Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Security Tool, Vundo (&others?) - almost gone - need help finishin

Started by RobBB , Oct 13 2009 10:28 PM

  • This topic is locked This topic is locked

#1
RobBB
Posted 13 October 2009 - 10:28 PM

RobBB

    Member

  • Member
  • PipPip
  • 11 posts
Hello Geeks to Go -

I’ve tried to chunk this post so that it can be navigated easily and any irrelevant info can be easily skipped over. Each section begins with a heading.

PLEASE NOTE -- I have followed all of your prepost malware removal instructions and I've posted the logs at the end of this message if you want to skip my blathering and go right to the logs. I'm not sure what info might be relevant to you.

The Bottom Line -
I had Security Tool and I believe Vundo. I think I’m semi-under control but I just don’t have the competence to finish the job. My computer is running great now and I don't appear to be reinfecting but I doubt that I'm all done.


What I Know About My Computer –
Not a whole lot, but I do know that messing with things I’m unsure of in the registry can be a disaster. As can blindly deleting files, especially .dll files. I’m quite confident that I haven’t done anything to severely harm my system.


What Happened First and What I Did About It -
I got the Security Tool virus. It’s a fake malware-removal scam – you're no doubt familiar with it. I did some quick research and took the following actions:

1. Copied the task manager and in this way was able to open the copy and kill the virus processes (After reading in numerous different places about this). It uses a random string of numbers in its file name, i.e. 88798444.exe. IF there’s one thing that’s easy about this (and there’s probably just this one) when you sort a folder or the Task Manager by the file name, it’s nice that the malware’s number-string name comes right to the top.

2. I ran Windows Defender, which seemed to get it (little did I know). I used my computer for awhile thinking I was clean and after a while it struck again. I repeated step 1.

3. I hunted on the internet and bought and downloaded SpywareDoctor which promised to completely kill it. It found 2 files associated with it and I removed them. My suspicions were quickly confirmed that it wasn’t gone by any stretch.

4. Each time it came back I killed the process as in step 1 while continuing to research.

5. I now deleted it manually out of
C:\Documents and Settings\All Users\Application Data (also, I now hunted the [file name].exe using Search
and deleted it everywhere I found it – (as I recall, Programs and Prefetch folders, etc.)

6. I also deleted the following registry values (again after reading in multiple places about this):
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\[file name]

And I’m pretty sure I found it here and deleted this one also
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[file name]

I’m certain I only deleted registry entries that were associated with the malware. One mistake I clearly made was not writing everything down and I’ll do that going forward.

Below is a List of the malicious dll’s (well, at least the ones I've identified) that were in the System32 Folder before I managed to deleted them. It appears that they're all gone now. They wouldn't allow me to delete them. I accidentally discovered that after removing the registry key, they vanished when I created a folder in the System32 folder and moved them to it.

tuhemoye.dll
jubawiro.dll
sizobigo.dll
bijotozu.dll
makezimu.dll
lasozodi.dll
hekeyapi.dll
rewuguti.dll
bihomimo.dll
suyawewe.dll
gigijomo.dll

The one thing I'm still seeing is in the System Configuration Utility on the Startup tab where the following item still appears:

Startup Item: Rundll32
Command: Rundll32.exe "lasozodi.dll",s
Location: SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I have the Selective Startup option checked on the General tab and I have this item unchecked on the Startup tab.

Originally I had two of these and at one point earlier in the process, I checked the similar one that had a command: Rundll32.exe "rewuguti.dll", and when I restarted my computer, I got a messaged that rewuguti.dll could not be found and it disappeared from the list altogether.

However, when I went to do the same thing to the item listed above, when I restarted my computer it put the item back in the registry (with the name zakulifiw)and restored 5 of the malicious dll's. So I redeleted the register key and directly deleted the dll's (which I was able to do without getting the deletion error that previously disallowed deletion) and unchecked it.

Thank you for any help you can give - Rob.



---------------------------------------------------------------------------------
Here are the logs:



Malwarebytes' Anti-Malware 1.41
Database version: 2955
Windows 5.1.2600 Service Pack 3

10/13/2009 9:44:30 PM
mbam-log-2009-10-13 (21-44-30).txt

Scan type: Quick Scan
Objects scanned: 106045
Time elapsed: 5 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------------------------------------------------------------------------

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/13 22:44
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8D00000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B0C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8118000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf73c2d72

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf73a39a6

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf73a3b98

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf73c3568

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf73c3820

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf73c1a80

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf73c3c8a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf73c3036

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf73a3656

==EOF==


-----------------------------------------------------------------------------------



OTL Extras logfile created on: 10/13/2009 10:50:05 PM - Run 1
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Rob Brebbia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.05 Mb Total Physical Memory | 325.59 Mb Available Physical Memory | 32.11% Memory free
2.38 Gb Paging File | 1.78 Gb Available in Paging File | 74.78% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 51.32 Gb Free Space | 68.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RBREBBIA
Current User Name: Rob Brebbia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Schwab\SSPro\SSPro.exe" = C:\Program Files\Schwab\SSPro\SSPro.exe:*:Enabled:StreetSmart Pro® -- (Charles Schwab & Co., Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" = C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe:*:Enabled:QBCFMonitorService -- (Intuit)
"C:\WINDOWS\system32\wbem\wmiadap.exe" = C:\WINDOWS\system32\wbem\wmiadap.exe:*:Enabled:WMIADAP -- (Microsoft Corporation)
"C:\WINDOWS\system32\wbem\wmiprvse.exe" = C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse -- (Microsoft Corporation)
"C:\Program Files\Spyware Doctor\pctsAuxs.exe" = C:\Program Files\Spyware Doctor\pctsAuxs.exe:*:Enabled:pctsAuxs -- (PC Tools)
"C:\Program Files\Spyware Doctor\pctsSvc.exe" = C:\Program Files\Spyware Doctor\pctsSvc.exe:*:Enabled:pctsSvc -- (PC Tools)
"C:\Program Files\Windows Defender\MsMpEng.exe" = C:\Program Files\Windows Defender\MsMpEng.exe:*:Enabled:MsMpEng -- (Microsoft Corporation)
"C:\WINDOWS\system32\BCMWLTRY.EXE" = C:\WINDOWS\system32\BCMWLTRY.EXE:*:Enabled:bcmwltry -- (Dell Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}" = NTRU Hybrid TSS v2.0.25
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{36C33FBC-58EA-4D4C-A89A-A3BB9357EFD7}" = MobilePre
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{3B0819D0-501C-47A1-8122-84800ACD5F41}" = Linksys EasyLink Advisor
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{57BADDF0-859A-47BC-8940-143E9F3F5629}" = Pure Networks Platform
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{664708B3-C730-11D5-ADE7-00B0D07D157A}" = StreetSmart Pro
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8CE90089-DCC9-4393-A535-802072333C35}" = Preboot Manager
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE365801-FB4B-49D7-87D2-9477EE371F1C}" = D1300_Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C13F11D1-00BA-44DF-B626-35E1C03F85E5}" = D1300
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software
"{D648B20B-A789-407E-8CA4-9BDDBBE342C8}" = upekmsi
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F2B8F8EE-4811-4A28-9305-6640CD007115}" = Wave Infrastructure Installer
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.2 Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Photo Printer 720" = Dell Photo Printer 720
"ERUNT_is1" = ERUNT 1.1j
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{3B0819D0-501C-47A1-8122-84800ACD5F41}" = Linksys EasyLink Advisor
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Live 6.0.1" = Live 6.0.1
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Quicken WillMaker Plus 2008" = Quicken WillMaker Plus 2008
"RealPlayer 6.0" = RealPlayer
"SearchAssist" = SearchAssist
"Spyware Doctor" = Spyware Doctor 6.1
"Surveyor_is1" = Surveyor 1.0.74.182
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Rob Brebbia

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2009 10:00:05 AM | Computer Name = RBREBBIA | Source = QuickBooks | ID = 4
Description =

Error - 10/13/2009 10:00:05 AM | Computer Name = RBREBBIA | Source = QuickBooks | ID = 4
Description =

Error - 10/13/2009 10:00:05 AM | Computer Name = RBREBBIA | Source = QuickBooks | ID = 4
Description =

Error - 10/13/2009 1:01:13 PM | Computer Name = RBREBBIA | Source = QuickBooks | ID = 4
Description =

Error - 10/13/2009 1:01:13 PM | Computer Name = RBREBBIA | Source = QuickBooks | ID = 4
Description =

Error - 10/13/2009 1:01:13 PM | Computer Name = RBREBBIA | Source = QuickBooks | ID = 4
Description =

Error - 10/13/2009 1:17:52 PM | Computer Name = RBREBBIA | Source = QuickBooks | ID = 4
Description =

Error - 10/13/2009 1:17:52 PM | Computer Name = RBREBBIA | Source = QuickBooks | ID = 4
Description =

Error - 10/13/2009 1:17:52 PM | Computer Name = RBREBBIA | Source = QuickBooks | ID = 4
Description =

Error - 10/13/2009 10:13:27 PM | Computer Name = RBREBBIA | Source = NativeWrapper | ID = 5000
Description =

[ System Events ]
Error - 10/13/2009 11:55:49 AM | Computer Name = RBREBBIA | Source = Service Control Manager | ID = 7034
Description = The FLEXnet Licensing Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 10/13/2009 11:55:50 AM | Computer Name = RBREBBIA | Source = Service Control Manager | ID = 7031
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 0 milliseconds: Restart the service.

Error - 10/13/2009 11:55:54 AM | Computer Name = RBREBBIA | Source = Service Control Manager | ID = 7034
Description = The Messenger Sharing Folders USN Journal Reader service service terminated
unexpectedly. It has done this 1 time(s).

Error - 10/13/2009 12:00:34 PM | Computer Name = RBREBBIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/13/2009 12:46:35 PM | Computer Name = RBREBBIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/13/2009 12:52:03 PM | Computer Name = RBREBBIA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 001A922435E1 has been denied by the DHCP server 192.168.5.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/13/2009 5:34:09 PM | Computer Name = RBREBBIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/13/2009 5:36:30 PM | Computer Name = RBREBBIA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.5.108 for the Network Card with network
address 001A922435E1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/13/2009 9:46:34 PM | Computer Name = RBREBBIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/13/2009 10:13:33 PM | Computer Name = RBREBBIA | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).


< End of report >



---------------------------------------------------------------------------------------





OTL logfile created on: 10/13/2009 10:50:05 PM - Run 1
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Rob Brebbia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.05 Mb Total Physical Memory | 325.59 Mb Available Physical Memory | 32.11% Memory free
2.38 Gb Paging File | 1.78 Gb Available in Paging File | 74.78% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 51.32 Gb Free Space | 68.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RBREBBIA
Current User Name: Rob Brebbia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/13 22:48:15 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Brebbia\Desktop\OTL.exe
PRC - [2009/09/16 20:33:46 | 00,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/09/16 19:22:08 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/12/03 08:48:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/03 08:48:55 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
PRC - [2008/12/03 08:48:55 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/09/10 12:00:00 | 00,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/07/29 23:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2008/07/25 13:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/03/28 19:49:43 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/03/28 19:49:43 | 00,110,592 | RHS- | M] (Linksys LLC - A Division of Cisco Systems) -- C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
PRC - [2008/01/11 20:54:31 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/01/08 17:20:44 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/01/08 17:20:44 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2007/11/01 15:41:47 | 00,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
PRC - [2007/10/11 21:03:10 | 00,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007/02/08 21:20:02 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2006/11/22 19:35:50 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\WLTRAY.exe
PRC - [2006/11/22 19:35:50 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2006/11/22 19:32:58 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2006/11/03 20:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 20:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/08/28 23:57:12 | 00,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/06/12 12:01:14 | 00,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
PRC - [2006/05/16 14:35:08 | 00,102,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
PRC - [2006/05/15 21:19:00 | 00,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe
PRC - [2006/03/24 18:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/02/19 02:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2006/01/30 19:11:48 | 00,192,512 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
PRC - [2005/12/13 18:45:00 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2005/12/13 18:41:08 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/12/13 18:41:00 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2005/12/09 22:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2005/11/09 16:32:06 | 00,091,136 | ---- | M] (M-Audio, an Avid Technology, Inc. company) -- C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
PRC - [2005/10/07 14:13:38 | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 16:41:08 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2005/06/15 15:00:40 | 00,049,152 | ---- | M] (M-Audio) -- C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
PRC - [2004/06/28 23:56:12 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\HidFind.exe
PRC - [2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2004/03/04 11:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE
PRC - [2003/10/29 04:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/21 01:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2003/05/21 01:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2003/05/21 01:21:18 | 00,090,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (GoogleDesktopManager [On_Demand | Stopped])
SRV - [2009/10/07 10:25:59 | 00,348,824 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])
SRV - [2009/09/16 19:22:08 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
SRV - [2008/12/03 08:48:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/07/29 23:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
SRV - [2008/07/29 21:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 21:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 13:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running])
SRV - [2008/07/25 13:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/28 19:49:43 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater [Auto | Running])
SRV - [2008/01/08 17:20:44 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/05/24 07:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2007/02/08 21:20:02 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2006/11/22 19:35:50 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/11/03 20:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/06/12 12:01:14 | 00,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe -- (tcsd_win32.exe [Auto | Running])
SRV - [2006/05/15 21:19:00 | 00,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr2 [Auto | Running])
SRV - [2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Running])
SRV - [2005/06/15 15:00:40 | 00,049,152 | ---- | M] (M-Audio) -- C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe -- (MobilePreInstallerService [Auto | Running])
SRV - [2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/05/21 01:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server [Auto | Running])
SRV - [2003/05/21 01:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070201
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070201

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070201
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.wellsfargo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2007/11/01 15:41:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/03 08:48:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 19:40:15 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {76fc04d8-b5d2-42a0-b5b8-5d09107e2815} - File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe (M-Audio, an Avid Technology, Inc. company)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe (Lexmark)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\NetWaiting.exe File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Linksys EasyLink Advisor.lnk = C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlm.tools.aka...vex-2.2.0.5.cab (DownloadManager Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1255485598187 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wxvault.dll) - C:\WINDOWS\System32\wxvault.dll ()
O20 - AppInit_DLLs: (makezimu.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\rewuguti.dll) - C:\WINDOWS\System32\rewuguti.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\tuhemoye.dll) - C:\WINDOWS\System32\tuhemoye.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\bihomimo.dll) - C:\WINDOWS\System32\bihomimo.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll ()
O21 - SSODL: hamejoguw - {890e65cb-2098-4c60-86a6-7317259a4ddd} - C:\WINDOWS\System32\rewuguti.dll File not found
O21 - SSODL: kiwejogop - {04986351-0e1c-40e6-a441-0f90203ab917} - C:\WINDOWS\System32\bihomimo.dll File not found
O21 - SSODL: muhozipan - {015af6a9-9c44-43a3-9aba-3652ff98e756} - C:\WINDOWS\System32\rewuguti.dll File not found
O21 - SSODL: pijefigar - {fc2cd09f-c349-4b68-8bac-7a13640aab59} - C:\WINDOWS\System32\jubawiro.dll File not found
O21 - SSODL: pukoreloh - {666d260c-d41c-4295-a74c-cd1af70ffcb5} - C:\WINDOWS\System32\rewuguti.dll File not found
O21 - SSODL: suvovawim - {45e156b1-b72b-4e71-b6a8-146e6a904017} - C:\WINDOWS\System32\rewuguti.dll File not found
O21 - SSODL: tijekodug - {5dfe4b34-2065-4c79-a512-29925b42c78a} - C:\WINDOWS\System32\rewuguti.dll File not found
O21 - SSODL: womigunuz - {0f4826cb-466d-4b0e-b8bc-79291fa548e9} - C:\WINDOWS\System32\rewuguti.dll File not found
O21 - SSODL: wowikoper - {ea0ae34a-6cf6-4c9f-b6b7-781dc252bd70} - C:\WINDOWS\System32\bihomimo.dll File not found
O22 - SharedTaskScheduler: {015af6a9-9c44-43a3-9aba-3652ff98e756} - kupuhivus - C:\WINDOWS\System32\rewuguti.dll File not found
O22 - SharedTaskScheduler: {04986351-0e1c-40e6-a441-0f90203ab917} - gahurihor - C:\WINDOWS\System32\bihomimo.dll File not found
O22 - SharedTaskScheduler: {0f4826cb-466d-4b0e-b8bc-79291fa548e9} - jugezatag - C:\WINDOWS\System32\rewuguti.dll File not found
O22 - SharedTaskScheduler: {45e156b1-b72b-4e71-b6a8-146e6a904017} - kupuhivus - C:\WINDOWS\System32\rewuguti.dll File not found
O22 - SharedTaskScheduler: {5dfe4b34-2065-4c79-a512-29925b42c78a} - gahurihor - C:\WINDOWS\System32\rewuguti.dll File not found
O22 - SharedTaskScheduler: {666d260c-d41c-4295-a74c-cd1af70ffcb5} - kupuhivus - C:\WINDOWS\System32\rewuguti.dll File not found
O22 - SharedTaskScheduler: {890e65cb-2098-4c60-86a6-7317259a4ddd} - tokatiluy - C:\WINDOWS\System32\rewuguti.dll File not found
O22 - SharedTaskScheduler: {ea0ae34a-6cf6-4c9f-b6b7-781dc252bd70} - jugezatag - C:\WINDOWS\System32\bihomimo.dll File not found
O22 - SharedTaskScheduler: {fc2cd09f-c349-4b68-8bac-7a13640aab59} - gahurihor - C:\WINDOWS\System32\jubawiro.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c948121b-9569-11dd-93d3-00188bb499d2}\Shell - "" = AutoRun
O33 - MountPoints2\{c948121b-9569-11dd-93d3-00188bb499d2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c948121b-9569-11dd-93d3-00188bb499d2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e8d4c910-b72a-11dd-940f-00188bb499d2}\Shell - "" = AutoRun
O33 - MountPoints2\{e8d4c910-b72a-11dd-940f-00188bb499d2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e8d4c910-b72a-11dd-940f-00188bb499d2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/13 19:03:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/07 10:01:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/07 10:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/13 19:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rob Brebbia\Application Data\Malwarebytes
[2009/10/07 10:01:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rob Brebbia\Application Data\PC Tools
[2009/10/07 07:50:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rob Brebbia\Local Settings\Application Data\Scansoft
[2009/10/07 10:01:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/13 12:08:05 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/13 19:03:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/07 10:01:40 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/10/13 22:48:09 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob Brebbia\Desktop\OTL.exe
[2009/10/13 22:42:13 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Rob Brebbia\Desktop\RootRepeal.exe
[2009/10/13 19:03:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/13 19:03:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/13 19:02:16 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rob Brebbia\Desktop\mbam-setup.exe
[2009/10/13 12:14:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/13 12:06:08 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Rob Brebbia\Desktop\erunt_setup.exe
[2009/10/13 12:05:02 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Rob Brebbia\Desktop\SysRestorePoint.exe
[2009/10/13 11:54:36 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob Brebbia\Desktop\TFC.exe
[2009/10/13 07:36:25 | 00,000,000 | ---D | C] -- C:\_Malicious Files toNuke
[2009/10/13 00:36:18 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/10/08 12:25:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/10/07 10:02:08 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/10/07 10:02:00 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/10/07 10:02:00 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/10/07 10:01:53 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys

========== Files - Modified Within 14 Days ==========

[2009/10/13 22:48:15 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Brebbia\Desktop\OTL.exe
[2009/10/13 22:43:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Rob Brebbia\Desktop\settings.dat
[2009/10/13 22:42:18 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Rob Brebbia\Desktop\RootRepeal.exe
[2009/10/13 22:39:29 | 00,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/13 22:39:29 | 00,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/13 22:39:28 | 00,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/13 22:37:36 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/13 22:34:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/13 22:34:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/13 22:34:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/13 22:34:20 | 10,633,78944 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/13 22:32:07 | 00,049,664 | ---- | M] () -- C:\Documents and Settings\Rob Brebbia\My Documents\Failed_MS_Updates.doc
[2009/10/13 22:31:12 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Rob Brebbia\Desktop\Microsoft Office Word 2003.lnk
[2009/10/13 22:22:56 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/13 19:03:29 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/13 19:02:24 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rob Brebbia\Desktop\mbam-setup.exe
[2009/10/13 17:36:12 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Rob Brebbia\Desktop\Microsoft Office Outlook 2003.lnk
[2009/10/13 13:50:10 | 04,646,780 | -H-- | M] () -- C:\Documents and Settings\Rob Brebbia\Local Settings\Application Data\IconCache.db
[2009/10/13 12:08:07 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Rob Brebbia\Desktop\NTREGOPT.lnk
[2009/10/13 12:08:07 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Rob Brebbia\Desktop\ERUNT.lnk
[2009/10/13 12:06:14 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Rob Brebbia\Desktop\erunt_setup.exe
[2009/10/13 12:05:02 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Rob Brebbia\Desktop\SysRestorePoint.exe
[2009/10/13 12:01:28 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/10/13 12:01:27 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/13 12:01:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/13 11:54:40 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob Brebbia\Desktop\TFC.exe
[2009/10/13 08:33:33 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\Rob Brebbia\My Documents\My Sharing Folders.lnk
[2009/10/12 20:29:56 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/12 19:19:45 | 00,000,668 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/10/12 13:41:28 | 00,071,168 | ---- | M] () -- C:\Documents and Settings\Rob Brebbia\My Documents\Virus.Problems2.xls
[2009/10/12 13:38:40 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Rob Brebbia\Desktop\Car_Calcs.xls
[2009/10/12 12:10:35 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Rob Brebbia\Desktop\Microsoft Office Excel 2003.lnk
[2009/10/10 12:14:24 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\rogikewe
[2009/10/10 02:01:36 | 00,073,728 | ---- | M] () -- C:\Documents and Settings\Rob Brebbia\Desktop\Virushelp.doc
[2009/10/10 01:03:26 | 00,431,104 | ---- | M] () -- C:\Documents and Settings\Rob Brebbia\My Documents\Virus_Problems.doc
[2009/10/09 13:09:18 | 00,011,388 | ---- | M] () -- C:\Documents and Settings\Rob Brebbia\My Documents\Registry Editor.pdf
[2009/10/07 15:22:42 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/10/07 15:22:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/10/07 15:04:04 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/10/07 15:04:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/10/07 10:33:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/10/07 10:33:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/10/07 10:01:56 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/10/06 23:58:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/10/06 23:58:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/10/06 19:30:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/10/06 19:30:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/10/06 15:26:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/10/06 15:26:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/10/06 14:51:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/10/06 14:51:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/10/06 14:42:41 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/10/06 14:42:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/10/04 11:13:28 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Rob Brebbia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/01 15:18:50 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Rob Brebbia\Desktop\Money Staff Meeting.doc

========== Files - No Company Name ==========
[2009/10/13 22:43:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Rob Brebbia\Desktop\settings.dat
[2009/10/13 22:32:03 | 00,049,664 | ---- | C] () -- C:\Documents and Settings\Rob Brebbia\My Documents\Failed_MS_Updates.doc
[2009/10/13 19:03:29 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/13 12:08:07 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Rob Brebbia\Desktop\NTREGOPT.lnk
[2009/10/13 12:08:07 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Rob Brebbia\Desktop\ERUNT.lnk
[2009/10/12 13:38:40 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Rob Brebbia\Desktop\Car_Calcs.xls
[2009/10/12 10:34:28 | 00,071,168 | ---- | C] () -- C:\Documents and Settings\Rob Brebbia\My Documents\Virus.Problems2.xls
[2009/10/10 10:50:55 | 10,633,78944 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/09 23:31:30 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/09 15:26:42 | 00,073,728 | ---- | C] () -- C:\Documents and Settings\Rob Brebbia\Desktop\Virushelp.doc
[2009/10/09 13:09:18 | 00,011,388 | ---- | C] () -- C:\Documents and Settings\Rob Brebbia\My Documents\Registry Editor.pdf
[2009/10/08 20:12:34 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\rogikewe
[2009/10/08 15:32:09 | 00,431,104 | ---- | C] () -- C:\Documents and Settings\Rob Brebbia\My Documents\Virus_Problems.doc
[2009/10/07 10:02:00 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/10/07 10:01:56 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/09/04 23:42:05 | 00,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/09/04 23:40:45 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/09/04 23:40:45 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/09/04 23:40:42 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/09/04 23:34:55 | 00,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/05/17 20:59:07 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\Rob Brebbia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/01 22:23:06 | 04,646,780 | -H-- | C] () -- C:\Documents and Settings\Rob Brebbia\Local Settings\Application Data\IconCache.db
[2007/09/19 11:49:14 | 00,002,401 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/09/19 11:49:01 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/08/11 17:21:24 | 00,000,668 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/08/11 17:21:01 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2007/08/11 17:21:01 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2007/05/17 12:30:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/02/08 07:09:03 | 00,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2007/02/06 21:22:54 | 00,018,328 | ---- | C] () -- C:\Documents and Settings\Rob Brebbia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/02/06 21:22:54 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Rob Brebbia\Local Settings\Application Data\fusioncache.dat
[2007/02/06 21:22:54 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Rob Brebbia\Application Data\desktop.ini
[2007/02/01 03:00:03 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/02/01 02:56:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/01 02:51:32 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2007/02/01 02:51:32 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2007/02/01 02:47:03 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/02/01 02:47:02 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/02/01 02:27:12 | 00,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/06/12 12:01:18 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2006/06/12 12:01:18 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2006/06/12 12:01:18 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2006/06/12 12:01:18 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2006/06/12 12:01:18 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2006/06/12 12:01:18 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2006/06/12 12:01:18 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2006/06/12 12:01:16 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2006/05/22 10:37:36 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/05/22 10:32:12 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/05/22 10:32:06 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/05/22 10:32:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/05/22 10:31:52 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/05/22 10:31:46 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/05/22 10:31:38 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/05/22 10:31:32 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/05/22 10:31:26 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/05/22 10:31:18 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/05/22 10:31:12 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/05/16 14:34:22 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2006/05/16 14:33:06 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/05/15 21:08:42 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/05/15 20:52:12 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2006/05/15 20:52:02 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2006/05/15 20:51:52 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2006/05/15 20:51:42 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2006/05/15 20:51:34 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2006/05/15 20:51:24 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2006/05/15 20:51:16 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2006/05/15 20:51:06 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2006/05/15 20:50:56 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2006/05/15 20:50:46 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2005/12/01 16:41:20 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2005/09/20 15:36:06 | 00,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2004/08/11 19:24:19 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:07:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/11 19:00:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 19:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/07/21 17:03:14 | 00,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 16:27:52 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/03/18 20:01:20 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2003/05/21 01:19:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/10/13 19:03:24 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/03 16:24:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2008/03/15 18:21:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/08/21 18:50:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/03/16 09:58:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/10/10 22:44:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2008/10/10 22:28:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2004/08/11 19:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/10/13 18:22:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/02/01 02:51:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2008/10/07 09:53:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/13 19:03:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Rob Brebbia\Application Data
[2009/01/03 16:24:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Brebbia\Application Data\Ableton
[2007/02/06 22:10:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Brebbia\Application Data\CyberLink
[2008/03/15 18:13:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Brebbia\Application Data\Download Manager
[2007/09/21 08:50:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Brebbia\Application Data\Image Zone Express
[2007/02/08 07:08:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Brebbia\Application Data\Intuit
[2007/09/21 08:50:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Brebbia\Application Data\Printer Info Cache
[2009/10/07 20:14:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Brebbia\Application Data\U3
[2009/10/13 08:31:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rob Brebbia\Application Data\Wave Systems Corp
[2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/13 22:37:36 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/10/13 22:34:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

Advertisements

#2
CatByte
Posted 16 October 2009 - 11:37 AM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Hi,

Please do the following:

Download ComboFix from either of these locations:
Link 1
Link 2


VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
RobBB
Posted 16 October 2009 - 02:15 PM

RobBB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thank you so much for responding. I am way out of my league on this one.

Malwarebytes has since found some of the infection and once it cleared up a malicious disable command, my Symantec antivirus found a slews of files and deleted them. Would you like to see new logs? Or should I just proceed with your instructions?

I need to leave, but I'll be back on late tonight (Friday Oct 16th, Eastern time zone).
  • 0

#4
CatByte
Posted 16 October 2009 - 03:02 PM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Hi,

Please just follow my instructions at the moment.

Please don't run any further scans unless I request them

Thank-you
  • 0

#5
RobBB
Posted 16 October 2009 - 08:53 PM

RobBB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
My computer appears to be running even better still - like it did when it was new.


Here's the combofix log:


ComboFix 09-10-16.08 - Rob Brebbia 10/16/2009 22:14.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.405 [GMT -4:00]
Running from: c:\documents and settings\Rob Brebbia\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\MyWebEx
c:\windows\Downloaded Program Files\MyWebEx\419\atarm.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atas32.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atasanot.exe
c:\windows\Downloaded Program Files\MyWebEx\419\atasctrl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atasnt40.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atcarmcl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atdl2006.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atjpeg60.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atkbctl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atlchat.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atmemmgr.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atnetext.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atpack.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atres.dll
c:\windows\Downloaded Program Files\MyWebEx\419\attp.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atwbxui6.dll
c:\windows\Downloaded Program Files\MyWebEx\419\h264dec.dll
c:\windows\Downloaded Program Files\MyWebEx\419\h264enc.dll
c:\windows\Downloaded Program Files\MyWebEx\419\ieatgpc.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mmssl32.dll
c:\windows\Downloaded Program Files\MyWebEx\419\msess.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mticket.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mutiltpd.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mvc.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwm.ini
c:\windows\Downloaded Program Files\MyWebEx\419\mwmcliun.exe
c:\windows\Downloaded Program Files\MyWebEx\419\mwmproxy.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmres.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmtrace.txt
c:\windows\Downloaded Program Files\MyWebEx\419\mwmupd.exe
c:\windows\Downloaded Program Files\MyWebEx\419\ratrace.dll
c:\windows\Downloaded Program Files\MyWebEx\419\raurl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\uilibres.dll
c:\windows\Downloaded Program Files\MyWebEx\419\wbxcrypt.dll
c:\windows\Downloaded Program Files\MyWebEx\419\webexmgr.dll
c:\windows\Installer\102d34.msp
c:\windows\Installer\16315.msp
c:\windows\Installer\1759f7c.msp
c:\windows\Installer\1759f8c.msp
c:\windows\Installer\1759f9d.msp
c:\windows\Installer\1da8d9.msp
c:\windows\Installer\1f915e7.msp
c:\windows\Installer\2581900.msp
c:\windows\Installer\2af8eb.msp
c:\windows\Installer\2b24fb0.msp
c:\windows\Installer\2e2133.msp
c:\windows\Installer\30e46ff.msp
c:\windows\Installer\30e470f.msp
c:\windows\Installer\30e4720.msp
c:\windows\Installer\30e4731.msp
c:\windows\Installer\3765b58.msp
c:\windows\Installer\3bd74.msp
c:\windows\Installer\3bd85.msp
c:\windows\Installer\3bd9b.msp
c:\windows\Installer\3bdac.msp
c:\windows\Installer\3c55ca0.msp
c:\windows\Installer\3c55cb8.msp
c:\windows\Installer\3c55cc9.msp
c:\windows\Installer\3c55cda.msp
c:\windows\Installer\45f027d.msp
c:\windows\Installer\546718f.msp
c:\windows\Installer\5c8747.msp
c:\windows\Installer\88c499.msp
c:\windows\Installer\88c4aa.msp
c:\windows\Installer\88c4bb.msp
c:\windows\Installer\8b2d9b2.msp
c:\windows\Installer\8b2d9c2.msp
c:\windows\Installer\95b7f0.msp
c:\windows\Installer\95b801.msp
c:\windows\Installer\95b812.msp
c:\windows\Installer\95b823.msp
c:\windows\Installer\95b834.msp
c:\windows\Installer\95b846.msp
c:\windows\Installer\95b858.msp
c:\windows\Installer\95b882.msp
c:\windows\Installer\95b883.msp
c:\windows\Installer\95b895.msp
c:\windows\Installer\95b8a6.msp
c:\windows\Installer\95b8b7.msp
c:\windows\Installer\95b8c8.msp
c:\windows\Installer\9a7c.msp
c:\windows\system32\bszip.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.

2009-10-13 23:03 . 2009-10-13 23:03 -------- d-----w- c:\documents and settings\Rob Brebbia\Application Data\Malwarebytes
2009-10-13 23:03 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-13 23:03 . 2009-10-13 23:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-13 23:03 . 2009-10-13 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-13 23:03 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-13 16:08 . 2009-10-13 16:08 -------- d-----w- c:\program files\ERUNT
2009-10-13 04:36 . 2009-10-13 04:36 -------- d-----w- C:\VundoFix Backups
2009-10-07 17:56 . 2008-04-14 00:12 135680 ----a-w- c:\windows\system32\Copy of taskmgr.exe
2009-10-07 14:02 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-07 14:02 . 2009-08-24 18:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-07 14:02 . 2009-08-19 15:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-07 14:01 . 2009-10-07 14:02 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-07 14:01 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-07 14:01 . 2009-10-07 20:45 -------- d-----w- c:\program files\Spyware Doctor
2009-10-07 14:01 . 2009-10-07 14:01 -------- d-----w- c:\documents and settings\Rob Brebbia\Application Data\PC Tools
2009-10-07 14:01 . 2009-10-07 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-07 14:01 . 2009-10-13 22:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-07 11:50 . 2009-10-07 11:50 -------- d-----w- c:\documents and settings\Rob Brebbia\Local Settings\Application Data\Scansoft
2009-10-02 21:23 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 02:23 . 2007-09-14 17:13 -------- d-----w- c:\documents and settings\Rob Brebbia\Application Data\Wave Systems Corp
2009-10-16 03:54 . 2009-08-19 23:46 501264 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-14 20:01 . 2008-11-28 18:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-11 23:30 . 2007-02-01 06:56 -------- d-----w- c:\program files\Google
2009-10-08 00:14 . 2007-02-16 13:01 -------- d-----w- c:\documents and settings\Rob Brebbia\Application Data\U3
2009-10-06 18:34 . 2007-02-01 06:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 05:37 . 2004-08-11 23:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-11 23:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-11 23:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 03:45 . 2007-02-01 06:59 30032 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-05 03:42 . 2009-09-05 03:41 65 ----a-w- c:\windows\system32\bd7840w.dat
2009-09-05 03:33 . 2009-09-05 03:33 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-09-05 03:33 . 2007-02-01 06:47 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-05 03:33 . 2009-09-05 03:33 -------- d-----w- c:\program files\ScanSoft
2009-09-04 21:03 . 2004-08-11 23:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2004-08-11 23:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-21 22:50 . 2007-02-09 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-06 23:24 . 2004-08-11 23:12 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-11 23:12 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-11 23:12 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-11 23:12 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-11 23:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-11 23:12 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-04-15 15:43 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2004-08-11 23:12 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2005-05-26 08:19 215904 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2004-08-11 23:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2004-08-11 23:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 04:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-30 23:10 . 2008-11-21 12:36 276352 ------w- c:\windows\system32\XceedSco.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-05-16 102400]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-01-09 36864]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-01 185632]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 451896]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2005-11-09 91136]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-2-1 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-1-30 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Linksys EasyLink Advisor.lnk - c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe [2008-3-28 110592]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-10 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Schwab\\SSPro\\SSPro.exe"=
"c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBCFMonitorService.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiadap.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Spyware Doctor\\pctsAuxs.exe"=
"c:\\Program Files\\Spyware Doctor\\pctsSvc.exe"=
"c:\\Program Files\\Windows Defender\\MsMpEng.exe"=
"c:\\WINDOWS\\system32\\BCMWLTRY.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/7/2009 10:02 AM 206256]
R2 MobilePreInstallerService;MobilePre Installer;c:\program files\M-Audio\MobilePre\Install\MPInst.exe [1/3/2009 3:27 PM 49152]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [3/28/2008 7:49 PM 204800]
S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [6/15/2004 4:55 PM 7882]
S3 ma763004;M-Audio MobilePre USB;c:\windows\system32\drivers\MA763004.sys [1/3/2009 3:27 PM 32000]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/7/2009 10:01 AM 348824]
.
Contents of the 'Scheduled Tasks' folder

2009-10-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.wellsfargo.com/
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=ShNo-QwxVGgTVJQNUjcohI9O3C8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

BHO-{76fc04d8-b5d2-42a0-b5b8-5d09107e2815} - hekeyapi.dll
HKCU-Run-ModemOnHold - c:\program files\NetWaiting\NetWaiting.exe
SharedTaskScheduler-{666d260c-d41c-4295-a74c-cd1af70ffcb5} - c:\windows\system32\rewuguti.dll
SharedTaskScheduler-{0f4826cb-466d-4b0e-b8bc-79291fa548e9} - c:\windows\system32\rewuguti.dll
SharedTaskScheduler-{45e156b1-b72b-4e71-b6a8-146e6a904017} - c:\windows\system32\rewuguti.dll
SharedTaskScheduler-{5dfe4b34-2065-4c79-a512-29925b42c78a} - c:\windows\system32\rewuguti.dll
SharedTaskScheduler-{015af6a9-9c44-43a3-9aba-3652ff98e756} - c:\windows\system32\sizobigo.dll
SharedTaskScheduler-{fc2cd09f-c349-4b68-8bac-7a13640aab59} - c:\windows\system32\jubawiro.dll
SharedTaskScheduler-{890e65cb-2098-4c60-86a6-7317259a4ddd} - c:\windows\system32\rewuguti.dll
SharedTaskScheduler-{04986351-0e1c-40e6-a441-0f90203ab917} - c:\windows\system32\bihomimo.dll
SharedTaskScheduler-{ea0ae34a-6cf6-4c9f-b6b7-781dc252bd70} - c:\windows\system32\bihomimo.dll
SSODL-pukoreloh-{666d260c-d41c-4295-a74c-cd1af70ffcb5} - c:\windows\system32\rewuguti.dll
SSODL-womigunuz-{0f4826cb-466d-4b0e-b8bc-79291fa548e9} - c:\windows\system32\rewuguti.dll
SSODL-suvovawim-{45e156b1-b72b-4e71-b6a8-146e6a904017} - c:\windows\system32\rewuguti.dll
SSODL-tijekodug-{5dfe4b34-2065-4c79-a512-29925b42c78a} - c:\windows\system32\rewuguti.dll
SSODL-muhozipan-{015af6a9-9c44-43a3-9aba-3652ff98e756} - c:\windows\system32\sizobigo.dll
SSODL-pijefigar-{fc2cd09f-c349-4b68-8bac-7a13640aab59} - c:\windows\system32\jubawiro.dll
SSODL-hamejoguw-{890e65cb-2098-4c60-86a6-7317259a4ddd} - c:\windows\system32\rewuguti.dll
SSODL-kiwejogop-{04986351-0e1c-40e6-a441-0f90203ab917} - c:\windows\system32\bihomimo.dll
SSODL-wowikoper-{ea0ae34a-6cf6-4c9f-b6b7-781dc252bd70} - c:\windows\system32\bihomimo.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-16 22:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\pn7.tmp 704896 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(1648)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\scardsvr.exe
c:\windows\system32\LEXPPS.EXE
c:\program files\Wave Systems Corp\common\DataServer.exe
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2009-10-17 22:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-17 02:28

Pre-Run: 54,228,574,208 bytes free
Post-Run: 54,404,513,792 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

325 --- E O F --- 2009-10-16 14:46
  • 0

#6
CatByte
Posted 16 October 2009 - 10:29 PM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.geekstogo.com/forum/Security-Tool-Vundo-andothers-almost-gone-need-help-finishin-t255482.html&view=findpost&p=1662723#entry1662723

Collect::
c:\windows\TEMP\pn7.tmp

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.



NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT


Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


In your next reply please include
  • ComboFix log
  • MBAM Log
  • Kaspersky report

  • 0

#7
RobBB
Posted 17 October 2009 - 03:51 PM

RobBB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here are the requested logs:

ComboFix 09-10-16.08 - Rob Brebbia 10/17/2009 13:26.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.336 [GMT -4:00]
Running from: c:\documents and settings\Rob Brebbia\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rob Brebbia\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.

2009-10-13 23:03 . 2009-10-13 23:03 -------- d-----w- c:\documents and settings\Rob Brebbia\Application Data\Malwarebytes
2009-10-13 23:03 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-13 23:03 . 2009-10-13 23:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-13 23:03 . 2009-10-13 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-13 23:03 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-13 16:08 . 2009-10-13 16:08 -------- d-----w- c:\program files\ERUNT
2009-10-13 04:36 . 2009-10-13 04:36 -------- d-----w- C:\VundoFix Backups
2009-10-07 17:56 . 2008-04-14 00:12 135680 ----a-w- c:\windows\system32\Copy of taskmgr.exe
2009-10-07 14:02 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-07 14:02 . 2009-08-24 18:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-07 14:02 . 2009-08-19 15:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-07 14:01 . 2009-10-07 14:02 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-07 14:01 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-07 14:01 . 2009-10-07 20:45 -------- d-----w- c:\program files\Spyware Doctor
2009-10-07 14:01 . 2009-10-07 14:01 -------- d-----w- c:\documents and settings\Rob Brebbia\Application Data\PC Tools
2009-10-07 14:01 . 2009-10-07 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-07 14:01 . 2009-10-17 16:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-07 11:50 . 2009-10-07 11:50 -------- d-----w- c:\documents and settings\Rob Brebbia\Local Settings\Application Data\Scansoft
2009-10-02 21:23 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 07:28 . 2009-08-19 23:46 501344 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-17 07:27 . 2007-09-14 17:13 -------- d-----w- c:\documents and settings\Rob Brebbia\Application Data\Wave Systems Corp
2009-10-14 20:01 . 2008-11-28 18:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-11 23:30 . 2007-02-01 06:56 -------- d-----w- c:\program files\Google
2009-10-08 00:14 . 2007-02-16 13:01 -------- d-----w- c:\documents and settings\Rob Brebbia\Application Data\U3
2009-10-06 18:34 . 2007-02-01 06:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 05:37 . 2004-08-11 23:00 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-11 23:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-11 23:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 03:45 . 2007-02-01 06:59 30032 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-05 03:42 . 2009-09-05 03:41 65 ----a-w- c:\windows\system32\bd7840w.dat
2009-09-05 03:33 . 2009-09-05 03:33 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-09-05 03:33 . 2007-02-01 06:47 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-05 03:33 . 2009-09-05 03:33 -------- d-----w- c:\program files\ScanSoft
2009-09-04 21:03 . 2004-08-11 23:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2004-08-11 23:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-21 22:50 . 2007-02-09 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-06 23:24 . 2004-08-11 23:12 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-11 23:12 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-11 23:12 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-11 23:12 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-11 23:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-11 23:12 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-04-15 15:43 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2004-08-11 23:12 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2005-05-26 08:19 215904 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2004-08-11 23:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2004-08-11 23:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 04:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-30 23:10 . 2008-11-21 12:36 276352 ------w- c:\windows\system32\XceedSco.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-17_02.23.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 23:00 . 2009-10-17 13:36 72978 c:\windows\system32\perfc009.dat
- 2004-08-11 23:00 . 2009-10-16 12:27 72978 c:\windows\system32\perfc009.dat
+ 2004-08-11 23:00 . 2009-10-17 13:36 445938 c:\windows\system32\perfh009.dat
- 2004-08-11 23:00 . 2009-10-16 12:27 445938 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-05-16 102400]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-01-09 36864]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-01 185632]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 451896]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2005-11-09 91136]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-2-1 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-1-30 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Linksys EasyLink Advisor.lnk - c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe [2008-3-28 110592]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-10 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Schwab\\SSPro\\SSPro.exe"=
"c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBCFMonitorService.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiadap.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Spyware Doctor\\pctsAuxs.exe"=
"c:\\Program Files\\Spyware Doctor\\pctsSvc.exe"=
"c:\\Program Files\\Windows Defender\\MsMpEng.exe"=
"c:\\WINDOWS\\system32\\BCMWLTRY.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/7/2009 10:02 AM 206256]
R2 MobilePreInstallerService;MobilePre Installer;c:\program files\M-Audio\MobilePre\Install\MPInst.exe [1/3/2009 3:27 PM 49152]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [3/28/2008 7:49 PM 204800]
S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [6/15/2004 4:55 PM 7882]
S3 ma763004;M-Audio MobilePre USB;c:\windows\system32\drivers\MA763004.sys [1/3/2009 3:27 PM 32000]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/7/2009 10:01 AM 348824]
.
Contents of the 'Scheduled Tasks' folder

2009-10-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.wellsfargo.com/
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=ShNo-QwxVGgTVJQNUjcohI9O3C8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-17 13:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll

- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(628)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-17 13:36
ComboFix-quarantined-files.txt 2009-10-17 17:36
ComboFix2.txt 2009-10-17 02:28

Pre-Run: 54,358,306,816 bytes free
Post-Run: 54,333,083,648 bytes free

200 --- E O F --- 2009-10-17 07:27

======================================================================================================


Malwarebytes' Anti-Malware 1.41
Database version: 2976
Windows 5.1.2600 Service Pack 3

10/17/2009 2:09:59 PM
mbam-log-2009-10-17 (14-09-59).txt

Scan type: Quick Scan
Objects scanned: 105454
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, October 17, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 17, 2009 20:05:26
Records in database: 3017759
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 113856
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:21:02

No threats found. Scanned area is clean.

Selected area has been scanned.
  • 0

#8
CatByte
Posted 17 October 2009 - 03:53 PM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Please post a fresh DDS and Attach.txt and advise how your computer is running now and if you have any outstanding issues.


Please download DDS from LINK 1 or LINK 2
and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

Edited by CatByte, 17 October 2009 - 03:55 PM.

  • 0

#9
RobBB
Posted 17 October 2009 - 05:34 PM

RobBB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Logs you requested:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/6/2007 8:22:39 PM
System Uptime: 10/17/2009 9:32:11 AM (9 hours ago)

Motherboard: Dell Inc. | | 0FT292
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz | Microprocessor | 1662/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 50.538 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP847: 9/3/2009 12:55:16 PM - Software Distribution Service 3.0
RP848: 9/4/2009 11:15:03 PM - Printer Driver Nuance Image Printer Driver Installed
RP849: 9/4/2009 11:33:09 PM - Installed ScanSoft PaperPort 11
RP850: 9/4/2009 11:35:36 PM - Installed PaperPort Image Printer
RP851: 9/4/2009 11:35:56 PM - Printer Driver Nuance Image Printer Driver Installed
RP852: 9/4/2009 11:50:55 PM - Installed Brother MFL-Pro Suite
RP853: 9/5/2009 1:10:43 PM - System Checkpoint
RP854: 9/6/2009 1:11:46 PM - System Checkpoint
RP855: 9/7/2009 4:05:59 PM - Software Distribution Service 3.0
RP856: 9/9/2009 12:47:51 PM - Installed StreetSmart Pro
RP857: 9/10/2009 5:00:18 AM - Software Distribution Service 3.0
RP858: 9/10/2009 1:46:35 PM - Software Distribution Service 3.0
RP859: 9/11/2009 3:16:23 PM - System Checkpoint
RP860: 9/12/2009 4:42:48 PM - System Checkpoint
RP861: 9/13/2009 5:10:10 PM - System Checkpoint
RP862: 9/14/2009 11:48:39 AM - Software Distribution Service 3.0
RP863: 9/15/2009 3:10:53 PM - System Checkpoint
RP864: 9/16/2009 3:16:29 PM - System Checkpoint
RP865: 9/17/2009 11:58:46 AM - Software Distribution Service 3.0
RP866: 9/20/2009 10:15:44 AM - System Checkpoint
RP867: 9/21/2009 3:00:52 PM - System Checkpoint
RP868: 9/22/2009 12:52:05 PM - Software Distribution Service 3.0
RP869: 9/24/2009 11:06:06 AM - Software Distribution Service 3.0
RP870: 9/26/2009 8:20:30 AM - System Checkpoint
RP871: 9/27/2009 11:07:09 AM - System Checkpoint
RP872: 9/28/2009 11:31:58 AM - System Checkpoint
RP873: 9/29/2009 9:07:39 AM - Software Distribution Service 3.0
RP874: 9/30/2009 9:54:53 AM - System Checkpoint
RP875: 10/1/2009 2:54:04 PM - System Checkpoint
RP876: 10/2/2009 5:23:42 PM - Software Distribution Service 3.0
RP877: 10/3/2009 6:47:44 PM - System Checkpoint
RP878: 10/4/2009 7:16:13 PM - System Checkpoint
RP879: 10/5/2009 9:50:10 AM - Software Distribution Service 3.0
RP880: 10/6/2009 2:34:37 PM - Removed Brother MFL-Pro Suite
RP881: 10/6/2009 7:29:23 PM - Windows Defender Checkpoint
RP882: 10/7/2009 8:41:22 PM - System Checkpoint
RP883: 10/8/2009 9:22:45 PM - System Checkpoint
RP884: 10/9/2009 9:28:53 PM - System Checkpoint
RP885: 10/11/2009 8:03:37 PM - System Checkpoint
RP886: 10/12/2009 9:08:24 PM - System Checkpoint
RP887: 10/13/2009 12:05:29 PM - Automatic Restore Point
RP888: 10/13/2009 10:06:52 PM - Software Distribution Service 3.0
RP889: 10/13/2009 10:09:31 PM - Software Distribution Service 3.0
RP890: 10/14/2009 1:24:45 AM - Software Distribution Service 3.0
RP891: 10/14/2009 1:32:33 AM - Software Distribution Service 3.0
RP892: 10/14/2009 1:41:53 AM - Software Distribution Service 3.0
RP893: 10/14/2009 6:56:33 AM - Software Distribution Service 3.0
RP894: 10/14/2009 7:02:09 AM - Software Distribution Service 3.0
RP895: 10/14/2009 11:20:53 AM - Configured StreetSmart Pro
RP896: 10/14/2009 2:55:44 PM - Software Distribution Service 3.0
RP897: 10/14/2009 6:31:24 PM - Software Distribution Service 3.0
RP898: 10/15/2009 6:56:49 AM - Software Distribution Service 3.0
RP899: 10/15/2009 7:10:22 AM - Software Distribution Service 3.0
RP900: 10/15/2009 7:14:33 AM - Software Distribution Service 3.0
RP901: 10/15/2009 7:16:41 AM - Software Distribution Service 3.0
RP902: 10/15/2009 2:13:49 PM - Software Distribution Service 3.0
RP903: 10/15/2009 3:47:20 PM - Software Distribution Service 3.0
RP904: 10/15/2009 11:53:35 PM - Software Distribution Service 3.0
RP905: 10/16/2009 10:46:15 AM - Software Distribution Service 3.0
RP906: 10/16/2009 10:51:17 AM - Software Distribution Service 3.0
RP907: 10/17/2009 3:00:17 AM - Software Distribution Service 3.0
RP908: 10/17/2009 3:27:41 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat 8.1.2 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11
ALPS Touch Pad Driver
AnswerWorks 5.0 English Runtime
Broadcom Advanced Control Suite
Broadcom TPM Driver Installer
BufferChm
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
D1300
D1300_Help
Dell Embassy Trust Suite by Wave Systems
Dell Photo Printer 720
Dell Support 3.2.1
Dell Wireless WLAN Card
DeviceManagementQFolder
Digital Line Detect
Document Manager Lite
EMBASSY Security Center
EMBASSY Trust Suite by Wave Systems
ERUNT 1.1j
eSupportQFolder
ETS Launch Pad
ETS Upgrade
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Solution Center 7.0
HP Update
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
Intel® Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 10
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Linksys EasyLink Advisor
Live 6.0.1
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Flash Player
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Basic Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobilePre
Modem Helper
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
NTRU Hybrid TSS v2.0.25
PaperPort Image Printer
PowerDVD 5.7
Preboot Manager
Private Information Manager
Pure Networks Platform
QuickBooks Pro 2008
Quicken 2008
Quicken WillMaker Plus 2008
RealPlayer
Rhapsody Player Engine
Roblox for Rob Brebbia
ScanSoft PaperPort 11
SearchAssist
Secure Update
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Wizards
SolutionCenter
Spyware Doctor 6.1
Status
StreetSmart Pro
SupportSoft Assisted Service
Surveyor 1.0.74.182
Symantec AntiVirus Client
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
upekmsi
URL Assistant
Wave Infrastructure Installer
Wave Support Software
WebEx Support Manager for Internet Explorer
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinZip 12.0
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

10/16/2009 10:13:59 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/16/2009 10:13:57 PM, error: Service Control Manager [7034] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).
10/14/2009 6:29:05 PM, error: Dhcp [1002] - The IP address lease 10.95.50.156 for the Network Card with network address 001A922435E1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/14/2009 2:53:50 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001A922435E1 has been denied by the DHCP server 10.95.50.1 (The DHCP Server sent a DHCPNACK message).
10/13/2009 9:46:34 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/13/2009 5:36:30 PM, error: Dhcp [1002] - The IP address lease 192.168.5.108 for the Network Card with network address 001A922435E1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/13/2009 12:52:03 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001A922435E1 has been denied by the DHCP server 192.168.5.1 (The DHCP Server sent a DHCPNACK message).
10/13/2009 11:55:54 AM, error: Service Control Manager [7034] - The Messenger Sharing Folders USN Journal Reader service service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 11:55:50 AM, error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/13/2009 11:55:49 AM, error: Service Control Manager [7034] - The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 11:55:47 AM, error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 11:55:47 AM, error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 11:55:47 AM, error: Service Control Manager [7034] - The NTRU Hybrid TSS v2.0.25 TCS service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 11:55:46 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 11:55:46 AM, error: Service Control Manager [7034] - The MobilePre Installer service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 11:55:46 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 11:55:46 AM, error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 11:55:46 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 11:55:46 AM, error: Service Control Manager [7034] - The DefWatch service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 11:55:45 AM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 11:55:45 AM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 11:55:45 AM, error: Service Control Manager [7034] - The DataSvr2 service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 11:55:45 AM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
10/13/2009 10:13:33 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297).
10/10/2009 10:35:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/10/2009 10:05:50 AM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
10/10/2009 10:05:50 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================





DDS (Ver_09-10-13.01) - NTFSx86
Run by Rob Brebbia at 18:02:25.68 on Sat 10/17/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.581 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Rob Brebbia\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = https://www.wellsfargo.com/
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=ShNo-QwxVGgTVJQNUjcohI9O3C8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\2\printray.exe
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\linksy~1.lnk - c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.0.5.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255485598187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\windows\system32\wxvault.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 wvauth

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-7 206256]
R2 MobilePreInstallerService;MobilePre Installer;c:\program files\m-audio\mobilepre\install\MPInst.exe [2009-1-3 49152]
S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-3-28 204800]
S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [2004-6-15 7882]
S3 ma763004;M-Audio MobilePre USB;c:\windows\system32\drivers\MA763004.sys [2009-1-3 32000]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-7 348824]

=============== Created Last 30 ================

2009-10-16 22:12 <DIR> a-dshr-- C:\cmdcons
2009-10-16 22:06 236,544 a------- c:\windows\PEV.exe
2009-10-16 22:06 161,792 a------- c:\windows\SWREG.exe
2009-10-16 22:06 98,816 a------- c:\windows\sed.exe
2009-10-13 19:03 <DIR> --d----- c:\docume~1\robbre~1\applic~1\Malwarebytes
2009-10-13 19:03 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-13 19:03 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-13 19:03 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-13 19:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-13 00:36 <DIR> --d----- C:\VundoFix Backups
2009-10-08 20:12 11,168 a---h--- c:\windows\system32\rogikewe
2009-10-08 12:25 <DIR> --d----- c:\windows\pss
2009-10-07 13:56 135,680 a------- c:\windows\system32\Copy of taskmgr.exe
2009-10-07 10:02 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-10-07 10:02 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-10-07 10:02 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-07 10:02 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-10-07 10:01 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-10-07 10:01 <DIR> --d----- c:\program files\common files\PC Tools
2009-10-07 10:01 <DIR> --d----- c:\program files\Spyware Doctor
2009-10-07 10:01 <DIR> --d----- c:\docume~1\robbre~1\applic~1\PC Tools
2009-10-07 10:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-02 17:23 195,440 -------- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-09-25 01:37 667,136 -------- c:\windows\system32\wininet.dll
2009-09-25 01:37 667,136 -------- c:\windows\system32\dllcache\wininet.dll
2009-09-25 01:37 627,712 -------- c:\windows\system32\dllcache\urlmon.dll
2009-09-25 01:37 3,070,976 -------- c:\windows\system32\dllcache\mshtml.dll
2009-09-25 01:37 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-09-25 01:37 81,920 a------- c:\windows\system32\ieencode.dll
2009-09-25 01:37 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 10:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 17:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 04:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-13 11:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,904 a------- c:\windows\system32\muweb.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 11:13 2,145,280 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 11:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 10:20 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 10:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 10:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-30 19:10 276,352 -------- c:\windows\system32\XceedSco.dll
2009-07-03 20:40 34 a------- c:\documents and settings\rob brebbia\jagex_runescape_preferences.dat

============= FINISH: 18:03:21.40 ===============


Everything seems to be well. Computer is running really well.

I see that I have one other issue, I still have my Config set to Selective Startup and the one item unchecked on the Startup tab (please see attached word doc with screen capture). Do I now check this and restart?

Attached File  Systemconfig.doc   68.5KB   4 downloads
  • 0

#10
CatByte
Posted 17 October 2009 - 08:28 PM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
yes, reboot, start normally,

that file is no longer on your system, so shouldn't be an issue

The logs are clean,


Just some housekeeping to do now:

Please do the following:

Visit ADOBEand download the latest version of Acrobat Reader (version 9.2)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT

Please download JavaRa to your desktop and unzip it to its own folder.
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button.
  • Scroll down to the Java SE Runtime Environment (JRE) option.
  • Download and install the latest Java Runtime Environment (JRE) version for your computer.(version 6, update 16)


NEXT


Delete the RootRepeal, DDS logs and attach.txt from your desktop


NEXT

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

Now to remove the rest of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.


  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • For Firefox, I highly recommend this add-on to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
  • 0

#11
RobBB
Posted 18 October 2009 - 11:04 AM

RobBB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I cannot possibly express strongly enough how grateful I am for your assistance. My problem is solved.

I'm having a small issue with (maybe) windows installer. When I go to install the update (8.1.3) for Adobe Acrobat 8 Standard (I have 8.1.2), the installation fails a second after a windows installer window appears (I can download it, but not install it).

Also, there is one Microsoft update that fails on installation (dozens of others installed successfully when you had previously told me to update):

Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297)


I can easily research these on my own so if you can't help with this off the top of your head, I'll know when I see this thread closed. (I see that others are having some problems with these same issues).

Thank you again for all you've done and especially your patience with me.
  • 0

#12
RobBB
Posted 18 October 2009 - 12:03 PM

RobBB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Looks like the problems I just described are related to known (and widespread) issues. Microsoft offers steps to correct on it's website which I'll follow.


Thanks again, Cat. I'm good. (I'll be making a donation, small at this point with another one as soon as my wife finds work) :)
  • 0

#13
CatByte
Posted 18 October 2009 - 12:25 PM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Hi,

Glad you have been able to find a possible solution.

If you still have issues, start a new thread in our Windows forum here and see if our expert tech's have a solution for you. Link back to this topic so they can see you are clean of malware.

Thanks for your kindness, ( my help is free, so thank-you)

stay safe :)

~CB
  • 0

#14
CatByte
Posted 20 October 2009 - 10:25 AM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP