This hit me today, I ran malwarebytes and it got rid of the SpywareDoctor stuff, but the Vundo trojan was suppose to be cleaned on reboot. I saw a similar topic and followed the instructions for the inital logs from Rooter and OTLI2. I've included these here with the malwarebytes log. Any help will be appreciated as this is my work laptop that is down.
==============Malwarebytes=================================
Malwarebytes' Anti-Malware 1.36
Database version: 2000
Windows 5.1.2600 Service Pack 3
4/18/2009 10:05:52 AM
mbam-log-2009-04-18 (10-05-52).txt
Scan type: Full Scan (C:\|)
Objects scanned: 41721
Time elapsed: 7 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8996ff8-c922-4e13-8475-29111fb8ee1c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ososarbw (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b8996ff8-c922-4e13-8475-29111fb8ee1c} (Trojan.Vundo.H) -> Delete on reboot.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\system32\lkomgpx.dll (Trojan.Vundo.H) -> Delete on reboot.
========================= Rooter ====================================
Microsoft Windows XP Professional (5.1.2600) Service Pack 3
C:\ [Fixed] - NTFS - (Total:76316 Mo/Free:2438 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:503 Mo/Free:457 Mo)
Sat 04/18/2009|18:42
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\WLTRYSVC.EXE
---------- C:\WINDOWS\System32\bcmwltry.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\SCardSvr.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Symantec AntiVirus\DefWatch.exe
---------- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
---------- C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
---------- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\WINDOWS\system32\RUNDLL32.EXE
---------- C:\WINDOWS\stsystra.exe
---------- C:\Program Files\Dell\QuickSet\quickset.exe
---------- C:\Program Files\DellTPad\Apoint.exe
---------- C:\PROGRA~1\SYMANT~1\VPTray.exe
---------- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
---------- C:\WINDOWS\system32\WLTRAY.exe
---------- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
---------- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\DellTPad\ApMsgFwd.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\DellTPad\HidFind.exe
---------- C:\Program Files\DellTPad\Apntex.exe
---------- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
---------- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
---------- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
---------- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
---------- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
---------- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
---------- C:\Documents and Settings\sludwick\Desktop\Logs\Rooter.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
Trojan ! .. C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lkomgpx.dll,DllMain -
----------------------\\ Tasks
C:\WINDOWS\tasks\At1.job
----------------------\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - Sat 04/18/2009|18:43
----------------------\\ Scan completed at 18:43
================================== OTLI2 =======================================
OTListIt logfile created on: 4/18/2009 6:46:12 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\sludwick\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 34.38 Gb Free Space | 46.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 503.47 Mb Total Space | 457.69 Mb Free Space | 90.91% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SAC-JCL8WD1
Current User Name: sludwick
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe (Web Meeting)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Documents and Settings\sludwick\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Disabled | Stopped]) -- File not found
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Auto | Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Running]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RDIConverterPrintHelper [Auto | Running]) -- C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe (Web Meeting)
SRV - (SavRoam [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (SNDSrvc [Disabled | Stopped]) -- File not found
SRV - (SPBBCSvc [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (STacSV [Auto | Running]) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe (SigmaTel, Inc.)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corp.)
DRV - (cercsr6 [Boot | Stopped]) -- C:\WINDOWS\System32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (CSRBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\csrbcxp.sys (CSR, plc)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (guardian2 [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\oz776.sys (O2Micro)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (NAVENG [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090418.004\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090418.004\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (ohchgnbq [Boot | Running]) -- C:\WINDOWS\system32\drivers\ohchgnbq.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (tosporte [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (tosrfbd [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom [System | Running]) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfhid [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfnds [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Tosrfusb [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
O1 HOSTS File: (303487 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 browser-security.microsoft.com
O1 - Hosts: 127.0.0.1 swp2009.com
O1 - Hosts: 127.0.0.1 spyprotect2009.com
O1 - Hosts: 127.0.0.1 sp-protect2009.com
O1 - Hosts: 127.0.0.1 sys-protection.com
O1 - Hosts: 127.0.0.1 sysguard2009.com
O1 - Hosts: 127.0.0.1 os-protection.com
O1 - Hosts: 127.0.0.1 spy-protect-2009.com
O1 - Hosts: 127.0.0.1 spywprotect.com
O1 - Hosts: 127.0.0.1 adwareguard.net
O1 - Hosts: 127.0.0.1 antivirus-win.com
O1 - Hosts: 127.0.0.1 spywrprotect-2009.com
O1 - Hosts: 127.0.0.1 sysprotect.net
O1 - Hosts: 127.0.0.1 spwprotect2009.com
O1 - Hosts: 127.0.0.1 spy-protec.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 10459 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: () - {B8996FF8-C922-4E13-8475-29111FB8EE1C} - c:\windows\system32\lkomgpx.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet ()
O4 - HKLM..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Notice and Consent to Monitoring
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = [String data over 1000 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1205176248203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.su...ows-i586-jc.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8D3314D6-5914-46C1-9F3D-9F14B6A305F1} http://www.mytpi.com...ectuploader.cab (eCTUploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://amexweb.webe...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = taic.net
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\ososarbw: DllName - lkomgpx.dll - C:\WINDOWS\system32\lkomgpx.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O29 - HKLM SecurityProviders - (mcenspc.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{1e2e1f43-a72e-11dd-8565-001d604005da}\Shell\AutoRun\command - "" = E:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{1e2e1f43-a72e-11dd-8565-001d604005da}\Shell\Flip Video for PC\command - "" = E:\system\viewer\FlipVideoforPC.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (ootExecute) - File not found
O34 - HKLM BootExecute: (settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
========== Files/Folders - Created Within 30 Days ==========
[7 C:\WINDOWS\*.tmp files]
[2009/04/18 18:42:55 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/18 18:42:41 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sludwick\Desktop\OTListIt2.exe
[2009/04/18 18:42:41 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\sludwick\Desktop\Rooter.exe
[2009/04/18 18:42:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sludwick\Desktop\Logs
[2009/04/18 18:10:58 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\sludwick\Desktop\VirtumundoBeGone.exe
[2009/04/18 17:48:19 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/18 10:43:16 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\sludwick\Desktop\HijackThis.lnk
[2009/04/18 10:43:16 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/18 10:43:11 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\sludwick\Desktop\HJTInstall.exe
[2009/04/18 09:33:22 | 00,173,456 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\sludwick\Desktop\FixVundo.exe
[2009/04/18 06:35:27 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/04/18 06:30:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.assembly
[2009/04/17 22:00:44 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/17 22:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/17 22:00:10 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/17 22:00:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/17 21:50:04 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/04/14 19:16:02 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/14 19:16:01 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/14 19:16:01 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/14 19:16:01 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/14 19:16:01 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/14 19:16:01 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/14 19:16:01 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/14 19:16:01 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/14 19:16:01 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/14 19:12:34 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/14 19:12:34 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/09 11:12:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sludwick\My Documents\MBI
[2009/04/01 23:47:32 | 00,010,296 | ---- | C] () -- C:\Documents and Settings\sludwick\My Documents\lyrics.docx
[2009/03/25 17:00:32 | 00,264,304 | ---- | C] () -- C:\Documents and Settings\sludwick\Desktop\Scan001.PDF
[2009/03/25 10:44:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sludwick\Application Data\Malwarebytes
[2009/03/25 10:44:40 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 10:44:40 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/25 10:44:38 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/25 10:44:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/25 10:44:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/25 10:40:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\4C271126C2954828A9015910AE0C258B.TMP
[2009/03/25 02:45:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sludwick\Local Settings\Application Data\quobarxz
[2009/03/25 02:45:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sludwick\Application Data\quobarxz
[2009/03/22 19:25:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sludwick\Application Data\Mozilla
[2009/03/22 17:29:23 | 00,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2009/03/21 07:06:58 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2009/03/19 11:54:23 | 00,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/10 16:37:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/10/09 14:01:24 | 00,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/10/02 00:41:11 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\6125160107.sys
[2008/10/01 23:55:33 | 00,004,182 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/09/05 08:33:20 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/14 08:19:44 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/05/14 08:19:42 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/04/17 09:08:56 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/04/17 09:08:44 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/02/22 11:46:31 | 00,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/02/22 11:46:31 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/02/18 23:33:34 | 00,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/01/22 12:49:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/01/22 10:57:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/01/22 10:21:02 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/22 10:21:02 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/01/22 10:21:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/01/22 10:20:58 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/07 17:02:14 | 00,182,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\symndis.sys
[2005/09/02 15:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 22:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/04 03:00:00 | 00,105,472 | ---- | C] () -- C:\WINDOWS\System32\vkeajkm.dll
[2004/08/04 03:00:00 | 00,105,472 | ---- | C] () -- C:\WINDOWS\System32\lkomgpx.dll
[2004/08/04 03:00:00 | 00,000,582 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 03:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/07/20 18:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2009/04/18 18:40:32 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\sludwick\Desktop\Rooter.exe
[2009/04/18 18:18:39 | 00,526,710 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/18 18:18:39 | 00,445,096 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/18 18:18:39 | 00,072,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/18 18:16:38 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sludwick\Desktop\OTListIt2.exe
[2009/04/18 18:14:48 | 00,063,434 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/04/18 18:14:42 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/18 18:13:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/18 18:13:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/18 18:12:33 | 04,829,320 | -H-- | M] () -- C:\Documents and Settings\sludwick\Local Settings\Application Data\IconCache.db
[2009/04/18 17:55:54 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\sludwick\Desktop\VirtumundoBeGone.exe
[2009/04/18 17:42:45 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/04/18 10:43:16 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\sludwick\Desktop\HijackThis.lnk
[2009/04/18 10:40:58 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\sludwick\Desktop\HJTInstall.exe
[2009/04/18 09:31:54 | 00,173,456 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\sludwick\Desktop\FixVundo.exe
[2009/04/18 06:35:27 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/04/18 06:35:27 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/04/18 06:30:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.assembly
[2009/04/17 22:00:44 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/17 21:46:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/15 15:04:43 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/10 22:37:46 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\sludwick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 07:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/01 23:47:32 | 00,010,296 | ---- | M] () -- C:\Documents and Settings\sludwick\My Documents\lyrics.docx
[2009/03/26 23:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/03/25 17:00:34 | 00,264,304 | ---- | M] () -- C:\Documents and Settings\sludwick\Desktop\Scan001.PDF
[2009/03/25 10:44:40 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/25 08:17:39 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/03/21 07:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2009/03/21 07:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
========== LOP Check ==========
[2009/04/17 22:00:10 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/04/17 22:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/09/03 16:34:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/10/29 08:35:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/10/29 08:36:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/01/22 12:46:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/01/22 10:33:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/12/19 21:05:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/01/16 00:16:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/10/02 00:04:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/03/10 17:52:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/25 10:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/09/14 12:12:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/04/15 15:02:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/09/10 12:33:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/03/19 11:44:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/01/22 11:24:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/03/19 11:05:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/01/22 10:35:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2008/01/22 11:55:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/03/25 10:44:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\sludwick\Application Data
[2009/02/18 12:35:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sludwick\Application Data\Adobe
[2008/11/26 12:30:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sludwick\Application Data\Apple Computer
[2008/10/02 00:41:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sludwick\Application Data\Corel
[2008/09/03 14:40:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sludwick\Application Data\Dell
[2008/09/10 16:14:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sludwick\Application Data\Google
[2008/12/10 16:55:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sludwick\Application Data\ICAClient
[2008/09/03 14:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sludwick\Application Data\Identities
[2008/09/10 12:27:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sludwick\Application Data\Macromedia
[2009/03/25 10:44:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sludwick\Application Data\Malwarebytes
[2009/02/23 22:14:43 | 00,000,000 | --SD | M] -- C:\Documents and Settings\sludwick\Application Data\Microsoft
[2009/02/13 17:50:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sludwick\Application Data\Move Networks
[2009/03/22 19:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sludwick\Application Data\Mozilla
[2009/03/25 02:45:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sludwick\Application Data\quobarxz
[2009/04/17 14:01:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sludwick\Application Data\Skype
[2009/04/17 08:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sludwick\Application Data\skypePM
[2008/09/12 07:56:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sludwick\Application Data\Sun
[2009/01/30 14:04:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sludwick\Application Data\Web Meeting
[2008/11/21 11:00:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sludwick\Application Data\webex
[2009/04/17 21:46:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/04/18 17:42:45 | 00,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2004/08/04 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/18 18:13:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
=============================== Extras.txt from OTLI =============================
OTListIt Extras logfile created on: 4/18/2009 6:46:13 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\sludwick\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 34.38 Gb Free Space | 46.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 503.47 Mb Total Space | 457.69 Mb Free Space | 90.91% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SAC-JCL8WD1
Current User Name: sludwick
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"80:TCP" = 80:TCP:*:Enabled:dll32
"7171:TCP" = 7171:TCP:*:Enabled:dll32
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\WINDOWS\svcho.exe:*:Enabled:enable File not found
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10E1FC7C-AB9E-4851-AEC7-8A189A1E7281}" = LogoEase
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{343D8DE3-AE1F-431A-830C-B66352E8CA12}" = OZ776 SCR Driver V1.1.3.9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{465DC07E-3390-401A-A190-6078D73AB4C6}" = CorelDRAW Graphics Suite 12
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{903A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003
"{90530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{94FE0F65-26F1-4AAF-A772-1B6484564DAE}" = InterCall Web Meeting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD65CAC7-6D63-4D56-BED0-B610281256DF}" = CorelDRAW Graphics Suite 12 Setup Files
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Free FLV Converter_is1" = Free FLV Converter V 6.2.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{343D8DE3-AE1F-431A-830C-B66352E8CA12}" = OZ776 SCR Driver V1.1.3.9
"LineupDominator_is1" = LineupDominator Version 4.0a Full
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/18/2009 8:38:02 PM | Computer Name = SAC-JCL8WD1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 4/18/2009 8:44:08 PM | Computer Name = SAC-JCL8WD1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 4/18/2009 8:44:09 PM | Computer Name = SAC-JCL8WD1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.
Error - 4/18/2009 8:45:00 PM | Computer Name = SAC-JCL8WD1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 4/18/2009 8:46:44 PM | Computer Name = SAC-JCL8WD1 | Source = MsiInstaller | ID = 11706
Description = Product: Cisco Systems VPN Client 5.0.03.0530 -- Error 1706. No valid
source could be found for product Cisco Systems VPN Client 5.0.03.0530. Windows
Installer cannot continue.
Error - 4/18/2009 9:13:56 PM | Computer Name = SAC-JCL8WD1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 4/18/2009 9:13:57 PM | Computer Name = SAC-JCL8WD1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.
Error - 4/18/2009 9:14:39 PM | Computer Name = SAC-JCL8WD1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 4/18/2009 9:16:22 PM | Computer Name = SAC-JCL8WD1 | Source = MsiInstaller | ID = 11706
Description = Product: Cisco Systems VPN Client 5.0.03.0530 -- Error 1706. No valid
source could be found for product Cisco Systems VPN Client 5.0.03.0530. Windows
Installer cannot continue.
Error - 4/18/2009 9:45:31 PM | Computer Name = SAC-JCL8WD1 | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.14.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ OSession Events ]
Error - 10/23/2008 6:29:32 PM | Computer Name = SAC-JCL8WD1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10949
seconds with 180 seconds of active time. This session ended with a crash.
Error - 12/8/2008 12:09:28 PM | Computer Name = SAC-JCL8WD1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4938
seconds with 1320 seconds of active time. This session ended with a crash.
Error - 3/31/2009 10:37:53 AM | Computer Name = SAC-JCL8WD1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 327
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 4/18/2009 8:01:38 PM | Computer Name = SAC-JCL8WD1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 120 minutes. NtpClient has no source of accurate
time.
Error - 4/18/2009 8:44:02 PM | Computer Name = SAC-JCL8WD1 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Error - 4/18/2009 8:44:08 PM | Computer Name = SAC-JCL8WD1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain TAIC due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.
Error - 4/18/2009 8:44:33 PM | Computer Name = SAC-JCL8WD1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 4/18/2009 8:44:58 PM | Computer Name = SAC-JCL8WD1 | Source = Service Control Manager | ID = 7024
Description = The Symantec SPBBCSvc service terminated with service-specific error
4294967295 (0xFFFFFFFF).
Error - 4/18/2009 8:59:33 PM | Computer Name = SAC-JCL8WD1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.
Error - 4/18/2009 9:13:56 PM | Computer Name = SAC-JCL8WD1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain TAIC due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.
Error - 4/18/2009 9:14:20 PM | Computer Name = SAC-JCL8WD1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 4/18/2009 9:14:46 PM | Computer Name = SAC-JCL8WD1 | Source = Service Control Manager | ID = 7024
Description = The Symantec SPBBCSvc service terminated with service-specific error
4294967295 (0xFFFFFFFF).
Error - 4/18/2009 9:29:21 PM | Computer Name = SAC-JCL8WD1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.
< End of report >