM+ 9.0
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"Applian FLV Player2.0.24" = Applian FLV Player
"Audacity 1.3 Beta_is1" = Audacity 1.3.12
"Audacity_is1" = Audacity 1.2.6
"Avidemux 2.5" = Avidemux 2.5
"CCleaner" = CCleaner (remove only)
"Countdown Creator_is1" = Countdown Creator 2.0
"DivX Setup.divx.com" = DivX Setup
"DVDStyler_is1" = DVDStyler v1.7.4
"EncFlac" = EncFlac 1.1.2
"Foxit PDF Editor" = Foxit PDF Editor
"Google Calendar Sync" = Google Calendar Sync
"Google Updater" = Google Updater
"Graph paper printer" = Graph paper printer
"KAMSSLNK22553580818899" = Kaseya Agent (tim.root.first_alliance_church - agent.missinglinklex.com)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lexmark_HostCD" = Lexmark Software Uninstall
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.1.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mpeg2Decoder_is1" = Mpeg2Decoder 1.3
"mpegable DS" = mpegable DS decoder
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"OpenLibraries" = OpenLibraries
"OW2010DVD" = OW Professional Edition
"Parent Pager" = Parent Pager
"Plato DVD Ripper Professional_is1" = Plato DVD Ripper Professional 6.66.14
"PrimoPDF4.0.1" = PrimoPDF
"Prism" = Prism Video File Converter
"RealPlayer 6.0" = RealPlayer
"SearchAssist" = SearchAssist
"Super Video Converter_is1" = Super Video Converter 5.8
"Tweak UI 2.10" = Tweak UI
"Video Edit Magic 4_is1" = Video Edit Magic 4.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3019615205-160102905-4016203181-1149\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/19/2011 7:15:45 PM | Computer Name = TIM | Source = Google Update | ID = 1
Description =

Error - 4/19/2011 7:35:45 PM | Computer Name = TIM | Source = Google Update | ID = 1
Description =

Error - 4/19/2011 8:10:42 PM | Computer Name = TIM | Source = Userenv | ID = 1006
Description = Windows cannot bind to faclex.local domain. (Timeout). Group Policy
processing aborted.

Error - 4/19/2011 8:10:42 PM | Computer Name = TIM | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 4/19/2011 8:15:45 PM | Computer Name = TIM | Source = Google Update | ID = 1
Description =

Error - 4/19/2011 8:35:45 PM | Computer Name = TIM | Source = Google Update | ID = 1
Description =

Error - 4/19/2011 8:53:03 PM | Computer Name = TIM | Source = Userenv | ID = 1006
Description = Windows cannot bind to faclex.local domain. (Timeout). Group Policy
processing aborted.

Error - 4/19/2011 8:53:03 PM | Computer Name = TIM | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 4/19/2011 8:55:32 PM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/19/2011 8:55:53 PM | Computer Name = TIM | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
nmsvc.dll, version 0.0.0.0, fault address 0x000139df.

[ System Events ]
Error - 4/19/2011 9:55:51 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7023
Description = The Background Intelligent Transfer Service service terminated with
the following error: %%2

Error - 4/19/2011 9:56:21 AM | Computer Name = TIM | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 4/19/2011 9:56:21 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7023
Description = The Background Intelligent Transfer Service service terminated with
the following error: %%2

Error - 4/19/2011 9:56:51 AM | Computer Name = TIM | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 4/19/2011 10:00:37 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7023
Description = The Background Intelligent Transfer Service service terminated with
the following error: %%2

Error - 4/19/2011 10:01:07 AM | Computer Name = TIM | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 4/19/2011 10:04:52 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7023
Description = The Background Intelligent Transfer Service service terminated with
the following error: %%2

Error - 4/19/2011 10:05:22 AM | Computer Name = TIM | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 4/19/2011 9:11:35 PM | Computer Name = TIM | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic Flash
Disk USB Device.

Error - 4/19/2011 9:11:35 PM | Computer Name = TIM | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic Flash
Disk USB Device.


< End of report >
 
I'd like to see one more log....

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Users, Partitions and Memory size
Click Go and post the result.
 
MiniToolBox by Farbar
Ran by tdavis (administrator) at 2011-04-20 20:06:29
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=static addr=192.168.1.15 register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Tim

Primary Dns Suffix . . . . . . . : faclex.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : faclex.local

faclex.local



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : faclex.local

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1D-09-23-83-2F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.137

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.15

DNS Servers . . . . . . . . . . . : 192.168.1.15

Lease Obtained. . . . . . . . . . : Thursday, April 14, 2011 1:20:02 PM

Lease Expires . . . . . . . . . . : Friday, April 15, 2011 1:20:02 PM



Pinging google.com [74.125.225.16] with 32 bytes of data:



Reply from 74.125.225.16: bytes=32 time=137ms TTL=53

Reply from 74.125.225.16: bytes=32 time=138ms TTL=53



Ping statistics for 74.125.225.16:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 137ms, Maximum = 138ms, Average = 137ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=492ms TTL=48

Reply from 209.191.122.70: bytes=32 time=406ms TTL=48



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 406ms, Maximum = 492ms, Average = 449ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 1d 09 23 83 2f ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.137 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.137 192.168.1.137 20
192.168.1.0 255.255.255.0 192.168.1.137 192.168.1.137 10
192.168.1.137 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.1.255 255.255.255.255 192.168.1.137 192.168.1.137 10
224.0.0.0 240.0.0.0 192.168.1.137 192.168.1.137 10
255.255.255.255 255.255.255.255 192.168.1.137 192.168.1.137 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Tim

Primary Dns Suffix . . . . . . . : faclex.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : faclex.local

faclex.local



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : faclex.local

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1D-09-23-83-2F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.27

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.15

DNS Servers . . . . . . . . . . . : 192.168.1.15

Lease Obtained. . . . . . . . . . : Wednesday, April 20, 2011 9:54:45 AM

Lease Expires . . . . . . . . . . : Thursday, April 21, 2011 9:54:45 AM


================= End of IP Configuration =================================

========================= Memory info: ====================================

Percentage of memory in use: 33%
Total physical RAM: 1981.85 MB
Available physical RAM: 1310.98 MB
Total Pagefile: 5920.88 MB
Available Pagefile: 5273.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 2007.26 MB

======================= Partitions: =======================================

1 Drive c: () (Fixed) (Total:148.96 GB) (Free:69.38 GB) NTFS
3 Drive e: (CM FLASH) (Removable) (Total:1.97 GB) (Free:1.49 GB) FAT
4 Drive p: (Data) (Network) (Total:931 GB) (Free:500.8 GB) NTFS
5 Drive s: (Data) (Network) (Total:931 GB) (Free:500.8 GB) NTFS
6 Drive y: (Data) (Network) (Total:931 GB) (Free:500.8 GB) NTFS
7 Drive z: (Data) (Network) (Total:931 GB) (Free:500.8 GB) NTFS

================= Users: ==================================================
================= End of Users ============================================
 
Re-run MiniToolbox, but this time check these items:

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Flush DNS
  • Reset IE Proxy Settings
  • List IP configuration
Click Go and post the result.
 
Here it is.

Don't know if this is significant, but I'm noticing 2-3 times a day I'm getting a message that "nslookup APP" has closed, then it gives me the option to submit a report or not.



MiniToolBox by Farbar
Ran by tdavis (administrator) at 2011-04-20 20:06:29
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=static addr=192.168.1.15 register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Tim

Primary Dns Suffix . . . . . . . : faclex.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : faclex.local

faclex.local



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : faclex.local

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1D-09-23-83-2F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.137

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.15

DNS Servers . . . . . . . . . . . : 192.168.1.15

Lease Obtained. . . . . . . . . . : Thursday, April 14, 2011 1:20:02 PM

Lease Expires . . . . . . . . . . : Friday, April 15, 2011 1:20:02 PM



Pinging google.com [74.125.225.16] with 32 bytes of data:



Reply from 74.125.225.16: bytes=32 time=137ms TTL=53

Reply from 74.125.225.16: bytes=32 time=138ms TTL=53



Ping statistics for 74.125.225.16:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 137ms, Maximum = 138ms, Average = 137ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=492ms TTL=48

Reply from 209.191.122.70: bytes=32 time=406ms TTL=48



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 406ms, Maximum = 492ms, Average = 449ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 1d 09 23 83 2f ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.137 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.137 192.168.1.137 20
192.168.1.0 255.255.255.0 192.168.1.137 192.168.1.137 10
192.168.1.137 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.1.255 255.255.255.255 192.168.1.137 192.168.1.137 10
224.0.0.0 240.0.0.0 192.168.1.137 192.168.1.137 10
255.255.255.255 255.255.255.255 192.168.1.137 192.168.1.137 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Tim

Primary Dns Suffix . . . . . . . : faclex.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : faclex.local

faclex.local



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : faclex.local

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1D-09-23-83-2F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.27

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.15

DNS Servers . . . . . . . . . . . : 192.168.1.15

Lease Obtained. . . . . . . . . . : Wednesday, April 20, 2011 9:54:45 AM

Lease Expires . . . . . . . . . . : Thursday, April 21, 2011 9:54:45 AM


================= End of IP Configuration =================================

========================= Memory info: ====================================

Percentage of memory in use: 33%
Total physical RAM: 1981.85 MB
Available physical RAM: 1310.98 MB
Total Pagefile: 5920.88 MB
Available Pagefile: 5273.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 2007.26 MB

======================= Partitions: =======================================

1 Drive c: () (Fixed) (Total:148.96 GB) (Free:69.38 GB) NTFS
3 Drive e: (CM FLASH) (Removable) (Total:1.97 GB) (Free:1.49 GB) FAT
4 Drive p: (Data) (Network) (Total:931 GB) (Free:500.8 GB) NTFS
5 Drive s: (Data) (Network) (Total:931 GB) (Free:500.8 GB) NTFS
6 Drive y: (Data) (Network) (Total:931 GB) (Free:500.8 GB) NTFS
7 Drive z: (Data) (Network) (Total:931 GB) (Free:500.8 GB) NTFS

================= Users: ==================================================
================= End of Users ============================================
 
Status
Not open for further replies.
Back