TechSpot

Is A Virus Blocking My Internet?

Inactive
By timbo412
Apr 14, 2011
  1. Hello,

    Two days ago, after storms and a power outage, I restarted my work computer. Since that time, no web browsers (IE, Firefox, Chrome) will make a connection. I cannot update any software programs. I also cannot use our membership database program, which runs via TCP/IP. I can ping internal and external IP's with no problem, and I can access everything on our network. I can even use LogMeIn from home to access my work computer. Our offsite tech person said it might be a virus.

    I followed the 8-step Viruses/Spyware/Malware Preliminary Removal Instructions, and logs are included. One exception is MBAM. I saved the log file, but it would not completion of deleting the two infected entries it found. The program hung, and I had to quit and start it over. It keeps finding the same two entries.

    Thanks for any help you can give!

    Tim

    --------------------------------------------------------------------------

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 4049

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    4/14/2011 1:33:23 PM
    mbam-log-2011-04-14 (13-33-23).txt

    Scan type: Quick scan
    Objects scanned: 216915
    Time elapsed: 7 minute(s), 20 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    -----------------------------------------------------------------------

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-04-14 13:07:53
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000067 ST3160815AS rev.3.ADA
    Running: gmer.exe; Driver: C:\DOCUME~1\tdavis\LOCALS~1\Temp\pxtdipob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0BBC.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
    AttachedDevice \FileSystem\Fastfat \Fat SSFS0BBC.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Driver\Tcpip \Device\Ip 8A187218
    Device \Driver\Tcpip \Device\Ip 8A278190
    Device \Driver\Tcpip \Device\Ip 8A40C198
    Device \Driver\Tcpip \Device\Tcp 8A187218
    Device \Driver\Tcpip \Device\Tcp 8A278190
    Device \Driver\Tcpip \Device\Tcp 8A40C198
    Device \Driver\Tcpip \Device\Udp 8A187218
    Device \Driver\Tcpip \Device\Udp 8A278190
    Device \Driver\Tcpip \Device\Udp 8A40C198
    Device \Driver\Tcpip \Device\RawIp 8A187218
    Device \Driver\Tcpip \Device\RawIp 8A278190
    Device \Driver\Tcpip \Device\RawIp 8A40C198

    ---- EOF - GMER 1.0.15 ----
    ----------------------------------------------------------------------------

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by tdavis at 13:11:51.09 on Thu 04/14/2011
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1309 [GMT -4:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\WINDOWS\system32\authServer.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Kaseya\MSSLNK22553580818899\AgentMon.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\OpenBase\bin\openexec.exe
    C:\Program Files\Acink Corp\Parent Pager\PPUM.2323.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Webroot\Client\commagent.exe
    C:\Program Files\Webroot\Client\SpySweeperUI.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Kaseya\MSSLNK22553580818899\KaUsrTsk.exe
    C:\OpenBase\bin\openinfo.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Webroot\Client\spysweeper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    \\faclex2\users\tdavis\Desktop\virus\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.dell.com
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://www.dell.com
    mStart Page = hxxp://www.dell.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
    uRun: [Google Update] "c:\documents and settings\tdavis\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SigmatelSysTrayApp] "stsystra.exe"
    mRun: [Synchronization Manager] "%SystemRoot%\system32\mobsync.exe" /logon
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRun: [WebrootClientUI] "c:\program files\webroot\client\SpySweeperUI.EXE" /StartInTray
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [KASHMSSLNK22553580818899] "c:\program files\kaseya\msslnk22553580818899\KaUsrTsk.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
    uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
    IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
    LSP: CESpy.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209155705967
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://192.168.1.113/program/SonySncRz25View.cab
    DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxp://managed.missinglinklex.com/inc/kaxRemote.dll
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: {9BD9336D-DE2F-450A-BBC8-88F48A31533E} = 192.168.1.15
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\tdavis\applic~1\mozilla\firefox\profiles\qv46ad0s.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.icontact.com/
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\tdavis\application data\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\documents and settings\tdavis\application data\mozilla\firefox\profiles\qv46ad0s.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: c:\documents and settings\tdavis\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\tdavis\application data\Move Networks
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ssfs0bbc;Spy Sweeper File System Filter Driver: 0BBC;c:\windows\system32\drivers\ssfs0bbc.sys [2009-8-25 30136]
    R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
    R2 Auth Service;Auth Service;c:\windows\system32\authServer.exe [2011-3-21 246272]
    R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
    R2 KAMSSLNK22553580818899;Kaseya Agent;c:\program files\kaseya\msslnk22553580818899\AgentMon.exe [2011-4-13 737280]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-4-6 47640]
    R2 openexec;OpenBase Service;c:\openbase\bin\openexec.exe [2009-7-1 731853]
    R2 PPUpdateManager;Parent Pager Update Manager 2323;c:\program files\acink corp\parent pager\PPUM.2323.exe [2010-5-5 446464]
    R2 WebrootCommAgentService;Webroot CommAgent Service;c:\program files\webroot\client\CommAgent.exe [2009-8-25 715176]
    R3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.sys [2011-4-13 13824]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-4-13 38224]
    R3 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\client\SPYSWEEPER.EXE [2009-8-25 4110352]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-17 136176]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-6-13 42112]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    =============== Created Last 30 ================
    .
    2011-04-13 18:26:38 -------- d-----w- C:\CCleaner
    2011-04-13 18:26:33 855464 ----a-w- c:\temp\ccsetup208.exe
    2011-04-13 18:10:37 -------- d-----w- c:\docume~1\tdavis\applic~1\Malwarebytes
    2011-04-13 18:09:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-13 18:09:19 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-13 18:09:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-13 18:09:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-04-13 18:09:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\avg9
    2011-04-13 18:08:38 -------- d-----w- C:\apps
    2011-04-13 17:45:02 -------- d-----w- c:\program files\RealVNC
    2011-04-13 17:14:39 13824 ----a-w- c:\windows\system32\drivers\KAPFA.sys
    2011-04-13 17:14:39 135168 ----a-w- c:\windows\system32\KaseyaSP.dll
    2011-04-13 17:14:37 -------- d-----w- c:\program files\Kaseya
    2011-04-11 18:57:52 -------- d-----w- c:\program files\Emicsoft Studio
    2011-03-21 13:08:03 246272 ----a-w- c:\windows\system32\authServer.exe
    2011-03-16 20:58:38 -------- d-----w- c:\program files\OW2010
    .
    ==================== Find3M ====================
    .
    2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-03 01:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 23:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-20 19:38:38 241912 ----a-w- c:\windows\system32\nmNsp.dll
    2011-01-20 19:38:14 193272 ----a-w- c:\windows\system32\CESpy.dll
    .
    ============= FINISH: 13:12:01.87 ===============

    ----------------------------------------------------------------------------------------

    Attach log file from DDS

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/21/2008 2:55:34 PM
    System Uptime: 4/14/2011 12:45:07 PM (1 hours ago)
    .
    Motherboard: Dell Inc | | 0TT708
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket M2 | 2605/1000mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 87.919 GiB free.
    D: is CDROM ()
    E: is Removable
    P: is NetworkDisk (NTFS) - 931 GiB total, 520.242 GiB free.
    S: is NetworkDisk (NTFS) - 931 GiB total, 520.242 GiB free.
    Y: is NetworkDisk (NTFS) - 931 GiB total, 520.242 GiB free.
    Z: is NetworkDisk (NTFS) - 931 GiB total, 520.242 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    3ivx MPEG-4 5.0.3 (remove only)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.2.6
    Adobe Shockwave Player
    Advanced IP Scanner v1.5
    Advanced Security for Outlook
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Applian FLV Player
    Audacity 1.2.6
    Audacity 1.3.12
    Avidemux 2.5
    Bonjour
    Broadcom ASF Management Applications
    Broadcom Management Programs
    Browser Address Error Redirector
    CCleaner (remove only)
    CDM+ 9.0
    Compatibility Pack for the 2007 Office system
    Countdown Creator 2.0
    Covenant Eyes
    Dell ETS Factory Installation
    DivX Setup
    Dropbox
    DVDStyler v1.7.4
    EncFlac 1.1.2
    Evernote
    FinalBurner Free v2.2.0.132
    FlipShare
    Foxit PDF Editor
    Foxit Reader
    Google Calendar Sync
    Google Chrome
    Google Earth Plug-in
    Google Gmail Notifier
    Google Update Helper
    Google Updater
    Graph paper printer
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 24
    Java(TM) 6 Update 4
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Kaseya Agent (tim.root.first_alliance_church - agent.missinglinklex.com)
    LAME v3.98.2 for Audacity
    Lexmark Software Uninstall
    LiveUpdate 3.3 (Symantec Corporation)
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    LogMeIn
    Malwarebytes' Anti-Malware
    Media Player Classic - Home Cinema v1.4.2499.0
    Media Player Codec Pack 3.1.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 6.3
    Microsoft IntelliType Pro 6.3
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office Converter Pack
    Microsoft Office Professional Edition 2003
    Microsoft OpenType Font File Properties Extension
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Works 6-9 Converter
    Move Media Player
    Mozilla Firefox (3.6.13)
    Mpeg2Decoder 1.3
    mpegable DS decoder
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    msxml4
    NVIDIA Drivers
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    OpenLibraries
    OW Professional Edition
    Parent Pager
    Plato DVD Ripper Professional 6.66.14
    PowerDVD
    PrimoPDF
    Prism Video File Converter
    QuickTime
    RealPlayer
    SearchAssist
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB923689)
    Segoe UI
    Serif PagePlus 9.0
    Skype™ 5.1
    Sonic Activation Module
    StuffIt Expander 2009
    Super Video Converter 5.8
    Tweak UI
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VC80CRTRedist - 8.0.50727.4053
    Video Edit Magic 4.4
    WAV MP3 Converter v4.2 build 1259
    WebFldrs XP
    Webroot® Client
    Winamp
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/9/2011 3:02:02 AM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library Generic Flash Disk USB Device.
    4/7/2011 1:02:49 PM, error: Print [6161] - The document \\faclex2\users\tdavis\Desktop\Publication1.PDF owned by tdavis failed to print on printer Lexmark E352dn XL. Data type: NT EMF 1.008. Size of the spool file in bytes: 90825816. Number of bytes printed: 90825668. Total number of pages in the document: 1. Number of pages printed: 1. Client machine: \\TIM. Win32 error code returned by the print processor: 1 (0x1).
    4/7/2011 1:00:29 PM, error: Print [6161] - The document Publication1 owned by tdavis failed to print on printer Lexmark E352dn XL. Data type: NT EMF 1.008. Size of the spool file in bytes: 29491200. Number of bytes printed: 26313752. Total number of pages in the document: 1. Number of pages printed: 1. Client machine: \\TIM. Win32 error code returned by the print processor: 1 (0x1).
    4/14/2011 12:44:05 PM, error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
    4/14/2011 12:44:05 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The Webroot CommAgent Service service terminated unexpectedly. It has done this 1 time(s).
    4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The VNC Server Version 4 service terminated unexpectedly. It has done this 1 time(s).
    4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The SecuROM User Access Service (V7) service terminated unexpectedly. It has done this 1 time(s).
    4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
    4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
    4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
    4/14/2011 12:44:04 PM, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
    4/14/2011 12:44:02 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    4/14/2011 12:44:01 PM, error: Service Control Manager [7034] - The Broadcom ASF IP Monitor service terminated unexpectedly. It has done this 1 time(s).
    4/14/2011 12:44:01 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    4/14/2011 12:44:01 PM, error: Service Control Manager [7034] - The Auth Service service terminated unexpectedly. It has done this 1 time(s).
    4/14/2011 12:44:01 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/13/2011 1:57:33 PM, error: Service Control Manager [7034] - The Parent Pager Update Manager 2323 service terminated unexpectedly. It has done this 1 time(s).
    4/12/2011 3:53:33 PM, error: NETLOGON [5719] - No Domain Controller is available for domain FACLEX due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    4/11/2011 2:07:06 PM, error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    4/11/2011 2:06:59 PM, error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    4/11/2011 2:06:54 PM, error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).
    4/11/2011 2:06:33 PM, error: Service Control Manager [7034] - The OpenBase Service service terminated unexpectedly. It has done this 1 time(s).
    4/11/2011 2:02:03 PM, error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================================

    I can't see any AV program running.
    Why is that?

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List last 10 Event Viewer log
    • List Users, Partitions and Memory size
    Click Go and post the result.
     
  3. timbo412

    timbo412 TS Rookie Topic Starter Posts: 16

    Hi Broni,

    We use WebRoot on our network. I turned it off completely when running the initial scans and saving the logs. Will follow your instructions and post.
     
  4. timbo412

    timbo412 TS Rookie Topic Starter Posts: 16

    Ran the scan. Initial "Results" window gave me this:

    -------------------------------------------------------------------------------------

    # ----------------------------------
    # Interface IP Configuration
    # ----------------------------------
    pushd interface ip


    # Interface IP Configuration for "Local Area Connection"

    set address name="Local Area Connection" source=dhcp
    set dns name="Local Area Connection" source=static addr=192.168.1.15 register=PRIMARY
    set wins name="Local Area Connection" source=dhcp


    popd
    # End of interface IP configuration


    Windows IP Configuration Host Name . . . . . . . . . . . . : Tim Primary Dns Suffix . . . . . . . : faclex.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : faclex.local faclex.localEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : faclex.local Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller Physical Address. . . . . . . . . : 00-1D-09-23-83-2F Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.137 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.15 DNS Servers . . . . . . . . . . . : 192.168.1.15 Lease Obtained. . . . . . . . . . : Thursday, April 14, 2011 1:20:02 PM Lease Expires . . . . . . . . . . : Friday, April 15, 2011 1:20:02 PM

    ------------------------------------------------------------------------------------------------

    which I saved to a txt file. After saving and opening the file, it contained this:

    --------------------------------------------------------------------------------------------------

    MiniToolBox by Farbar
    Ran by tdavis (administrator) at 2011-04-14 14:43:49
    Microsoft Windows XP Service Pack 3 (X86)

    ***************************************************************************


    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= End of IE Proxy Settings ========================
    =============== Hosts content: ============================================

    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host
    127.0.0.1 localhost

    =============== End of Hosts ==============================================

    ================= IP Configuration: =======================================
    ================= End of IP Configuration =================================

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (04/14/2011 02:10:05 PM) (Source: Google Update) (User: tdavis)tdavis
    Description: Google Update has encountered a fatal error.
    ver=1.2.183.39;lang=en;is_machine=0;upload=0;minidump=C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\CrashReports\3b52142b-0c35-4fe9-af23-e6884426a570.dmp

    Error: (04/14/2011 02:10:02 PM) (Source: Application Hang) (User: )
    Description: Hanging application iexplore.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (04/14/2011 01:35:13 PM) (Source: Application Hang) (User: )
    Description: Hanging application mbam.exe, version 1.45.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (04/14/2011 01:05:50 PM) (Source: Application Hang) (User: )
    Description: Hanging application iexplore.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (04/14/2011 01:04:53 PM) (Source: Application Error) (User: )
    Description: Faulting application googlecalendarsync.exe, version 0.9.3.5, faulting module nmsvc.dll, version 0.0.0.0, fault address 0x000139df.
    Processing media-specific event for [googlecalendarsync.exe!ws!]

    Error: (04/14/2011 00:59:24 PM) (Source: Application Hang) (User: )
    Description: Hanging application mbam.exe, version 1.45.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (04/14/2011 00:47:28 PM) (Source: Application Hang) (User: )
    Description: Hanging application mbam.exe, version 1.45.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (04/14/2011 00:15:46 PM) (Source: Google Update) (User: tdavis)tdavis
    Description: Google Update has encountered a fatal error.
    ver=1.2.183.39;lang=en;is_machine=0;upload=0;minidump=C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\CrashReports\dabe5ace-75ac-4ad9-8055-0861adfab062.dmp

    Error: (04/14/2011 11:32:42 AM) (Source: Application Hang) (User: )
    Description: Hanging application iexplore.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (04/14/2011 11:15:47 AM) (Source: Google Update) (User: tdavis)tdavis
    Description: Google Update has encountered a fatal error.
    ver=1.2.183.39;lang=en;is_machine=0;upload=0;minidump=C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\CrashReports\ded5f7f2-f4ff-4efd-b2f4-51c75718a2eb.dmp


    System errors:
    =============
    Error: (04/14/2011 01:23:13 PM) (Source: Service Control Manager) (User: )
    Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/14/2011 00:44:05 PM) (Source: Service Control Manager) (User: )
    Description: The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/14/2011 00:44:05 PM) (Source: Service Control Manager) (User: )
    Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/14/2011 00:44:04 PM) (Source: Service Control Manager) (User: )
    Description: The Parent Pager Update Manager 2323 service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/14/2011 00:44:04 PM) (Source: Service Control Manager) (User: )
    Description: The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/14/2011 00:44:04 PM) (Source: Service Control Manager) (User: )
    Description: The VNC Server Version 4 service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/14/2011 00:44:04 PM) (Source: Service Control Manager) (User: )
    Description: The Webroot CommAgent Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/14/2011 00:44:04 PM) (Source: Service Control Manager) (User: )
    Description: The SecuROM User Access Service (V7) service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/14/2011 00:44:04 PM) (Source: Service Control Manager) (User: )
    Description: The OpenBase Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/14/2011 00:44:04 PM) (Source: Service Control Manager) (User: )
    Description: The Process Monitor service terminated unexpectedly. It has done this 1 time(s).


    Microsoft Office Sessions:
    =========================
    Error: (04/14/2011 02:10:05 PM) (Source: Google Update)(User: tdavis)tdavis
    Description: Google Update has encountered a fatal error.
    ver=1.2.183.39;lang=en;is_machine=0;upload=0;minidump=C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\CrashReports\3b52142b-0c35-4fe9-af23-e6884426a570.dmp

    Error: (04/14/2011 02:10:02 PM) (Source: Application Hang)(User: )
    Description: iexplore.exe6.0.2900.5512hungapp0.0.0.000000000

    Error: (04/14/2011 01:35:13 PM) (Source: Application Hang)(User: )
    Description: mbam.exe1.45.0.0hungapp0.0.0.000000000

    Error: (04/14/2011 01:05:50 PM) (Source: Application Hang)(User: )
    Description: iexplore.exe6.0.2900.5512hungapp0.0.0.000000000

    Error: (04/14/2011 01:04:53 PM) (Source: Application Error)(User: )
    Description: googlecalendarsync.exe0.9.3.5nmsvc.dll0.0.0.0000139df

    Error: (04/14/2011 00:59:24 PM) (Source: Application Hang)(User: )
    Description: mbam.exe1.45.0.0hungapp0.0.0.000000000

    Error: (04/14/2011 00:47:28 PM) (Source: Application Hang)(User: )
    Description: mbam.exe1.45.0.0hungapp0.0.0.000000000

    Error: (04/14/2011 00:15:46 PM) (Source: Google Update)(User: tdavis)tdavis
    Description: Google Update has encountered a fatal error.
    ver=1.2.183.39;lang=en;is_machine=0;upload=0;minidump=C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\CrashReports\dabe5ace-75ac-4ad9-8055-0861adfab062.dmp

    Error: (04/14/2011 11:32:42 AM) (Source: Application Hang)(User: )
    Description: iexplore.exe6.0.2900.5512hungapp0.0.0.000000000

    Error: (04/14/2011 11:15:47 AM) (Source: Google Update)(User: tdavis)tdavis
    Description: Google Update has encountered a fatal error.
    ver=1.2.183.39;lang=en;is_machine=0;upload=0;minidump=C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\CrashReports\ded5f7f2-f4ff-4efd-b2f4-51c75718a2eb.dmp


    ========================= End of Event log errors =========================

    ========================= Memory info: ====================================

    Percentage of memory in use: 31%
    Total physical RAM: 1981.85 MB
    Available physical RAM: 1354.35 MB
    Total Pagefile: 5920.95 MB
    Available Pagefile: 5416.52 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2007.26 MB

    ======================= Partitions: =======================================

    1 Drive c: () (Fixed) (Total:148.96 GB) (Free:87.92 GB) NTFS
    3 Drive e: (CM FLASH) (Removable) (Total:1.97 GB) (Free:1.51 GB) FAT
    4 Drive p: (Data) (Network) (Total:931 GB) (Free:520.24 GB) NTFS
    5 Drive s: (Data) (Network) (Total:931 GB) (Free:520.24 GB) NTFS
    6 Drive y: (Data) (Network) (Total:931 GB) (Free:520.24 GB) NTFS
    7 Drive z: (Data) (Network) (Total:931 GB) (Free:520.24 GB) NTFS

    ================= Users: ==================================================
    ================= End of Users ============================================


    I'm also noticing that, at times, Windows Explorer is responding very slowly, whether I'm opening a network or local folder/drive. Most of the time it's normal, but I thought I'd mention it.

    Tim
     
  5. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Your network settings seem to be fine, so we'll keep checking for an infection.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. timbo412

    timbo412 TS Rookie Topic Starter Posts: 16

    Is it a problem that CF was unable to d/l the recovery console due to my internet access problem? It's continuing with the scan.
     
  7. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Give it 15 minutes, at least.
    Post back, if it's still stuck.
     
  8. timbo412

    timbo412 TS Rookie Topic Starter Posts: 16

    Okey dokey - here they are...

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0304801c

    Kernel Drivers (total 131):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E5000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA0B8000 SSHRMD.SYS
    0xBA0C8000 SSFS0BBC.SYS
    0xB9F3A000 SSIDRV.SYS
    0xB9F0D000 \WINDOWS\SYSTEM32\Drivers\NDIS.SYS
    0xBA328000 \WINDOWS\SYSTEM32\Drivers\TDI.SYS
    0xBA670000 pciide.sys
    0xBA330000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0D8000 MountMgr.sys
    0xB9EEE000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9EC8000 dmio.sys
    0xBA338000 PartMgr.sys
    0xBA0E8000 VolSnap.sys
    0xB9EB0000 atapi.sys
    0xB9E96000 nvata.sys
    0xBA0F8000 disk.sys
    0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9E76000 fltmgr.sys
    0xBA118000 PxHelp20.sys
    0xB9E5F000 KSecDD.sys
    0xB9E4C000 WudfPf.sys
    0xB9DBF000 Ntfs.sys
    0xB9DA5000 Mup.sys
    0xB897E000 \SystemRoot\system32\DRIVERS\processr.sys
    0xB88D4000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xB850C000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB84F8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xBA4A0000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xB84D4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA4A8000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB896E000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB895E000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB894E000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB84B1000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBA4B0000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xB8489000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB893E000 \SystemRoot\system32\DRIVERS\serial.sys
    0xB9D7D000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB8475000 \SystemRoot\system32\DRIVERS\parport.sys
    0xBA72A000 \SystemRoot\system32\DRIVERS\lmimirr.sys
    0xBA72B000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB892E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB9D79000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB845E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB891E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB890E000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB844D000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB88FE000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA348000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA358000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB841D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA1C8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA360000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA368000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA5D8000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB83BF000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9D61000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA208000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xBA218000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5EA000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB4F97000 \SystemRoot\system32\drivers\sthda.sys
    0xB4F73000 \SystemRoot\system32\drivers\portcls.sys
    0xBA228000 \SystemRoot\system32\drivers\drmk.sys
    0xBA548000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xBA5EE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA6D1000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5F0000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA380000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA388000 \SystemRoot\System32\drivers\vga.sys
    0xBA5F2000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5F4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA390000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA398000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xBA550000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB4F40000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB4EE7000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB4EBF000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB4E99000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xBA248000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xBA55C000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xB4E4F000 \SystemRoot\System32\drivers\afd.sys
    0xBA258000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB4E24000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB4DB4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBA268000 \SystemRoot\System32\Drivers\Fips.SYS
    0xBA288000 \SystemRoot\System32\Drivers\usbaapl.sys
    0xBA3A8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xB941C000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBA584000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xBA2B8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xBA3C0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xBA3C8000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
    0xBA2C8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xB4D39000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xBA588000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xBA3D0000 \SystemRoot\system32\DRIVERS\point32.sys
    0xBA590000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xB4D1F000 \SystemRoot\System32\Drivers\dump_nvata.sys
    0xBA60C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB768B000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA3D8000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA6D2000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xBF45B000 \SystemRoot\System32\ATMFD.DLL
    0xB3C4F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB3A7B000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xB3BA7000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xB3A4E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xBA3E0000 \SystemRoot\System32\drivers\aspi32.sys
    0xBA5E2000 \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
    0xB36FE000 \SystemRoot\system32\DRIVERS\srv.sys
    0xBA626000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
    0xB380E000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    0xB2C91000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB3556000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB240B000 \??\C:\WINDOWS\system32\drivers\KAPFA.SYS
    0xBA3A0000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
    0xB22C2000 \SystemRoot\System32\Drivers\HTTP.sys
    0xBA400000 \SystemRoot\System32\Drivers\TDTCP.SYS
    0xB14B2000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 60):
    0 System Idle Process
    4 System
    564 C:\WINDOWS\system32\smss.exe
    628 csrss.exe
    652 C:\WINDOWS\system32\winlogon.exe
    696 C:\WINDOWS\system32\services.exe
    708 C:\WINDOWS\system32\lsass.exe
    896 C:\WINDOWS\system32\svchost.exe
    980 svchost.exe
    1084 C:\WINDOWS\system32\svchost.exe
    1120 C:\WINDOWS\system32\svchost.exe
    1216 svchost.exe
    1284 svchost.exe
    1488 C:\WINDOWS\system32\spoolsv.exe
    1604 svchost.exe
    1664 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1712 C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    1740 C:\WINDOWS\system32\authServer.exe
    1760 C:\Program Files\Bonjour\mDNSResponder.exe
    1796 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    216 C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    360 C:\Program Files\Google\Update\GoogleUpdate.exe
    400 C:\Program Files\Java\jre6\bin\jqs.exe
    448 C:\Program Files\Kaseya\MSSLNK22553580818899\AgentMon.exe
    320 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    576 C:\Program Files\LogMeIn\x86\ramaint.exe
    1048 C:\Program Files\LogMeIn\x86\LogMeIn.exe
    2028 C:\WINDOWS\explorer.exe
    244 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    1036 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1208 C:\WINDOWS\system32\nvsvc32.exe
    860 C:\OpenBase\bin\openexec.exe
    616 C:\Program Files\Acink Corp\Parent Pager\PPUM.2323.exe
    1936 C:\WINDOWS\system32\svchost.exe
    2136 C:\WINDOWS\system32\UAService7.exe
    2168 C:\Program Files\Webroot\Client\CommAgent.exe
    2352 C:\WINDOWS\stsystra.exe
    2368 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    2440 C:\Program Files\Microsoft IntelliType Pro\itype.exe
    2456 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    2508 C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    2516 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    2660 C:\Program Files\Webroot\Client\SpySweeperUI.exe
    2760 C:\Program Files\iTunes\iTunesHelper.exe
    2820 C:\OpenBase\bin\openinfo.exe
    2836 C:\WINDOWS\system32\wuauclt.exe
    2920 C:\Program Files\Kaseya\MSSLNK22553580818899\KaUsrTsk.exe
    3052 C:\WINDOWS\system32\ctfmon.exe
    3136 wmiprvse.exe
    3152 C:\Documents and Settings\tdavis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    3184 C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
    3316 wmiprvse.exe
    3484 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    3588 C:\Program Files\Webroot\Client\SPYSWEEPER.EXE
    3832 unsecapp.exe
    3264 alg.exe
    776 C:\Program Files\iPod\bin\iPodService.exe
    3612 wmiprvse.exe
    2004 C:\WINDOWS\system32\svchost.exe
    3444 \Device\LanmanRedirector\faclex2\users\tdavis\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

    PhysicalDrive0 Model Number: ST3160815AS, Rev: 3.ADA

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!




    ComboFix 11-04-13.06 - tdavis 04/14/2011 16:25:01.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1363 [GMT -4:00]
    Running from: \\faclex2\users\tdavis\Desktop\ComboFix.exe
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\desktop.ini
    C:\Install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-14 to 2011-04-14 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-13 18:26 . 2011-04-14 13:23 -------- d-----w- C:\CCleaner
    2011-04-13 18:26 . 2011-04-13 18:26 855464 ----a-w- c:\temp\ccsetup208.exe
    2011-04-13 18:10 . 2011-04-13 18:10 -------- d-----w- c:\documents and settings\tdavis\Application Data\Malwarebytes
    2011-04-13 18:09 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-13 18:09 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-13 18:09 . 2011-04-13 18:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-13 18:09 . 2011-04-13 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-04-13 18:09 . 2011-04-13 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2011-04-13 18:08 . 2011-04-13 18:08 -------- d-----w- C:\apps
    2011-04-13 17:56 . 2011-04-13 17:56 -------- d-----w- c:\documents and settings\mlmsadmin\Local Settings\Application Data\Mozilla
    2011-04-13 17:45 . 2011-04-13 17:45 -------- d-----w- c:\program files\RealVNC
    2011-04-13 17:14 . 2010-02-25 20:17 13824 ----a-w- c:\windows\system32\drivers\KAPFA.sys
    2011-04-13 17:14 . 2010-02-25 20:17 135168 ----a-w- c:\windows\system32\KaseyaSP.dll
    2011-04-13 17:14 . 2011-04-13 17:14 -------- d-----w- c:\program files\Kaseya
    2011-04-11 18:57 . 2011-04-11 18:57 -------- d-----w- c:\program files\Emicsoft Studio
    2011-03-21 13:10 . 2011-03-21 13:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\CE
    2011-03-21 13:08 . 2011-01-20 19:31 246272 ----a-w- c:\windows\system32\authServer.exe
    2011-03-16 20:58 . 2011-03-16 20:58 -------- d-----w- c:\program files\OW2010
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-18 21:36 . 2010-04-06 12:48 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-02-18 21:36 . 2010-04-06 12:48 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-09 13:53 . 2004-08-11 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-03 01:40 . 2010-05-14 18:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 23:19 . 2008-04-21 19:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58 . 2004-08-11 22:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2004-08-11 22:11 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2004-08-11 22:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-20 19:38 . 2008-06-16 15:12 241912 ----a-w- c:\windows\system32\nmNsp.dll
    2011-01-20 19:38 . 2008-06-16 15:12 193272 ----a-w- c:\windows\system32\CESpy.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\tdavis\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\tdavis\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\tdavis\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\tdavis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-16 133104]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-03 7630848]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-03 86016]
    "SigmatelSysTrayApp"="stsystra.exe" [2007-12-02 282624]
    "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "WebrootClientUI"="c:\program files\Webroot\Client\SpySweeperUI.EXE" [2009-08-25 435624]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "KASHMSSLNK22553580818899"="c:\program files\Kaseya\MSSLNK22553580818899\KaUsrTsk.exe" [2011-01-13 323584]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisablePersonalDirChange"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2010-12-08 18:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1112\Scripts\Logon\0\0]
    "Script"=Q_map.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1112\Scripts\Logon\1\0]
    "Script"=logon.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1113\Scripts\Logon\0\0]
    "Script"=Q_map.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1113\Scripts\Logon\1\0]
    "Script"=logon.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1114\Scripts\Logon\0\0]
    "Script"=Q_map.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1114\Scripts\Logon\1\0]
    "Script"=logon.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1115\Scripts\Logon\0\0]
    "Script"=DriveMappings.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1115\Scripts\Logon\1\0]
    "Script"=logon.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1116\Scripts\Logon\0\0]
    "Script"=DriveMappings.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1116\Scripts\Logon\1\0]
    "Script"=logon.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1149\Scripts\Logon\0\0]
    "Script"=Logon2010.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1162\Scripts\Logon\0\0]
    "Script"=Q_map.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1162\Scripts\Logon\1\0]
    "Script"=logon.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-1165\Scripts\Logon\0\0]
    "Script"=Logon2010.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3019615205-160102905-4016203181-500\Scripts\Logon\0\0]
    "Script"=Logon2010.bat
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KAMSSLNK22553580818899]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2008-10-24 13:14 206112 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2008-10-24 13:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2007-06-08 22:40 128560 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AllAlertsDisabled"=dword:00000001
    "TermService"=dword:00000001
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R0 ssfs0bbc;Spy Sweeper File System Filter Driver: 0BBC;c:\windows\system32\drivers\ssfs0bbc.sys [8/25/2009 9:50 AM 30136]
    R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 5:25 PM 65536]
    R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 2:22 PM 1085440]
    R2 KAMSSLNK22553580818899;Kaseya Agent;c:\program files\Kaseya\MSSLNK22553580818899\AgentMon.exe [4/13/2011 1:14 PM 737280]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 10:11 AM 374152]
    R2 PPUpdateManager;Parent Pager Update Manager 2323;c:\program files\Acink Corp\Parent Pager\PPUM.2323.exe [5/5/2010 11:23 AM 446464]
    R3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.sys [4/13/2011 1:14 PM 13824]
    S2 Auth Service;Auth Service;c:\windows\system32\authServer.exe [3/21/2011 9:08 AM 246272]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/17/2010 11:37 AM 136176]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
    S2 openexec;OpenBase Service;c:\openbase\bin\openexec.exe [7/1/2009 2:01 PM 731853]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/13/2011 2:09 PM 38224]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [6/13/2008 3:33 PM 42112]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
    .
    2011-04-14 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-12 07:10]
    .
    2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 05:17]
    .
    2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 05:17]
    .
    2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019615205-160102905-4016203181-1149Core.job
    - c:\documents and settings\tdavis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 15:57]
    .
    2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019615205-160102905-4016203181-1149UA.job
    - c:\documents and settings\tdavis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 15:57]
    .
    2011-04-11 c:\windows\Tasks\prismShakeIcon.job
    - c:\program files\NCH Software\Prism\prism.exe [2010-11-03 15:25]
    .
    2011-04-14 c:\windows\Tasks\Windows Backup of MyDocs.job
    - c:\windows\system32\ntbackup.exe [2004-08-11 00:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.dell.com
    mStart Page = hxxp://www.dell.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    LSP: CESpy.dll
    TCP: {9BD9336D-DE2F-450A-BBC8-88F48A31533E} = 192.168.1.15
    FF - ProfilePath - c:\documents and settings\tdavis\Application Data\Mozilla\Firefox\Profiles\qv46ad0s.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.icontact.com/
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\tdavis\Application Data\Move Networks
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-nwiz - nwiz.exe
    Notify-NavLogon - (no file)
    MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
    MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\tdavis\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-14 16:30
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\openexec]
    "ImagePath"="c:\\OpenBase/bin/openexec.exe"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3019615205-160102905-4016203181-1149\Software\SecuROM\License information*]
    "datasecu"=hex:28,20,5c,ea,a8,eb,59,e0,dc,b8,96,d5,bb,f7,93,0d,ab,91,d3,28,91,
    60,b2,21,59,b7,b1,25,db,65,75,b7,66,67,c1,44,57,f9,89,77,86,a8,7d,d7,71,20,\
    "rkeysecu"=hex:7e,3b,e5,b8,79,7c,cb,46,4d,c4,ec,3e,99,85,fe,49
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(652)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll
    c:\windows\system32\CESpy.dll
    .
    - - - - - - - > 'lsass.exe'(708)
    c:\windows\system32\CESpy.dll
    c:\windows\System32\nmNsp.dll
    .
    Completion time: 2011-04-14 16:31:58
    ComboFix-quarantined-files.txt 2011-04-14 20:31
    .
    Pre-Run: 94,304,645,120 bytes free
    Post-Run: 94,342,004,736 bytes free
    .
    - - End Of File - - E7913A850A85ACB81D54BCCB5C323151
     
  9. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    I don't see much there.

    Restart computer in Safe Mode with Networking and see, if you can connect there.
     
  10. timbo412

    timbo412 TS Rookie Topic Starter Posts: 16

    Unfortunately it's the same. I can ping out and access the network fine, but no internet.
     
  11. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Do other computers connect fine?
     
     
  12. timbo412

    timbo412 TS Rookie Topic Starter Posts: 16

    Yes - nine other machines on the network all functioning fine. I was using a co-worker's computer to download the programs you posted, then transfer them to my computer via flash drive. Even our wireless is working - I made some replies to you on my iPhone. Up until three days ago, my machine had been running fine, too - no glaring signs of something going wrong.
     
  13. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Try some basic steps...

    Make sure, your computer is set to obtain IP address automatically.
    1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
    2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
    3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
    4. For a wired network connection, right-click Local Area Connection, and then select Properties.
    For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
    5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
    6. Click Obtain an IP Address Automatically, and then click OK.

    If that doesn't work...
    Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
    Reconnect everything.
    Restart computer.

    If that doesn't work, bypass router, and connect computer straight to the modem.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Restart computer.

    If that doesn't work...
    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.


    If that doesn't work...
    Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
    Restart computer, and check again.

    If that doesn't work...
    Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
    http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

    Have XP CD available in case DAF needs a file. Likely not!

    Check all boxes on the screen (clear any restrictions if it shows any)
    Then click GO!

    When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

    Here, one at a time, do the below:

    Reinstall BITS
    Reinstall Windows Firewall
    Repair Permissions
    Reset networking

    Watch for any File not found or other errors and make note as this may lead to the fix!

    Restart computer.
     
  14. timbo412

    timbo412 TS Rookie Topic Starter Posts: 16

    Thanks. Will work on that today and get back with you.
     
  15. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    OK..................
     
  16. timbo412

    timbo412 TS Rookie Topic Starter Posts: 16

    Well......

    Was finally able to try all of these things, but still the same issue. Our offsite system guy says he wants to take my machine in for a "thorough cleaning on the bench". Is there anything else we should try before I have him do that?
     
  17. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  18. timbo412

    timbo412 TS Rookie Topic Starter Posts: 16

    OTL log, part 1

    OTL logfile created on: 4/19/2011 9:13:45 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = \\faclex2\users\tdavis\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 4092 8184 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.96 Gb Total Space | 69.60 Gb Free Space | 46.72% Space Free | Partition Type: NTFS
    Drive E: | 1.97 Gb Total Space | 1.50 Gb Free Space | 76.32% Space Free | Partition Type: FAT
    Drive P: | 931.00 Gb Total Space | 501.48 Gb Free Space | 53.87% Space Free | Partition Type: NTFS
    Drive S: | 931.00 Gb Total Space | 501.48 Gb Free Space | 53.87% Space Free | Partition Type: NTFS
    Drive Y: | 931.00 Gb Total Space | 501.48 Gb Free Space | 53.87% Space Free | Partition Type: NTFS
    Drive Z: | 931.00 Gb Total Space | 501.48 Gb Free Space | 53.87% Space Free | Partition Type: NTFS

    Computer Name: TIM | User Name: tdavis | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/04/19 20:03:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- \\faclex2\users\tdavis\Desktop\OTL.exe
    PRC - [2011/04/13 13:45:07 | 000,438,272 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    PRC - [2011/01/20 15:31:28 | 000,246,272 | ---- | M] () -- C:\WINDOWS\system32\authServer.exe
    PRC - [2011/01/13 14:45:46 | 000,737,280 | ---- | M] (Kaseya International Limited) -- C:\Program Files\Kaseya\MSSLNK22553580818899\AgentMon.exe
    PRC - [2011/01/13 14:39:50 | 000,323,584 | ---- | M] (Kaseya International Limited) -- C:\Program Files\Kaseya\MSSLNK22553580818899\KaUsrTsk.exe
    PRC - [2010/12/15 14:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    PRC - [2010/12/15 14:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2010/10/16 15:02:45 | 000,446,464 | ---- | M] (Acink Corp) -- C:\Program Files\Acink Corp\Parent Pager\PPUM.2323.exe
    PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2009/08/25 09:52:54 | 000,435,624 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Client\SpySweeperUI.exe
    PRC - [2009/08/25 09:52:52 | 000,715,176 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Client\CommAgent.exe
    PRC - [2009/08/25 09:51:08 | 000,166,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Client\SSU.EXE
    PRC - [2009/08/25 09:51:06 | 004,110,352 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Client\SPYSWEEPER.EXE
    PRC - [2008/11/06 09:46:05 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService7.exe
    PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2008/06/10 04:29:45 | 000,674,770 | ---- | M] () -- C:\OpenBase\bin\openinfo.exe
    PRC - [2008/06/10 04:29:34 | 000,731,853 | ---- | M] () -- C:\OpenBase\bin\openexec.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/12/02 13:51:10 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
    PRC - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/04/19 20:03:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- \\faclex2\users\tdavis\Desktop\OTL.exe
    MOD - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\LMIRfsClientNP.dll
    MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/04/13 20:12:02 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
    MOD - [2008/04/13 20:12:02 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
    MOD - [2008/04/13 20:12:02 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
    MOD - [2008/04/13 20:12:01 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
    MOD - [2008/04/13 20:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
    MOD - [2008/04/13 20:11:51 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
    SRV - [2011/04/13 13:45:07 | 000,438,272 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
    SRV - [2011/01/20 15:31:28 | 000,246,272 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\authServer.exe -- (Auth Service)
    SRV - [2011/01/13 14:45:46 | 000,737,280 | ---- | M] (Kaseya International Limited) [Auto | Running] -- C:\Program Files\Kaseya\MSSLNK22553580818899\AgentMon.exe -- (KAMSSLNK22553580818899)
    SRV - [2010/12/15 14:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
    SRV - [2010/12/15 14:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
    SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
    SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/10/16 15:02:45 | 000,446,464 | ---- | M] (Acink Corp) [Auto | Running] -- C:\Program Files\Acink Corp\Parent Pager\PPUM.2323.exe -- (PPUpdateManager)
    SRV - [2009/12/17 18:08:58 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2009/08/25 09:52:52 | 000,715,176 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Client\CommAgent.exe -- (WebrootCommAgentService)
    SRV - [2009/08/25 09:51:06 | 004,110,352 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [On_Demand | Running] -- C:\Program Files\Webroot\Client\spysweeper.exe -- (WebrootSpySweeperService)
    SRV - [2008/12/10 15:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2008/11/06 09:46:05 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
    SRV - [2008/06/10 04:29:34 | 000,731,853 | ---- | M] () [Auto | Running] -- C:\\OpenBase/bin/openexec.exe -- (openexec)
    SRV - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2010/02/25 16:17:16 | 000,013,824 | ---- | M] (Kaseya) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KAPFA.sys -- (KAPFA)
    DRV - [2009/10/07 04:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
    DRV - [2009/10/07 04:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
    DRV - [2009/10/07 04:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2009/08/25 09:51:06 | 000,023,424 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (sshrmd)
    DRV - [2009/08/25 09:50:46 | 000,177,896 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (ssidrv)
    DRV - [2009/08/25 09:50:42 | 000,030,136 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0BBC.SYS -- (ssfs0bbc)
    DRV - [2009/04/15 03:04:36 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
    DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2007/12/02 13:51:06 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/10/10 17:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
    DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/02/25 22:25:12 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
    DRV - [2006/08/14 03:30:02 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2003/04/24 16:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    IE - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.icontact.com/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/06/25 15:21:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/17 17:09:26 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/27 13:01:59 | 000,000,000 | ---D | M]

    [2009/02/20 12:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tdavis\Application Data\Mozilla\Extensions
    [2009/02/20 12:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tdavis\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2011/04/07 16:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tdavis\Application Data\Mozilla\Firefox\Profiles\qv46ad0s.default\extensions
    [2010/05/13 11:29:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\tdavis\Application Data\Mozilla\Firefox\Profiles\qv46ad0s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/01/12 15:41:00 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\tdavis\Application Data\Mozilla\Firefox\Profiles\qv46ad0s.default\extensions\LogMeInClient@logmein.com
    [2011/04/19 13:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/14 14:55:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/14 14:55:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/14 14:57:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/02/14 15:59:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/15 09:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2010/03/18 15:54:44 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\TDAVIS\APPLICATION DATA\MOVE NETWORKS
    [2010/05/14 14:55:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/04/19 09:42:07 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O4 - HKLM..\Run: [KASHMSSLNK22553580818899] C:\Program Files\Kaseya\MSSLNK22553580818899\KaUsrTsk.exe (Kaseya International Limited)
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [WebrootClientUI] C:\Program Files\Webroot\Client\SpySweeperUI.EXE (Webroot Software, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
    O7 - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nmNsp.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
    O15 - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-3019615205-160102905-4016203181-1149\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1209155705967 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} http://192.168.1.113/program/SonySncRz25View.cab (Sony SNC-RZ25 Control)
    O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} http://managed.missinglinklex.com/inc/kaxRemote.dll (kasRmtHlp Class)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.15
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = faclex.local
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\tdavis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\tdavis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
    Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm ()
    Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
    Drivers32: vidc.hfyu - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/19 21:13:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- \\faclex2\users\tdavis\Desktop\OTL.exe
    [2011/04/18 18:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Dropbox
    [2011/04/15 10:57:03 | 000,000,000 | ---D | C] -- C:\logs
    [2011/04/15 03:05:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/04/14 16:43:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/04/14 16:17:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/04/14 16:17:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/04/14 16:17:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/04/14 16:17:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/04/14 16:02:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/04/14 16:02:38 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/14 09:08:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\tdavis\Recent
    [2011/04/13 14:26:38 | 000,000,000 | ---D | C] -- C:\CCleaner
    [2011/04/13 14:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tdavis\Application Data\Malwarebytes
    [2011/04/13 14:09:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/04/13 14:09:19 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/04/13 14:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/04/13 14:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/04/13 14:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/04/13 14:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2011/04/13 14:08:38 | 000,000,000 | ---D | C] -- C:\apps
    [2011/04/13 13:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\RealVNC
    [2011/04/13 13:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaseya
    [2011/04/13 13:14:39 | 000,135,168 | ---- | C] (Kaseya) -- C:\WINDOWS\System32\KaseyaSP.dll
    [2011/04/13 13:14:39 | 000,013,824 | ---- | C] (Kaseya) -- C:\WINDOWS\System32\drivers\KAPFA.sys
    [2011/04/13 13:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Kaseya
    [2011/04/13 13:13:27 | 001,410,007 | ---- | C] (Kaseya) -- \\faclex2\users\tdavis\My Documents\KcsSetup.exe
    [2011/04/13 13:12:43 | 000,000,000 | ---D | C] -- \\faclex2\users\tdavis\My Documents\Downloads
    [2011/04/11 14:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Emicsoft Studio
    [2011/04/05 16:34:27 | 000,000,000 | ---D | C] -- \\faclex2\users\tdavis\Desktop\Dist Conf videos
    [2011/03/29 16:58:50 | 000,000,000 | ---D | C] -- \\faclex2\users\tdavis\Desktop\Dawn Treader Wing Clips
    [2011/03/23 09:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit PDF Editor
    [2011/03/21 09:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\CE

    ========== Files - Modified Within 30 Days ==========

    [2011/04/19 20:47:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/19 20:27:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3019615205-160102905-4016203181-1149UA.job
    [2011/04/19 20:03:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- \\faclex2\users\tdavis\Desktop\OTL.exe
    [2011/04/19 14:35:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2011/04/19 14:03:51 | 000,006,058 | ---- | M] () -- C:\Documents and Settings\tdavis\Application Data\PrimoPDFSet.xml
    [2011/04/19 14:03:47 | 000,000,310 | ---- | M] () -- C:\Documents and Settings\tdavis\Application Data\APUSet.xml
    [2011/04/19 09:55:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2011/04/19 09:55:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/04/19 09:55:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/04/19 09:54:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/04/19 09:54:42 | 000,707,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/04/19 09:52:07 | 007,348,224 | ---- | M] () -- C:\WINDOWS\sectest.db
    [2011/04/19 09:42:07 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
    [2011/04/19 03:38:57 | 000,000,806 | ---- | M] () -- C:\WINDOWS\tasks\Windows Backup of MyDocs.job
    [2011/04/19 03:27:03 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3019615205-160102905-4016203181-1149Core.job
    [2011/04/18 18:30:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/04/18 14:48:20 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\tdavis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/18 14:44:52 | 000,013,312 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\yard sign labels.ppp
    [2011/04/16 16:37:57 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\tdavis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2011/04/16 16:37:56 | 000,445,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/04/16 16:37:56 | 000,073,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/04/15 17:36:17 | 000,010,240 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\ped labels.ppp
    [2011/04/15 14:31:43 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
    [2011/04/15 03:08:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/04/14 09:18:17 | 000,008,300 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
    [2011/04/13 13:12:44 | 001,410,007 | ---- | M] (Kaseya) -- \\faclex2\users\tdavis\My Documents\KcsSetup.exe
    [2011/04/12 14:12:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/04/07 13:03:10 | 008,662,528 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\Publication1.ppp
    [2011/04/05 19:44:40 | 002,903,622 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\david rambo.amr
    [2011/03/29 15:25:50 | 000,042,602 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\print on 11x17 poster.pdf
    [2011/03/29 14:43:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2011/03/29 14:43:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
    [2011/03/29 14:07:00 | 083,129,892 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\Wing Clips - Dawn Treader - QT.zip
    [2011/03/29 14:06:38 | 059,558,790 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\Wing Clips - Dawn Treader - WMV.zip
    [2011/03/29 10:40:50 | 000,493,200 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\banner website.pdf
    [2011/03/28 11:29:32 | 001,220,175 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\2011-04-24 2's Class.pdf
    [2011/03/25 12:11:28 | 000,179,920 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\WSC3 half sheet for FCPS.PDF
    [2011/03/24 09:36:45 | 000,001,204 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr
    [2011/03/22 15:53:32 | 000,062,651 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\banner phone number.pdf
    [2011/03/22 14:14:08 | 000,098,207 | ---- | M] () -- \\faclex2\users\tdavis\Desktop\3x6 small.jpg

    ========== Files Created - No Company Name ==========

    [2011/04/19 09:49:54 | 007,348,224 | ---- | C] () -- C:\WINDOWS\sectest.db
    [2011/04/18 14:44:52 | 000,013,312 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\yard sign labels.ppp
    [2011/04/15 17:36:17 | 000,010,240 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\ped labels.ppp
    [2011/04/15 14:31:43 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\prismShakeIcon.job
    [2011/04/15 03:00:37 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2011/04/14 16:17:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/04/14 16:17:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/04/14 16:17:29 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/04/14 16:17:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/04/14 16:17:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/04/13 14:09:18 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/13 08:46:49 | 002,903,622 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\david rambo.amr
    [2011/04/07 13:02:44 | 008,662,528 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\Publication1.ppp
    [2011/03/29 15:25:32 | 000,042,602 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\print on 11x17 poster.pdf
    [2011/03/29 14:02:48 | 059,558,790 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\Wing Clips - Dawn Treader - WMV.zip
    [2011/03/29 14:02:01 | 083,129,892 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\Wing Clips - Dawn Treader - QT.zip
    [2011/03/29 10:40:37 | 000,493,200 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\banner website.pdf
    [2011/03/28 11:30:33 | 001,220,175 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\2011-04-24 2's Class.pdf
    [2011/03/22 15:53:32 | 000,062,651 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\banner phone number.pdf
    [2011/03/22 14:14:08 | 000,098,207 | ---- | C] () -- \\faclex2\users\tdavis\Desktop\3x6 small.jpg
    [2011/03/21 09:08:03 | 000,246,272 | ---- | C] () -- C:\WINDOWS\System32\authServer.exe
    [2011/02/03 16:29:44 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2010/12/14 15:28:55 | 000,047,104 | ---- | C] () -- C:\WINDOWS\AKDeInstall.exe
    [2010/09/14 09:06:01 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SonySNCRZ25.ini
    [2010/06/17 20:23:59 | 000,001,438 | ---- | C] () -- C:\WINDOWS\LMAAV2DD.ini
    [2010/06/17 18:36:31 | 000,008,300 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
    [2010/05/19 11:55:39 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2010/05/14 08:59:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010/05/03 16:20:40 | 000,175,952 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2009/06/18 13:38:14 | 000,038,456 | ---- | C] () -- C:\Documents and Settings\tdavis\Application Data\Comma Separated Values (Windows).ADR
    [2009/04/03 12:17:53 | 000,038,443 | ---- | C] () -- C:\Documents and Settings\tdavis\Application Data\Microsoft Excel.ADR
    [2009/04/03 12:02:11 | 000,007,604 | ---- | C] () -- C:\Documents and Settings\tdavis\Application Data\Tab Separated Values (Windows).EML
    [2009/02/04 16:04:27 | 000,001,928 | ---- | C] () -- C:\WINDOWS\Palm OS Emulator.ini
    [2009/01/15 17:21:27 | 000,000,079 | ---- | C] () -- C:\WINDOWS\fsplugin.ini
    [2008/11/13 11:44:42 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
    [2008/11/12 14:47:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2008/11/11 11:49:03 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSWQDRV.SYS
    [2008/11/06 09:46:05 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService7.exe
    [2008/06/25 15:21:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2008/06/25 10:48:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/06/16 11:12:08 | 000,241,912 | ---- | C] () -- C:\WINDOWS\System32\nmNsp.dll
    [2008/06/16 11:12:08 | 000,193,272 | ---- | C] () -- C:\WINDOWS\System32\CESpy.dll
    [2008/05/09 08:34:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2008/05/02 13:12:00 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\tdavis\Application Data\APUSet.xml
    [2008/05/02 13:11:59 | 000,006,058 | ---- | C] () -- C:\Documents and Settings\tdavis\Application Data\PrimoPDFSet.xml
    [2008/04/28 14:53:37 | 000,023,518 | ---- | C] () -- C:\Documents and Settings\tdavis\Application Data\Tab Separated Values (Windows).ADR
    [2008/04/25 16:29:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/04/25 16:00:03 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2008/04/24 22:37:23 | 000,184,832 | ---- | C] () -- C:\Documents and Settings\tdavis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/04/23 08:11:35 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
    [2008/04/23 08:11:35 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
    [2008/04/23 08:11:35 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
    [2008/04/23 08:11:35 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
    [2008/04/23 08:11:35 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2008/04/23 08:11:34 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
    [2008/04/22 08:33:23 | 000,001,291 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2008/04/21 15:49:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2008/04/21 15:45:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/04/21 15:26:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2008/04/10 12:52:08 | 000,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/04/10 12:52:06 | 003,143,168 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2008/04/10 12:52:06 | 000,568,320 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
    [2008/04/10 12:52:06 | 000,404,992 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2008/04/10 12:52:06 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
    [2008/04/10 12:52:06 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
    [2008/04/10 12:52:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
    [2008/04/10 12:52:06 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
    [2008/04/10 12:52:06 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
    [2008/04/10 12:52:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2008/04/10 12:52:06 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
    [2008/04/10 12:52:06 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
    [2008/04/10 12:52:06 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
    [2008/04/10 12:52:06 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
    [2008/04/10 12:52:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
    [2008/04/10 12:50:40 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2008/03/29 11:42:22 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
    [2008/03/29 11:42:20 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
    [2008/03/29 11:42:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
    [2008/03/29 11:42:08 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
    [2008/03/29 11:42:04 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
    [2008/03/29 11:42:04 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
    [2008/03/29 11:42:02 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
    [2008/03/29 11:42:02 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
    [2008/03/29 11:42:00 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
    [2008/03/29 11:42:00 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
    [2008/03/29 11:41:54 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
    [2008/03/29 11:41:54 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
    [2008/03/29 11:41:52 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
    [2008/03/29 11:41:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
    [2008/03/21 16:30:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/03/14 23:18:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2008/03/14 23:16:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/03/14 22:58:55 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2008/03/14 22:58:55 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2008/03/14 22:58:55 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2008/03/14 22:58:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
    [2008/03/14 22:57:45 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
    [2007/12/31 20:00:00 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
    [2007/12/31 20:00:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2007/12/31 20:00:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
    [2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
    [2007/06/28 14:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2007/06/07 18:10:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
    [2007/04/13 13:36:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
    [2007/04/13 13:36:00 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
    [2006/11/06 18:49:36 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
    [2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/11 18:06:43 | 000,707,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/11 18:00:28 | 000,445,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/11 18:00:28 | 000,073,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
     
  19. timbo412

    timbo412 TS Rookie Topic Starter Posts: 16

    OTL log, part 2:


    ========== LOP Check ==========

    [2011/04/12 15:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.FACLEX\Application Data\CE
    [2009/06/02 10:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.FACLEX\Application Data\HotSync
    [2010/06/23 11:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
    [2011/04/13 14:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/12/17 23:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2010/12/27 14:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
    [2008/11/11 14:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
    [2011/04/19 09:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2010/12/14 15:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
    [2010/12/15 10:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/03/17 08:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/06 08:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/15 09:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/07 09:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2011/03/21 09:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\CE
    [2010/06/17 09:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jelliott\Application Data\CE
    [2010/06/14 11:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jrowland\Application Data\CE
    [2010/04/25 08:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kids\Application Data\CE
    [2011/03/21 09:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\CE
    [2010/12/27 14:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Flip Video
    [2010/06/17 09:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mberry\Application Data\CE
    [2011/04/13 13:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mlmsadmin\Application Data\CE
    [2010/07/26 09:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\CE
    [2011/04/18 18:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Dropbox
    [2010/06/14 10:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scook\Application Data\CE
    [2011/03/18 16:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\Audacity
    [2010/12/28 14:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\avidemux
    [2011/04/07 13:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\CE
    [2011/04/12 14:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\Dropbox
    [2009/09/15 15:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\FileZilla
    [2008/08/14 17:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\FinalBurner AudioCD Ripper
    [2008/04/24 23:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\FinalBurner Video DVD
    [2011/02/06 13:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\Flip Video
    [2010/10/15 11:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\HamsterSoft
    [2010/12/14 15:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\jah
    [2008/11/11 14:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\Leadertech
    [2009/01/20 21:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\Moyea
    [2009/12/17 23:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\No Company Name
    [2008/08/27 12:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\Serif
    [2011/02/17 16:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdavis\Application Data\Suran
    [2011/04/15 14:31:43 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
    [2011/04/19 03:38:57 | 000,000,806 | ---- | M] () -- C:\WINDOWS\Tasks\Windows Backup of MyDocs.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/04/06 17:06:40 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2010/02/26 16:20:07 | 004,761,600 | ---- | M] () -- C:\7puj14uc.iso
    [2009/12/17 23:22:17 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
    [2009/01/20 13:42:04 | 000,002,625 | -HS- | M] () -- C:\AlbumArtSmall.jpg
    [2009/01/20 13:42:06 | 000,010,856 | -HS- | M] () -- C:\AlbumArt_{C8244E50-308F-44BA-9D8A-EA5F31B2EE7A}_Large.jpg
    [2009/01/20 13:42:04 | 000,002,625 | -HS- | M] () -- C:\AlbumArt_{C8244E50-308F-44BA-9D8A-EA5F31B2EE7A}_Small.jpg
    [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2008/04/21 14:55:33 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2010/03/31 10:15:23 | 000,158,030 | ---- | M] () -- C:\cc_20100331_101448.reg
    [2011/04/19 21:13:46 | 003,157,238 | ---- | M] () -- C:\ceProcesses.txt
    [2011/04/14 16:31:59 | 000,019,846 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/04/19 09:53:11 | 000,000,420 | ---- | M] () -- C:\DAF-interface-resetlog.txt
    [2008/03/14 22:59:22 | 000,006,287 | RH-- | M] () -- C:\dell.sdr
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2009/01/20 13:42:06 | 000,010,856 | -HS- | M] () -- C:\Folder.jpg
    [2010/08/23 15:04:53 | 000,000,000 | ---- | M] () -- C:\foo.txt
    [2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2008/04/25 15:59:51 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2010/08/23 09:21:52 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
    [2011/04/15 11:27:34 | 000,013,950 | ---- | M] () -- C:\lxeccomx.log
    [2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/05/28 16:25:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/04/19 09:54:41 | 4290,772,992 | -HS- | M] () -- C:\pagefile.sys
    [2010/12/14 16:11:00 | 000,005,379 | ---- | M] () -- C:\SetUp-Log-mpegable DS decoder.txt
    [2008/05/06 08:57:04 | 000,150,192 | ---- | M] () -- C:\TweakUiPowertoySetup.exe
    [2006/12/05 19:52:06 | 000,000,505 | ---- | M] () -- C:\unPDVDDX.iss
    [2008/09/18 16:55:34 | 000,000,086 | ---- | M] () -- C:\unPDVDDX.log
    [2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/11 18:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2005/01/28 04:15:04 | 000,026,624 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMAATB4C.DLL
    [2007/01/25 10:30:36 | 000,053,248 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMABKC4C.DLL
    [2010/12/08 14:11:52 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/05/28 16:28:34 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2008/05/28 17:18:37 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\tdavis\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/11 18:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\tdavis\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/05/28 17:18:37 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\tdavis\Favorites\Desktop.ini
    [2010/11/03 11:25:16 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\tdavis\Favorites\NCH Software Download.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/06/17 18:36:57 | 000,000,630 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/04/19 21:05:41 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\tdavis\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 02:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 02:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 02:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "NoAutoUpdate" = 0
    "AUOptions" = 4
    "ScheduledInstallDay" = 0
    "ScheduledInstallTime" = 3
    "NoAutoRebootWithLoggedOnUsers" = 1

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-15 07:10:19


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A19129
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AEE100C

    < End of report >
     
  20. timbo412

    timbo412 TS Rookie Topic Starter Posts: 16

    Extras log:

    OTL Extras logfile created on: 4/19/2011 9:13:45 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = \\faclex2\users\tdavis\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 4092 8184 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.96 Gb Total Space | 69.60 Gb Free Space | 46.72% Space Free | Partition Type: NTFS
    Drive E: | 1.97 Gb Total Space | 1.50 Gb Free Space | 76.32% Space Free | Partition Type: FAT
    Drive P: | 931.00 Gb Total Space | 501.48 Gb Free Space | 53.87% Space Free | Partition Type: NTFS
    Drive S: | 931.00 Gb Total Space | 501.48 Gb Free Space | 53.87% Space Free | Partition Type: NTFS
    Drive Y: | 931.00 Gb Total Space | 501.48 Gb Free Space | 53.87% Space Free | Partition Type: NTFS
    Drive Z: | 931.00 Gb Total Space | 501.48 Gb Free Space | 53.87% Space Free | Partition Type: NTFS

    Computer Name: TIM | User Name: tdavis | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-3019615205-160102905-4016203181-1149\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AllAlertsDisabled" = 1
    "TermService" = 1
    "DisableMonitoring" = 1
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
    "{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
    "{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
    "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
    "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
    "{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v2.2.0.132
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35D4B689-722A-413B-BC6E-8ACA8C1E8636}" = Foxit Reader
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}" = FlipShare
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45EA11B5-874D-480E-89B9-2545505BBE3E}" = Microsoft OpenType Font File Properties Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57DC8980-73DA-481E-AFD4-5E2D44B7F1AD}" = StuffIt Expander 2009
    "{5AC5ED2E-2936-4B54-A429-703F9034938E}" = Covenant Eyes
    "{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7B4174E8-FE92-4269-808A-3B8D116D9538}" = Advanced Security for Outlook
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1" = WAV MP3 Converter v4.2 build 1259
    "{A816264A-698B-49A3-BE87-E13886DD6C61}" = Webroot® Client
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{BCA541B4-00B4-4D20-B38D-6623BF2F68BF}" = Serif PagePlus 9.0
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
    "{C39E84D2-0AE6-4692-9D05-63085B7CF8B1}" = CDM+ 9.0
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
    "{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
    "Applian FLV Player2.0.24" = Applian FLV Player
    "Audacity 1.3 Beta_is1" = Audacity 1.3.12
    "Audacity_is1" = Audacity 1.2.6
    "Avidemux 2.5" = Avidemux 2.5
    "CCleaner" = CCleaner (remove only)
    "Countdown Creator_is1" = Countdown Creator 2.0
    "DivX Setup.divx.com" = DivX Setup
    "DVDStyler_is1" = DVDStyler v1.7.4
    "EncFlac" = EncFlac 1.1.2
    "Foxit PDF Editor" = Foxit PDF Editor
    "Google Calendar Sync" = Google Calendar Sync
    "Google Updater" = Google Updater
    "Graph paper printer" = Graph paper printer
    "KAMSSLNK22553580818899" = Kaseya Agent (tim.root.first_alliance_church - agent.missinglinklex.com)
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "Lexmark_HostCD" = Lexmark Software Uninstall
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "lvdrivers_12.10" = Logitech Webcam Software Driver Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Media Player - Codec Pack" = Media Player Codec Pack 3.1.0
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "Mpeg2Decoder_is1" = Mpeg2Decoder 1.3
    "mpegable DS" = mpegable DS decoder
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NVIDIA Drivers" = NVIDIA Drivers
    "OpenLibraries" = OpenLibraries
    "OW2010DVD" = OW Professional Edition
    "Parent Pager" = Parent Pager
    "Plato DVD Ripper Professional_is1" = Plato DVD Ripper Professional 6.66.14
    "PrimoPDF4.0.1" = PrimoPDF
    "Prism" = Prism Video File Converter
    "RealPlayer 6.0" = RealPlayer
    "SearchAssist" = SearchAssist
    "Super Video Converter_is1" = Super Video Converter 5.8
    "Tweak UI 2.10" = Tweak UI
    "Video Edit Magic 4_is1" = Video Edit Magic 4.4
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Winamp" = Winamp
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3019615205-160102905-4016203181-1149\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/19/2011 7:15:45 PM | Computer Name = TIM | Source = Google Update | ID = 1
    Description =

    Error - 4/19/2011 7:35:45 PM | Computer Name = TIM | Source = Google Update | ID = 1
    Description =

    Error - 4/19/2011 8:10:42 PM | Computer Name = TIM | Source = Userenv | ID = 1006
    Description = Windows cannot bind to faclex.local domain. (Timeout). Group Policy
    processing aborted.

    Error - 4/19/2011 8:10:42 PM | Computer Name = TIM | Source = Userenv | ID = 1030
    Description = Windows cannot query for the list of Group Policy objects. A message
    that describes the reason for this was previously logged by the policy engine.

    Error - 4/19/2011 8:15:45 PM | Computer Name = TIM | Source = Google Update | ID = 1
    Description =

    Error - 4/19/2011 8:35:45 PM | Computer Name = TIM | Source = Google Update | ID = 1
    Description =

    Error - 4/19/2011 8:53:03 PM | Computer Name = TIM | Source = Userenv | ID = 1006
    Description = Windows cannot bind to faclex.local domain. (Timeout). Group Policy
    processing aborted.

    Error - 4/19/2011 8:53:03 PM | Computer Name = TIM | Source = Userenv | ID = 1030
    Description = Windows cannot query for the list of Group Policy objects. A message
    that describes the reason for this was previously logged by the policy engine.

    Error - 4/19/2011 8:55:32 PM | Computer Name = TIM | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/19/2011 8:55:53 PM | Computer Name = TIM | Source = Application Error | ID = 1000
    Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
    nmsvc.dll, version 0.0.0.0, fault address 0x000139df.

    [ System Events ]
    Error - 4/19/2011 9:55:51 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7023
    Description = The Background Intelligent Transfer Service service terminated with
    the following error: %%2

    Error - 4/19/2011 9:56:21 AM | Computer Name = TIM | Source = DCOM | ID = 10010
    Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
    with DCOM within the required timeout.

    Error - 4/19/2011 9:56:21 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7023
    Description = The Background Intelligent Transfer Service service terminated with
    the following error: %%2

    Error - 4/19/2011 9:56:51 AM | Computer Name = TIM | Source = DCOM | ID = 10010
    Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
    with DCOM within the required timeout.

    Error - 4/19/2011 10:00:37 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7023
    Description = The Background Intelligent Transfer Service service terminated with
    the following error: %%2

    Error - 4/19/2011 10:01:07 AM | Computer Name = TIM | Source = DCOM | ID = 10010
    Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
    with DCOM within the required timeout.

    Error - 4/19/2011 10:04:52 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7023
    Description = The Background Intelligent Transfer Service service terminated with
    the following error: %%2

    Error - 4/19/2011 10:05:22 AM | Computer Name = TIM | Source = DCOM | ID = 10010
    Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
    with DCOM within the required timeout.

    Error - 4/19/2011 9:11:35 PM | Computer Name = TIM | Source = Removable Storage Service | ID = 262255
    Description = RSM could not load media in drive Drive 0 of library Generic Flash
    Disk USB Device.

    Error - 4/19/2011 9:11:35 PM | Computer Name = TIM | Source = Removable Storage Service | ID = 262255
    Description = RSM could not load media in drive Drive 0 of library Generic Flash
    Disk USB Device.


    < End of report >
     
  21. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    I'd like to see one more log....

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Users, Partitions and Memory size
    Click Go and post the result.
     
  22. timbo412

    timbo412 TS Rookie Topic Starter Posts: 16

    MiniToolBox by Farbar
    Ran by tdavis (administrator) at 2011-04-20 20:06:29
    Microsoft Windows XP Service Pack 3 (X86)

    ***************************************************************************


    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= End of IE Proxy Settings ========================
    =============== Hosts content: ============================================

    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost

    =============== End of Hosts ==============================================

    ================= IP Configuration: =======================================


    # ----------------------------------
    # Interface IP Configuration
    # ----------------------------------
    pushd interface ip


    # Interface IP Configuration for "Local Area Connection"

    set address name="Local Area Connection" source=dhcp
    set dns name="Local Area Connection" source=static addr=192.168.1.15 register=PRIMARY
    set wins name="Local Area Connection" source=dhcp


    popd
    # End of interface IP configuration




    Windows IP Configuration



    Host Name . . . . . . . . . . . . : Tim

    Primary Dns Suffix . . . . . . . : faclex.local

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : faclex.local

    faclex.local



    Ethernet adapter Local Area Connection:



    Connection-specific DNS Suffix . : faclex.local

    Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

    Physical Address. . . . . . . . . : 00-1D-09-23-83-2F

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.1.137

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.1.1

    DHCP Server . . . . . . . . . . . : 192.168.1.15

    DNS Servers . . . . . . . . . . . : 192.168.1.15

    Lease Obtained. . . . . . . . . . : Thursday, April 14, 2011 1:20:02 PM

    Lease Expires . . . . . . . . . . : Friday, April 15, 2011 1:20:02 PM



    Pinging google.com [74.125.225.16] with 32 bytes of data:



    Reply from 74.125.225.16: bytes=32 time=137ms TTL=53

    Reply from 74.125.225.16: bytes=32 time=138ms TTL=53



    Ping statistics for 74.125.225.16:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 137ms, Maximum = 138ms, Average = 137ms



    Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



    Reply from 209.191.122.70: bytes=32 time=492ms TTL=48

    Reply from 209.191.122.70: bytes=32 time=406ms TTL=48



    Ping statistics for 209.191.122.70:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 406ms, Maximum = 492ms, Average = 449ms



    Pinging 127.0.0.1 with 32 bytes of data:



    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



    Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x10003 ...00 1d 09 23 83 2f ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.137 10
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    169.254.0.0 255.255.0.0 192.168.1.137 192.168.1.137 20
    192.168.1.0 255.255.255.0 192.168.1.137 192.168.1.137 10
    192.168.1.137 255.255.255.255 127.0.0.1 127.0.0.1 10
    192.168.1.255 255.255.255.255 192.168.1.137 192.168.1.137 10
    224.0.0.0 240.0.0.0 192.168.1.137 192.168.1.137 10
    255.255.255.255 255.255.255.255 192.168.1.137 192.168.1.137 1
    Default Gateway: 192.168.1.1
    ===========================================================================
    Persistent Routes:
    None


    # ----------------------------------
    # Interface IP Configuration
    # ----------------------------------
    pushd interface ip


    # Interface IP Configuration for "Local Area Connection"

    set address name="Local Area Connection" source=dhcp
    set dns name="Local Area Connection" source=dhcp register=PRIMARY
    set wins name="Local Area Connection" source=dhcp


    popd
    # End of interface IP configuration




    Windows IP Configuration



    Host Name . . . . . . . . . . . . : Tim

    Primary Dns Suffix . . . . . . . : faclex.local

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : faclex.local

    faclex.local



    Ethernet adapter Local Area Connection:



    Connection-specific DNS Suffix . : faclex.local

    Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

    Physical Address. . . . . . . . . : 00-1D-09-23-83-2F

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.1.27

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.1.1

    DHCP Server . . . . . . . . . . . : 192.168.1.15

    DNS Servers . . . . . . . . . . . : 192.168.1.15

    Lease Obtained. . . . . . . . . . : Wednesday, April 20, 2011 9:54:45 AM

    Lease Expires . . . . . . . . . . : Thursday, April 21, 2011 9:54:45 AM


    ================= End of IP Configuration =================================

    ========================= Memory info: ====================================

    Percentage of memory in use: 33%
    Total physical RAM: 1981.85 MB
    Available physical RAM: 1310.98 MB
    Total Pagefile: 5920.88 MB
    Available Pagefile: 5273.62 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2007.26 MB

    ======================= Partitions: =======================================

    1 Drive c: () (Fixed) (Total:148.96 GB) (Free:69.38 GB) NTFS
    3 Drive e: (CM FLASH) (Removable) (Total:1.97 GB) (Free:1.49 GB) FAT
    4 Drive p: (Data) (Network) (Total:931 GB) (Free:500.8 GB) NTFS
    5 Drive s: (Data) (Network) (Total:931 GB) (Free:500.8 GB) NTFS
    6 Drive y: (Data) (Network) (Total:931 GB) (Free:500.8 GB) NTFS
    7 Drive z: (Data) (Network) (Total:931 GB) (Free:500.8 GB) NTFS

    ================= Users: ==================================================
    ================= End of Users ============================================
     
  23. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Re-run MiniToolbox, but this time check these items:

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • Flush DNS
    • Reset IE Proxy Settings
    • List IP configuration
    Click Go and post the result.
     
  24. timbo412

    timbo412 TS Rookie Topic Starter Posts: 16

    Here it is.

    Don't know if this is significant, but I'm noticing 2-3 times a day I'm getting a message that "nslookup APP" has closed, then it gives me the option to submit a report or not.



    MiniToolBox by Farbar
    Ran by tdavis (administrator) at 2011-04-20 20:06:29
    Microsoft Windows XP Service Pack 3 (X86)

    ***************************************************************************


    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= End of IE Proxy Settings ========================
    =============== Hosts content: ============================================

    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost

    =============== End of Hosts ==============================================

    ================= IP Configuration: =======================================


    # ----------------------------------
    # Interface IP Configuration
    # ----------------------------------
    pushd interface ip


    # Interface IP Configuration for "Local Area Connection"

    set address name="Local Area Connection" source=dhcp
    set dns name="Local Area Connection" source=static addr=192.168.1.15 register=PRIMARY
    set wins name="Local Area Connection" source=dhcp


    popd
    # End of interface IP configuration




    Windows IP Configuration



    Host Name . . . . . . . . . . . . : Tim

    Primary Dns Suffix . . . . . . . : faclex.local

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : faclex.local

    faclex.local



    Ethernet adapter Local Area Connection:



    Connection-specific DNS Suffix . : faclex.local

    Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

    Physical Address. . . . . . . . . : 00-1D-09-23-83-2F

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.1.137

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.1.1

    DHCP Server . . . . . . . . . . . : 192.168.1.15

    DNS Servers . . . . . . . . . . . : 192.168.1.15

    Lease Obtained. . . . . . . . . . : Thursday, April 14, 2011 1:20:02 PM

    Lease Expires . . . . . . . . . . : Friday, April 15, 2011 1:20:02 PM



    Pinging google.com [74.125.225.16] with 32 bytes of data:



    Reply from 74.125.225.16: bytes=32 time=137ms TTL=53

    Reply from 74.125.225.16: bytes=32 time=138ms TTL=53



    Ping statistics for 74.125.225.16:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 137ms, Maximum = 138ms, Average = 137ms



    Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



    Reply from 209.191.122.70: bytes=32 time=492ms TTL=48

    Reply from 209.191.122.70: bytes=32 time=406ms TTL=48



    Ping statistics for 209.191.122.70:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 406ms, Maximum = 492ms, Average = 449ms



    Pinging 127.0.0.1 with 32 bytes of data:



    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



    Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x10003 ...00 1d 09 23 83 2f ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.137 10
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    169.254.0.0 255.255.0.0 192.168.1.137 192.168.1.137 20
    192.168.1.0 255.255.255.0 192.168.1.137 192.168.1.137 10
    192.168.1.137 255.255.255.255 127.0.0.1 127.0.0.1 10
    192.168.1.255 255.255.255.255 192.168.1.137 192.168.1.137 10
    224.0.0.0 240.0.0.0 192.168.1.137 192.168.1.137 10
    255.255.255.255 255.255.255.255 192.168.1.137 192.168.1.137 1
    Default Gateway: 192.168.1.1
    ===========================================================================
    Persistent Routes:
    None


    # ----------------------------------
    # Interface IP Configuration
    # ----------------------------------
    pushd interface ip


    # Interface IP Configuration for "Local Area Connection"

    set address name="Local Area Connection" source=dhcp
    set dns name="Local Area Connection" source=dhcp register=PRIMARY
    set wins name="Local Area Connection" source=dhcp


    popd
    # End of interface IP configuration




    Windows IP Configuration



    Host Name . . . . . . . . . . . . : Tim

    Primary Dns Suffix . . . . . . . : faclex.local

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : faclex.local

    faclex.local



    Ethernet adapter Local Area Connection:



    Connection-specific DNS Suffix . : faclex.local

    Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

    Physical Address. . . . . . . . . : 00-1D-09-23-83-2F

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.1.27

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.1.1

    DHCP Server . . . . . . . . . . . : 192.168.1.15

    DNS Servers . . . . . . . . . . . : 192.168.1.15

    Lease Obtained. . . . . . . . . . : Wednesday, April 20, 2011 9:54:45 AM

    Lease Expires . . . . . . . . . . : Thursday, April 21, 2011 9:54:45 AM


    ================= End of IP Configuration =================================

    ========================= Memory info: ====================================

    Percentage of memory in use: 33%
    Total physical RAM: 1981.85 MB
    Available physical RAM: 1310.98 MB
    Total Pagefile: 5920.88 MB
    Available Pagefile: 5273.62 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2007.26 MB

    ======================= Partitions: =======================================

    1 Drive c: () (Fixed) (Total:148.96 GB) (Free:69.38 GB) NTFS
    3 Drive e: (CM FLASH) (Removable) (Total:1.97 GB) (Free:1.49 GB) FAT
    4 Drive p: (Data) (Network) (Total:931 GB) (Free:500.8 GB) NTFS
    5 Drive s: (Data) (Network) (Total:931 GB) (Free:500.8 GB) NTFS
    6 Drive y: (Data) (Network) (Total:931 GB) (Free:500.8 GB) NTFS
    7 Drive z: (Data) (Network) (Total:931 GB) (Free:500.8 GB) NTFS

    ================= Users: ==================================================
    ================= End of Users ============================================
     
  25. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Are you familiar with faclex.local?
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.