Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search engine redirect virus


  • This topic is locked This topic is locked
11 replies to this topic

#1 bdavidson

bdavidson

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 06 December 2009 - 10:57 PM

Hello, I am new to this forum. Thank you in advance for any help you can provide me. I have a search engine redirect virus on my computer that I cannot get rid of. I have tried MalwareBytes, AdAware, Spybot, and Spyware Doctor. I've noticed a lot of posts with a HijackThis log. I have run that and have a log that I have posted below. Please let me know how I can fix this problem!! Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:17 PM, on 12/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\win32app\ingr\ipshare\clntutil\bin\pidrpcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Updater\2.4.1739.5352\GoogleUpdaterInstallMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080605
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080605
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://visionweb.rve.com
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://remote.rve.com/CACHE/webvpn/stc/1/b...ries/stcweb.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1239205929546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1259088441375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58C2D6CB-6631-4C74-BDAC-33B87EAB9D46}: Domain = rve.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rve.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = rve.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rve.com
O18 - Filter hijack: text/html - {26123123-b153-4b13-a60c-dad6ffd25f26} - (no file)
O20 - AppInit_DLLs: ,
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InterPlot IMF Printer Driver Service - Unknown owner - C:\win32app\ingr\ipshare\clntutil\bin\pidrpcs.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 13760 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:23 PM

Posted 07 December 2009 - 08:27 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT




  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.


=============

The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 bdavidson

bdavidson
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 07 December 2009 - 10:06 AM

Hi Sam, thank you so much for your help. The GMER program crashed the first time I tried to run it. I downloaded another copy and it appears to be working this time. In the meantime, here are the two OTL logs, I'll post the GMER log when it is finished:

OTL logfile created on: 12/7/2009 8:33:25 AM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Documents and Settings\bdavidson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.30% Memory free
3.84 Gb Paging File | 2.76 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 29.14 Gb Free Space | 39.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PITLTXP2BD
Current User Name: bdavidson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/07 08:32:32 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bdavidson\Desktop\OTL.exe
PRC - [2009/11/24 11:44:10 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/24 11:44:07 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/23 13:33:42 | 01,141,200 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/09/23 12:17:22 | 00,358,600 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/09/22 17:11:32 | 01,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/27 23:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/11/23 20:10:40 | 00,267,016 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe
PRC - [2008/11/04 12:09:58 | 00,615,696 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2008/06/12 10:48:16 | 02,159,992 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 12:43:38 | 01,245,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/22 12:40:20 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/11/08 22:50:10 | 01,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/10/09 04:17:44 | 02,183,168 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2007/10/09 04:17:44 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2007/10/09 04:17:40 | 01,921,024 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2007/09/27 08:53:34 | 00,053,248 | ---- | M] (IBM Corp) -- C:\Program Files\lotus\notes\ntmulti.exe
PRC - [2007/09/27 08:53:34 | 00,010,240 | ---- | M] (IBM Corp) -- C:\Program Files\lotus\notes\ntaskldr.exe
PRC - [2007/09/27 08:53:30 | 01,114,112 | ---- | M] (IBM Corp) -- C:\Program Files\lotus\notes\nlnotes.exe
PRC - [2007/09/17 11:56:08 | 00,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/09/14 10:53:16 | 00,218,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2007/09/13 19:37:44 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/09/13 19:37:42 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2007/09/10 15:34:02 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007/09/10 15:33:58 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/09/10 15:33:56 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/09/10 09:55:04 | 00,092,160 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2007/09/09 21:15:12 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/09 21:15:02 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/09 21:15:00 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/09 21:15:00 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/09/07 17:29:04 | 00,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2007/08/30 10:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2007/06/20 14:30:18 | 00,079,168 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2007/04/23 04:12:52 | 00,336,944 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2006/11/03 18:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/02 14:05:50 | 00,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2005/11/16 15:20:58 | 00,077,824 | ---- | M] () -- C:\win32app\ingr\ipshare\clntutil\bin\pidrpcs.exe
PRC - [2005/03/14 11:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe
PRC - [2004/08/04 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/08/04 03:56:32 | 01,445,912 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2003/05/15 00:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2002/08/21 04:13:12 | 00,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
PRC - [2002/03/12 10:37:28 | 00,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe


========== Modules (SafeList) ==========

MOD - [2009/12/07 08:32:32 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bdavidson\Desktop\OTL.exe
MOD - [2009/09/09 22:54:58 | 00,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/06 22:21:52 | 00,194,032 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/11/24 11:44:07 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/23 13:33:42 | 01,141,200 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/09/23 12:17:22 | 00,358,600 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 19:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/11/23 20:10:40 | 00,267,016 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe -- (STCAgent)
SRV - [2008/09/19 10:38:02 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2008/09/19 10:37:58 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2008/09/19 10:37:36 | 01,108,464 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2008/06/12 13:54:14 | 00,074,360 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/06/12 10:48:16 | 02,159,992 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008/02/22 12:40:20 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/11/08 22:50:10 | 01,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/10/09 04:17:44 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2007/09/27 08:53:34 | 00,053,248 | ---- | M] (IBM Corp) -- C:\Program Files\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2007/09/13 19:37:42 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/09/13 14:31:44 | 00,192,512 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/09/07 17:29:04 | 00,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2007/08/31 17:39:18 | 00,486,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/07/11 09:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/06/20 14:30:18 | 00,079,168 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2007/04/23 04:12:52 | 00,336,944 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2006/08/11 14:51:04 | 00,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2005/11/16 15:20:58 | 00,077,824 | ---- | M] () -- C:\win32app\ingr\ipshare\clntutil\bin\pidrpcs.exe -- (InterPlot IMF Printer Driver Service)
SRV - [2005/03/14 11:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/04 03:56:32 | 01,445,912 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080605
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080605
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080605
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171


[2009/07/06 16:06:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bdavidson\Application Data\Mozilla\Extensions
[2009/07/06 16:06:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bdavidson\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: (736 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: rve.com ([visionweb] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...swdir8d196a.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} https://remote.rve.com/CACHE/webvpn/stc/1/b...ries/stcweb.cab (STCWeb Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1239205929546 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1259088441375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.9.210.5 192.9.200.7
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7210f4be-af4d-11de-94cb-001d09d9cef1}\Shell - "" = AutoRun
O33 - MountPoints2\{7210f4be-af4d-11de-94cb-001d09d9cef1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7210f4be-af4d-11de-94cb-001d09d9cef1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: msncache - File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 17:02:12 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: rdpijwhb - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (72623992850087936)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/07 08:32:21 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bdavidson\Desktop\OTL.exe
[2009/12/06 22:33:39 | 00,229,304 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/12/06 22:33:33 | 00,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/12/06 22:33:33 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/12/06 22:33:28 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/12/06 22:33:12 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/12/06 22:33:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/12/06 22:33:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\bdavidson\Application Data\PC Tools
[2009/12/06 22:33:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/12/06 22:28:54 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/06 22:13:44 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\bdavidson\Recent
[2009/12/06 22:12:06 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/12/06 21:56:08 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/06 16:23:28 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/06 16:23:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/12/06 16:08:51 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity
[2009/12/06 16:08:50 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2009/12/04 10:16:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\bdavidson\My Documents\Any Video Converter
[2009/12/04 10:16:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\bdavidson\Application Data\Any Video Converter
[2009/12/04 10:16:10 | 00,000,000 | ---D | C] -- C:\Program Files\Video Converter
[2009/11/25 09:12:50 | 00,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/07 08:34:53 | 00,292,352 | ---- | M] () -- C:\Documents and Settings\bdavidson\Desktop\l2x0uexw.exe
[2009/12/07 08:32:32 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bdavidson\Desktop\OTL.exe
[2009/12/07 08:26:54 | 00,288,643 | ---- | M] () -- C:\Documents and Settings\bdavidson\Desktop\59389-google-re.pdf
[2009/12/07 08:20:16 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/07 08:19:19 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/07 08:16:22 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\bdavidson\Local Settings\Application Data\WavXMapDrive.bat
[2009/12/07 08:16:11 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/07 08:15:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/07 08:15:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/07 08:15:48 | 21,373,78816 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/07 08:13:21 | 00,006,395 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/12/07 08:13:19 | 11,911,168 | ---- | M] () -- C:\Documents and Settings\bdavidson\ntuser.dat
[2009/12/07 08:13:19 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\bdavidson\ntuser.ini
[2009/12/06 22:28:54 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\bdavidson\Desktop\HijackThis.lnk
[2009/12/06 22:15:23 | 00,015,346 | ---- | M] () -- C:\Documents and Settings\bdavidson\My Documents\cc_20091206_221516.reg
[2009/12/06 16:55:11 | 00,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{64A3C470-2D1D-4775-82E6-061E010B41A5}.job
[2009/12/04 13:52:45 | 00,007,044 | ---- | M] () -- C:\Documents and Settings\bdavidson\Application Data\PrimoPDFSet.xml
[2009/12/04 11:48:12 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/12/04 11:46:33 | 00,259,444 | -H-- | M] () -- C:\Documents and Settings\bdavidson\Local Settings\Application Data\IconCache.db
[2009/12/04 08:30:12 | 00,038,813 | ---- | M] () -- C:\Documents and Settings\bdavidson\Desktop\Rollover_Contribution_Form.pdf
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/03 14:24:17 | 00,455,975 | ---- | M] () -- C:\Documents and Settings\bdavidson\Desktop\Plan and Profile.pdf
[2009/12/02 20:45:41 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\bdavidson\My Documents\Brady Talk.doc
[2009/12/02 10:59:31 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\bdavidson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/02 10:36:50 | 00,140,477 | ---- | M] () -- C:\Documents and Settings\bdavidson\Desktop\08110-SP01.dwg
[2009/12/01 12:02:35 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/11/30 16:49:57 | 02,355,454 | ---- | M] () -- C:\Documents and Settings\bdavidson\Desktop\P072X001 Site Plans.dwg
[2009/11/25 09:12:56 | 00,000,718 | ---- | M] () -- C:\Documents and Settings\bdavidson\Desktop\Free Window Registry Repair.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/07 08:34:47 | 00,292,352 | ---- | C] () -- C:\Documents and Settings\bdavidson\Desktop\l2x0uexw.exe
[2009/12/07 08:26:37 | 00,288,643 | ---- | C] () -- C:\Documents and Settings\bdavidson\Desktop\59389-google-re.pdf
[2009/12/06 22:33:39 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/12/06 22:33:33 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/12/06 22:33:33 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/12/06 22:33:28 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2009/12/06 22:28:54 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\bdavidson\Desktop\HijackThis.lnk
[2009/12/06 22:15:19 | 00,015,346 | ---- | C] () -- C:\Documents and Settings\bdavidson\My Documents\cc_20091206_221516.reg
[2009/12/04 08:30:12 | 00,038,813 | ---- | C] () -- C:\Documents and Settings\bdavidson\Desktop\Rollover_Contribution_Form.pdf
[2009/12/03 12:19:45 | 00,455,975 | ---- | C] () -- C:\Documents and Settings\bdavidson\Desktop\Plan and Profile.pdf
[2009/12/02 10:28:45 | 00,140,477 | ---- | C] () -- C:\Documents and Settings\bdavidson\Desktop\08110-SP01.dwg
[2009/12/01 12:18:59 | 11,911,168 | ---- | C] () -- C:\Documents and Settings\bdavidson\ntuser.dat
[2009/11/30 11:08:44 | 02,355,454 | ---- | C] () -- C:\Documents and Settings\bdavidson\Desktop\P072X001 Site Plans.dwg
[2009/11/25 09:12:56 | 00,000,718 | ---- | C] () -- C:\Documents and Settings\bdavidson\Desktop\Free Window Registry Repair.lnk
[2009/11/25 09:11:08 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/24 16:51:28 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/24 11:39:28 | 21,373,78816 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/20 11:45:57 | 00,001,106 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tmp184.log
[2009/09/09 07:09:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/06/09 15:37:41 | 00,005,020 | ---- | C] () -- C:\Documents and Settings\bdavidson\Local Settings\Application Data\5ADA8744-2A87-4153-9905-DB3BC62AFE17.txt
[2009/06/08 15:57:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\f8420c87.sys
[2009/06/08 15:56:53 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\98089676.ini
[2009/03/06 11:07:51 | 00,007,044 | ---- | C] () -- C:\Documents and Settings\bdavidson\Application Data\PrimoPDFSet.xml
[2009/03/06 10:57:59 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/02/13 10:36:49 | 00,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2008/12/03 08:42:02 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\bdavidson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/01 12:27:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2008/07/25 09:31:43 | 00,000,077 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/07/25 09:31:42 | 00,000,057 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2008/07/25 09:25:17 | 00,000,139 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/07/25 09:24:37 | 00,000,011 | ---- | C] () -- C:\WINDOWS\hpclj3800g.ini
[2008/07/25 09:23:08 | 00,000,011 | ---- | C] () -- C:\WINDOWS\hpclj3800m.ini
[2008/06/13 12:16:03 | 00,458,752 | ---- | C] () -- C:\WINDOWS\System32\LiveUpdate.dll
[2008/06/13 12:15:40 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2008/06/13 12:15:36 | 00,013,450 | ---- | C] () -- C:\WINDOWS\StaadPro20070.ini
[2008/06/13 12:15:36 | 00,008,214 | ---- | C] () -- C:\WINDOWS\SProRC20070.ini
[2008/06/13 11:58:59 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\bdavidson\Local Settings\Application Data\fusioncache.dat
[2008/06/12 09:59:28 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/11 07:14:55 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/11 07:14:51 | 00,143,384 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/06/10 13:04:56 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\bdavidson\Local Settings\Application Data\WavXMapDrive.bat
[2008/06/05 00:12:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/05 00:09:47 | 00,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/04 23:58:43 | 00,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/06/04 23:56:08 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/06/04 23:56:08 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/06/04 23:51:43 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/06/04 23:51:41 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/06/04 23:30:22 | 01,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/06/04 23:30:22 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4859.dll
[2008/06/04 23:30:22 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/06/04 23:28:49 | 00,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/04/28 12:13:33 | 00,000,290 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/02/04 17:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/13 14:42:30 | 00,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 14:42:30 | 00,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 14:42:28 | 00,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 14:42:28 | 00,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 14:42:28 | 00,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 14:42:28 | 00,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 14:42:26 | 00,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 14:42:26 | 00,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 14:42:26 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 14:42:26 | 00,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 14:36:24 | 00,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 15:05:08 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 15:04:46 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 15:04:26 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 15:04:06 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 15:03:44 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 15:03:24 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 15:03:04 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 15:02:44 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 15:02:22 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 15:02:02 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 09:53:26 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/06/21 09:09:04 | 00,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2007/06/15 10:19:20 | 00,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2007/04/13 08:41:28 | 00,216,064 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2007/02/12 16:43:54 | 00,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2006/08/14 11:02:10 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 08:01:16 | 00,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2006/03/27 11:08:34 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2004/09/10 13:34:00 | 00,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 13:34:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 17:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:00:18 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\ob9v9yc.dll
[2004/08/11 17:00:18 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2004/08/11 17:00:18 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2004/08/11 17:00:18 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\wj17cs7.dll
[2004/08/11 17:00:18 | 00,000,101 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2004/08/11 17:00:18 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\zmtyc8s.dll
[2004/08/11 17:00:18 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\x2opdjo.dll
[2004/08/11 17:00:18 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\n1cf0yk.dll
[2004/08/11 17:00:18 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\m3oma3a.dll
[2004/08/11 17:00:18 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\keet9ad.dll
[2004/08/11 17:00:18 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\hy45nvp.dll
[2004/08/11 17:00:18 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\hkka4dg.dll
[2004/08/11 17:00:18 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\btk974c.dll
[2004/08/11 17:00:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/08/11 17:00:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/08/11 17:00:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/01/20 08:15:14 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[1999/01/22 10:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1999/01/11 03:37:36 | 00,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[1996/05/14 08:50:22 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[1995/08/22 07:36:12 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll

========== LOP Check ==========

[2008/06/12 15:01:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/06/13 12:06:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bentley
[2008/11/23 20:10:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2008/07/28 07:15:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2008/06/04 23:55:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2009/12/07 08:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/05 00:03:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/11/06 23:23:08 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/06/09 09:13:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bdavidson\Application Data\Amazon
[2009/12/04 10:49:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bdavidson\Application Data\Any Video Converter
[2008/06/12 15:11:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bdavidson\Application Data\Autodesk
[2008/07/29 13:35:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bdavidson\Application Data\Bentley
[2009/11/18 15:47:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bdavidson\Application Data\Blackberry Desktop
[2008/07/28 07:15:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bdavidson\Application Data\HotSync
[2009/12/04 16:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bdavidson\Application Data\LimeWire
[2009/07/22 14:28:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bdavidson\Application Data\NCH Swift Sound
[2008/06/12 10:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bdavidson\Application Data\OfficeUpdate12
[2009/11/16 13:48:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bdavidson\Application Data\Research In Motion
[2009/11/24 14:15:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bdavidson\Application Data\SanDisk
[2009/06/10 08:50:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bdavidson\Application Data\vvsbnanr
[2008/06/05 00:02:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bdavidson\Application Data\Wave Systems Corp
[2009/01/28 10:44:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bdavidson\Application Data\XemiComputers
[2009/12/07 08:20:16 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/12/04 11:48:12 | 00,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2009/12/06 16:55:11 | 00,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{64A3C470-2D1D-4775-82E6-061E010B41A5}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2009/12/06 18:26:17 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2009/12/06 18:26:17 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


OTL Extras logfile created on: 12/7/2009 8:33:25 AM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Documents and Settings\bdavidson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.30% Memory free
3.84 Gb Paging File | 2.76 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 29.14 Gb Free Space | 39.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PITLTXP2BD
Current User Name: bdavidson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.scr [@ = MicroStation Resource] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"80:TCP" = 80:TCP:*:Enabled:SYSDLL
"7171:TCP" = 7171:TCP:*:Enabled:SYSDLL

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\RealVNC\VNC4\winvnc4.exe" = C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server -- (RealVNC Ltd.)
"C:\Program Files\Windows Defender\MsMpEng.exe" = C:\Program Files\Windows Defender\MsMpEng.exe:*:Enabled:MsMpEng -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000825B8-5652-468E-9BA7-765E65DD5874}" = STAAD.Pro 2007
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0ADA1ACC-95B0-4424-92A2-46EB8200A093}" = Bentley IEG License Service
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0BE6C46B-048E-4FA3-A4A1-57DC7FDDF829}" = North American Green ECMDS 4.31
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{17E1BC18-8B8C-4160-B759-C47294B5A9C2}" = Cisco AnyConnect VPN Client
"{1911CCBB-B90A-49E9-91D9-AC48B40990B0}" = Bentley FlowMaster
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 17
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{372AA845-86DF-4051-9F5D-E385B73414A3}_0" = MicroStation PowerDraft (V 08.05.02.35) - 1
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA5E4CC-58ED-4ED0-AC9E-ED0759E9166E}" = RedistSysFiles
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{4D5795B4-76AC-473B-82DA-0AE6CBB4BD8C}" = HP Color LaserJet 3800
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}" = Roxio Media Manager
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{5783F2D7-0301-0409-0002-0060B0CE6BBA}" = AutoCAD 2005 - English
"{5783F2D7-0306-0409-0002-0060B0CE6BBA}" = Autodesk Building Systems 2005
"{5783F2D7-0308-0409-0002-0060B0CE6BBA}" = Autodesk Land Desktop 2005
"{5783F2D7-0311-0409-0000-0060B0CE6BBA}" = AutoCAD 2005 Express Tools Volumes 1-9
"{5783F2D7-1308-0409-0002-0060B0CE6BBA}" = Autodesk Civil Design 2005
"{5783F2D7-2308-0409-0002-0060B0CE6BBA}" = Autodesk Survey 2005
"{59531A5F-531C-4AAE-8810-FD64100607F8}" = Bentley StormCAD V8 XM 08.09.081.00
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{661DB902-9E32-4F87-A0CA-1C809DBACA9D}" = VBA (2627.01)
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7376D760-0940-4E0B-A52A-372798C1CCAE}" = Bentley PondPack
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C167BA1-A880-45DE-AC2D-5B9201BF4040}" = Bentley InRoads Group XM Edition (V8.9)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core
"{90F60409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core - English
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{98DC111A-7C22-4C26-B2A1-E654264DAC1E}" = BlackBerry Desktop Software 4.7
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F7729-37FB-49E8-A832-560D4C4BA9B9}" = Bentley SewerCAD
"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
"{AC8A37CB-39AD-46C2-9AB5-F6FBE037CC57}" = Bentley MicroStation V8 XM Edition 08.09.04.51
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
"{BE2E59E9-DB64-4E8C-938B-3A49A8B4B757}" = Lotus Notes 7.0.3
"{BE69B1E5-F275-45E5-BF09-D8652446407A}" = Bentley WaterCAD V8 XM 08.09.400.34
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D581CADA-6336-4961-87AC-A8944E4E6A7C}" = Bentley CulvertMaster
"{D8E1165F-F5A9-4915-AC4F-A34E70BDD0AA}" = Autodesk Raster Design 2005
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E56D5DC8-4C73-44B1-B650-AAD75C7A2701}" = Broadcom ASF Management Applications
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.3-1)
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Arcv2CAD 5.0" = Arcv2CAD 5.0
"Audacity_is1" = Audacity 1.2.6
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"BDE 5.0" = BDE 5.01
"BlackBerry_{98DC111A-7C22-4C26-B2A1-E654264DAC1E}" = BlackBerry Desktop Software 4.7
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"Cisco Systems SSL VPN Client" = Cisco SSL VPN Client
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Free Window Registry Repair" = Free Window Registry Repair
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Color LaserJet 3800" = HP Color LaserJet 3800
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{0BE6C46B-048E-4FA3-A4A1-57DC7FDDF829}" = North American Green ECMDS 4.31
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MicroStation PDF Composer" = MicroStation PDF Composer
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novell Client for Windows" = Novell Client for Windows
"Pixillion" = Pixillion Image Converter
"PrimoPDF4.1.0.9" = PrimoPDF
"RealPlayer 6.0" = RealPlayer
"RealVNC_is1" = VNC Enterprise Edition E4.4.2
"Spyware Doctor" = Spyware Doctor 7.0
"Switch" = Switch Sound File Converter
"UnixUtils for Yahoo! Widgets" = Unix Utilities for Yahoo! Widgets
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/5/2009 3:30:24 PM | Computer Name = PITLTXP2BD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/5/2009 5:10:54 PM | Computer Name = PITLTXP2BD | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 12/5/2009 5:11:44 PM | Computer Name = PITLTXP2BD | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 12/6/2009 4:17:39 PM | Computer Name = PITLTXP2BD | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 12/6/2009 5:11:06 PM | Computer Name = PITLTXP2BD | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 12/6/2009 5:12:09 PM | Computer Name = PITLTXP2BD | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 12/6/2009 5:30:14 PM | Computer Name = PITLTXP2BD | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/6/2009 6:30:01 PM | Computer Name = PITLTXP2BD | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 12/7/2009 9:08:20 AM | Computer Name = PITLTXP2BD | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 12/7/2009 9:16:15 AM | Computer Name = PITLTXP2BD | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

[ Cisco AnyConnect VPN Client Events ]
Error - 11/25/2009 5:59:18 PM | Computer Name = PITLTXP2BD | Source = vpnagent | ID = 50331649
Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp
Line:
606 Description: The handle is invalid.

Error - 11/30/2009 6:01:05 PM | Computer Name = PITLTXP2BD | Source = vpnagent | ID = 50331649
Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp
Line:
606 Description: The handle is invalid.

Error - 12/1/2009 5:59:33 PM | Computer Name = PITLTXP2BD | Source = vpnagent | ID = 50331649
Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp
Line:
606 Description: The handle is invalid.

Error - 12/2/2009 5:59:43 PM | Computer Name = PITLTXP2BD | Source = vpnagent | ID = 50331649
Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp
Line:
606 Description: The handle is invalid.

Error - 12/3/2009 3:57:39 PM | Computer Name = PITLTXP2BD | Source = vpnagent | ID = 50331649
Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp
Line:
606 Description: The handle is invalid.

Error - 12/4/2009 12:47:07 PM | Computer Name = PITLTXP2BD | Source = vpnagent | ID = 50331649
Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp
Line:
606 Description: The handle is invalid.

Error - 12/5/2009 5:08:27 PM | Computer Name = PITLTXP2BD | Source = vpnagent | ID = 50331649
Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp
Line:
606 Description: The handle is invalid.

Error - 12/6/2009 5:08:05 PM | Computer Name = PITLTXP2BD | Source = vpnagent | ID = 50331649
Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp
Line:
606 Description: The handle is invalid.

Error - 12/6/2009 6:26:26 PM | Computer Name = PITLTXP2BD | Source = vpnagent | ID = 50331649
Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp
Line:
606 Description: The handle is invalid.

Error - 12/7/2009 9:07:08 AM | Computer Name = PITLTXP2BD | Source = vpnagent | ID = 50331649
Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp
Line:
606 Description: The handle is invalid.

[ System Events ]
Error - 12/7/2009 8:11:14 AM | Computer Name = PITLTXP2BD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/7/2009 8:16:28 AM | Computer Name = PITLTXP2BD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/7/2009 9:08:14 AM | Computer Name = PITLTXP2BD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/7/2009 9:08:14 AM | Computer Name = PITLTXP2BD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/7/2009 9:10:24 AM | Computer Name = PITLTXP2BD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 12/7/2009 9:10:24 AM | Computer Name = PITLTXP2BD | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 12/7/2009 9:16:20 AM | Computer Name = PITLTXP2BD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/7/2009 9:16:20 AM | Computer Name = PITLTXP2BD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/7/2009 9:17:37 AM | Computer Name = PITLTXP2BD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 12/7/2009 9:17:37 AM | Computer Name = PITLTXP2BD | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2


< End of report >

#4 bdavidson

bdavidson
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 07 December 2009 - 02:06 PM

The GMER log is too long to post. I've attached the log file, hope that's ok. Just to update you on what the computer is doing now....yahoo, bing, and google all redirect my search results to undesirable sites. Also, I attempted to restart in safe mode to run the anti malware programs and kept getting a blue screen fatal errow after choosing safe mode. Please let me know what the next step is, thanks.

Attached Files

  • Attached File  GMER.log   401.27KB   4 downloads


#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:23 PM

Posted 07 December 2009 - 07:29 PM

Please uninstall these old versions of Java. They are a security risk.

Java™ 6 Update 5
Java™ 6 Update 7



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 bdavidson

bdavidson
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 08 December 2009 - 10:59 PM

Hi Sam, sorry for the delay, I had a busy day at work. I just ran Combofix and here is the log:


ComboFix 09-12-08.03 - bdavidson 12/08/2009 22:31:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1411 [GMT -5:00]
Running from: c:\documents and settings\bdavidson\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\98089676.ini
c:\windows\dhcp
c:\windows\Install.txt
c:\windows\system32\clauth1.dll
c:\windows\system32\clauth2.dll
c:\windows\system32\ssprs.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6to4
-------\Legacy_dhcpsrv
-------\Legacy_FAD
-------\Legacy_isadisk
-------\Legacy_MSNCACHE
-------\Legacy_sopidkc
-------\Service_FAD


((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 )))))))))))))))))))))))))))))))
.

2009-12-09 03:44 . 2009-12-09 03:44 -------- d-----w- c:\windows\LastGood
2009-12-07 03:33 . 2009-09-24 13:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-07 03:33 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-07 03:33 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-07 03:33 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-07 03:33 . 2009-12-08 01:29 -------- d-----w- c:\program files\Spyware Doctor
2009-12-07 03:33 . 2009-12-07 03:34 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-07 03:33 . 2009-12-07 03:33 -------- d-----w- c:\documents and settings\bdavidson\Application Data\PC Tools
2009-12-07 03:33 . 2009-12-07 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-07 03:28 . 2009-12-07 03:28 -------- d-----w- c:\program files\Trend Micro
2009-12-07 03:12 . 2009-12-07 03:12 -------- d-----w- c:\program files\CCleaner
2009-12-06 21:23 . 2009-12-07 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-06 21:23 . 2009-12-06 21:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-06 21:09 . 2009-12-06 21:09 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-06 21:08 . 2009-12-06 21:08 -------- d-----w- c:\program files\Audacity
2009-12-06 21:08 . 2009-12-06 21:08 -------- d-----w- c:\program files\NCH Swift Sound
2009-12-04 15:16 . 2009-12-04 15:49 -------- d-----w- c:\documents and settings\bdavidson\Application Data\Any Video Converter
2009-12-04 15:16 . 2009-12-06 21:08 -------- d-----w- c:\program files\Video Converter
2009-11-25 14:12 . 2009-11-25 14:14 -------- d-----w- c:\program files\Free Window Registry Repair
2009-11-19 20:00 . 2009-11-19 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-11-18 21:23 . 2009-11-18 21:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-11-18 21:23 . 2009-12-01 17:02 256 ----a-w- c:\windows\system32\pool.bin
2009-11-18 20:47 . 2009-11-18 20:47 -------- d-----w- c:\documents and settings\bdavidson\Application Data\Blackberry Desktop
2009-11-16 18:48 . 2009-11-16 18:48 -------- d-----w- c:\documents and settings\bdavidson\Application Data\Research In Motion
2009-11-13 20:59 . 2009-11-13 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-13 20:55 . 2007-01-18 15:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-11-13 20:54 . 2009-11-13 20:55 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-11-13 20:54 . 2009-11-13 20:54 -------- d-----w- c:\program files\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 03:45 . 2008-06-10 18:04 0 ----a-w- c:\documents and settings\bdavidson\Local Settings\Application Data\WavXMapDrive.bat
2009-12-08 21:06 . 2008-12-23 21:18 -------- d-----w- c:\documents and settings\bdavidson\Application Data\LimeWire
2009-12-08 19:52 . 2009-03-06 15:57 -------- d-----w- c:\program files\PrimoPDF
2009-12-08 19:20 . 2008-06-12 19:21 -------- d---a-w- c:\program files\Raster Design 2005
2009-12-08 01:29 . 2009-06-09 14:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-08 01:29 . 2008-06-05 04:49 -------- d-----w- c:\program files\Java
2009-12-07 15:58 . 2008-07-25 14:43 -------- d-----w- c:\documents and settings\bdavidson\Application Data\AdobeUM
2009-12-07 03:22 . 2008-10-16 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-07 03:10 . 2009-07-22 19:28 -------- d-----w- c:\program files\NCH Software
2009-12-06 23:26 . 2004-08-04 03:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-06 22:25 . 2009-04-30 13:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-06 22:25 . 2009-06-10 12:49 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 21:14 . 2009-04-30 13:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2009-04-30 13:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 14:31 . 2009-07-06 21:06 -------- d-----w- c:\program files\LimeWire
2009-11-24 19:15 . 2009-07-24 14:24 -------- d-----w- c:\documents and settings\bdavidson\Application Data\SanDisk
2009-11-24 19:14 . 2008-08-08 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-11-20 16:45 . 2009-11-20 16:45 962923 ----a-w- c:\documents and settings\All Users\Application Data\tmp184.tmp
2009-11-20 13:14 . 2009-07-06 13:58 -------- d-----w- c:\program files\McAfee
2009-11-18 21:23 . 2008-06-11 18:00 -------- d-----w- c:\documents and settings\bdavidson\Application Data\Roxio
2009-11-14 18:48 . 2008-06-05 05:03 93888 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-13 21:12 . 2008-06-05 05:12 93888 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-13 20:59 . 2008-06-05 05:08 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-13 20:59 . 2008-06-05 05:09 -------- d-----w- c:\program files\Roxio
2009-11-13 20:59 . 2008-06-05 05:08 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-11-07 04:24 . 2009-11-07 04:24 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-07 04:24 . 2009-11-07 04:24 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-07 04:24 . 2009-11-07 04:24 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-07 04:24 . 2009-06-12 16:40 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-07 04:24 . 2009-06-12 15:31 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-07 04:24 . 2009-11-07 04:24 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-07 04:24 . 2009-11-07 04:24 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-07 04:24 . 2009-11-07 04:24 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-07 04:24 . 2009-11-07 04:24 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-07 04:24 . 2009-06-19 15:32 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-07 04:23 . 2009-11-07 04:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-05 13:26 . 2009-11-05 13:26 152576 ----a-w- c:\documents and settings\bdavidson\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-02 18:15 . 2008-06-12 18:55 -------- d---a-w- c:\program files\Land Desktop 2005
2009-10-11 09:17 . 2008-11-21 21:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-03 08:15 . 2009-11-07 04:23 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-09-28 15:32 . 2009-09-28 15:32 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-09-28 15:32 . 2009-09-28 15:32 68640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-09-28 15:32 . 2009-09-28 15:32 303976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-09-28 15:31 . 2009-06-19 15:31 640760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-23 12:55 . 2009-06-12 15:31 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-17 12:23 . 2009-09-17 12:23 152576 ----a-w- c:\documents and settings\bdavidson\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-16 14:22 . 2009-07-06 13:59 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2009-07-06 13:59 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2009-07-06 13:59 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2009-07-06 13:59 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2009-07-06 13:59 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-10 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-10 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-10 137752]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"SigmatelSysTrayApp"="stsystra.exe" [2007-09-14 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-24 788880]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-6-11 1445904]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-4 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth nwv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/12/2009 10:31 AM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/6/2009 10:33 PM 207280]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 2:30 PM 79168]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [4/23/2007 4:12 AM 336944]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 5:00 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 12:32 PM 97536]
S1 f8420c87;f8420c87;c:\windows\system32\drivers\f8420c87.sys [6/8/2009 3:57 PM 0]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1184912]
S2 Sentry;Sentry;c:\windows\system32\drivers\sentry.sys [6/13/2008 12:15 PM 9180]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\CSVirtA.sys [11/23/2008 8:11 PM 22136]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/6/2009 10:33 PM 358600]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rdpijwhb
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: rve.com\visionweb
DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} - hxxps://remote.rve.com/CACHE/webvpn/stc/1/binaries/stcweb.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-BDE 5.0 - c:\windows\ISUNINST.EXE -fc:\program files\Borland\Common Files\Bde\BDEUninst.isu -cc:\program files\Borland\Common Files\Bde\Uninst.dll
AddRemove-Microsoft Interactive Training - c:\windows\IsUninst.exe -fc:\windows\orun32.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 22:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\NETWIN32.DLL

- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Cisco Systems\SSL VPN Client\agent.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\win32app\ingr\ipshare\clntutil\bin\pidrpcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\lotus\notes\ntmulti.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\StacSV.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\msdtc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\stsystra.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\NWTRAY.EXE
.
**************************************************************************
.
Completion time: 2009-12-08 22:53:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-09 03:53

Pre-Run: 31,420,002,304 bytes free
Post-Run: 41,345,343,488 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1C280D81BFED2BB32B07220406358F18

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:23 PM

Posted 09 December 2009 - 08:54 AM

Looks pretty good to me.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 bdavidson

bdavidson
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 09 December 2009 - 09:22 AM

I haven't had any problems yet today so things are looking good. I have not tried to start in safe mode yet, which is the other problem I was having. I just want to make sure I have that option if I should get another virus. I do have one more question, though. I currently use McAfee and Ad-aware real time, and I run Malware bytes at least once a week. In the past two months I have had the System Security virus, another similar virus, and now this redirect problem. Why is my antivirus and anti adware/malware not picking up on this. Especially the ad aware which is supposed to block this stuff. Is it worth paying for the full version of malware bytes so that can have real time protection? Thanks for all your help, I really appreciate it.

#9 bdavidson

bdavidson
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 10 December 2009 - 08:28 AM

One more question Sam, what internet browser would you recommend? I use IE7 now but that is obviously not getting the job done. I'm debating whether to go with IE8 or Firefox. I do not know anything about Chrome, but heard that it along with Firefox are the best for blocking malware sites.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:23 PM

Posted 10 December 2009 - 09:01 AM

In my opinion, right now both Mcafee and Adaware are playing catchup. Neither program is as good as it used to be. Malwarebytes on the other hand is very good. You'd be better off to replace Mcafee with Kaspersky, Nod32, or even the free version of Avast. And replace Adware with Spybot or the paid version of Malwarebytes. And I'd recommend Firefox as your main browser.

Here are some other recommendations and some clean up steps.

It's time to clean up.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :(
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 bdavidson

bdavidson
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 10 December 2009 - 11:48 AM

I will definitely be taking your advice on my antivirus and antispyware software. Thanks again for all your help, I really appreciate it.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:23 PM

Posted 10 December 2009 - 05:18 PM

I'm glad I could help you out! :(

Now that your problem appears to be resolved, this topic will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users