Redirect, Ads, Antimalware Doctor

Microsoft Windows xp professional w/serv...
April 23, 2010 at 05:55:12
Specs: Windows XP
I had the malware/virus called "Antimalware Doctor." We have managed to remove it but there are still problems.
I cannot click a link in yahoo or google because I get taken to a completely random webpage. Sometimes when I open IE a second window opens up to a random webpage.

Today my Trend Micro office scan is displaying that it is finding viruses/malwares and is quarantining them. When I click okay it goes away for a second and then starts back up finding new threats every second. It is only finding one virus but listing it over and over and over: Mal_TIDIES-12. Infected File: C:\WINDOWS/system32/drivers/Kbdclass.sys

I've ran Malware Bytes several times in regular operating mode as well as safe mode. It is no longer finding anything. I don't know what else to do.


See More: Redirect, Ads, Antimalware Doctor

Report •


#1
April 23, 2010 at 06:30:44
Check this guide: http://www.spywarevoid.com/remove-a...

Have you deleted all malicious files?


Report •

#2
April 23, 2010 at 08:05:48
It isn't locating anything else. All malicious files have been deleted.

I restarted and Trend Micro stopped with the alerts. Still having random webpages open constantly.


Report •

#3
April 23, 2010 at 09:30:32
Okay, I've ran several different things that have been sugested to others on this board. I'm posting the results of each of them, I really appreciate any help I can get on this matter!

DDS (Ver_10-03-17.01) - NTFSx86
Run by kgeorge at 10:53:41.29 on Fri 04/23/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.231 [GMT -5:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {0E7517F9-86C7-45C3-8D28-F732DB60DCE8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
c:\ProgramFiles\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramFiles\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UltraVNC\WinVNC.exe
c:\ProgramFiles\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\ProgramFiles\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\TEMP\AB673F.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Citrix\ICA Client\Wfcrun32.exe
C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\master\Local Settings\Temporary Internet Files\Content.IE5\VMEA09NU\dds[1].scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = 192.168.*;10.*;172.*;160.*;<local>
uInternet Settings,ProxyServer = http=160.122.16.169:8080;https=160.122.16.169:8080
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [OfficeScanNT Monitor] "c:\programfiles\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [Exaktime SyncCenter] c:\program files\exaktime\timesummit\synccenter\SyncCenter.exe
StartupFolder: c:\docume~1\master\startm~1\programs\startup\palmon~1.lnk - c:\program files\palmone\register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-ba7e-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\progra~1.lnk - c:\windows\installer\{b2ae44cb-2aab-4c08-a54b-d264bd604da8}\Icon80951CEC.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://antivirus.wgyates.com:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {03A89EFD-E023-A100-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://antivirus.wgyates.com:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {65F31DBD-290F-44F8-9B18-47F5AE400A04} - hxxp://www.gould.edu.au/wildlifecams/RasWatch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
TCP: {2B4B3CE2-55F2-4999-A82A-95B8A3A2D077} = 160.122.16.21
TCP: {A168CDCD-D2C4-49B1-BC42-8C6F4BE2FB0E} = 160.122.16.13,160.122.16.60
Notify: igfxcui - igfxdev.dll
Hosts: 160.122.16.32 bid2winsvr.wgyates.com
Hosts: 160.122.1.6 mailserver.wgyates.com
Hosts: 160.122.16.3 mailserver2.wgyates.com
Hosts: 160.122.16.23 mailserver3.wgyates.com
Hosts: 160.122.16.56 mailserver4.wgyates.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\master\applic~1\mozilla\firefox\profiles\sqsk6ua2.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 MSSQL$EXAKTIME;SQL Server (EXAKTIME);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 TmFilter;Trend Micro Filter;c:\programfiles\trend micro\officescan client\tmxpflt.sys [2009-5-22 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\programfiles\trend micro\officescan client\tmpreflt.sys [2009-5-22 36368]
R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 TmProxy;OfficeScan NT Proxy Service;c:\programfiles\trend micro\officescan client\TmProxy.exe [2009-3-18 652552]

=============== Created Last 30 ================

2010-04-22 19:21:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Fugazo
2010-04-22 19:17:43 0 d-----w- c:\program files\bfgclient
2010-04-22 19:16:41 0 d-----w- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2010-04-20 17:27:45 0 d-----w- c:\docume~1\master\applic~1\TeamViewer
2010-04-20 17:27:42 0 d-----w- c:\documents and settings\master\temp
2010-04-20 14:16:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 14:15:58 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 14:15:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 21:10:52 0 d-----w- c:\docume~1\master\applic~1\Malwarebytes
2010-04-19 21:10:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-19 19:54:29 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-19 19:54:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-19 19:48:57 70656 --sha-r- c:\windows\system32\p2pgraphj.dll
2010-04-19 19:48:41 0 d-----w- c:\docume~1\master\applic~1\503D0BEDA2659B34FD1F431FF57240D1

==================== Find3M ====================

2010-04-23 14:28:15 24576 ----a-w- c:\windows\system32\drivers\Kbdclass.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-09-17 12:43:11 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009091720090918\index.dat

============= FINISH: 10:55:28.41 ===============


Report •

Related Solutions

#4
April 23, 2010 at 09:30:54

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/2/2006 10:49:25 AM
System Uptime: 4/23/2010 9:28:45 AM (1 hours ago)

Motherboard: Dell Inc. | | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz | Microprocessor | 1795/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 39.865 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1C575581334FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\1C575581334FC000
Service: NIC1394

==== System Restore Points ===================

No restore point in system.

==== Hosts File Hijack ======================

Hosts: 160.122.16.32 bid2winsvr.wgyates.com
Hosts: 160.122.1.6 mailserver.wgyates.com
Hosts: 160.122.16.3 mailserver2.wgyates.com
Hosts: 160.122.16.23 mailserver3.wgyates.com
Hosts: 160.122.16.56 mailserver4.wgyates.com
Hosts: 160.122.16.54 mailserver5.wgyates.com
Hosts: 160.122.16.62 nocsvr3.wgyates.com
Hosts: 160.122.16.21 phifilesvr.wgyates.com
Hosts: 160.122.16.59 wgydc01.wgyates.com
Hosts: 160.122.1.20 nocsvr01
==== Installed Programs ======================

Adobe Acrobat 8 Standard
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
Big Fish Games: Game Manager
Bonjour
Broadcom Gigabit Integrated Controller
Cisco Systems VPN Client 5.0.02.0090
Citrix Presentation Server Client
Citrix Program Neighborhood ( Citrix ICA Client )
Color Network ScanGear Ver.2.21
Conexant HDA D110 MDC V.92 Modem
Conexant HDA D330 MDC V.92 Modem
Coupon Printer for Windows
Dell Resource CD
Dell Wireless WLAN Card
Easy CD Creator 5 Basic
Exaktime TimeSummit
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Deskjet 6900 series
iLinc Client
Intel(R) Graphics Media Accelerator Driver
iTunes
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Java(TM) SE Runtime Environment 6 Update 1
JobclockD Palm Conduit
Keynote Connector
Look@LAN 2.50 Build 29
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (EXAKTIME)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6.2)
MSXML 6 Service Pack 2 (KB954459)
Network ScanGear Ver.2.21
OGA Notifier 2.0.0048.0
palmOne
Photosynth 2.0.1519.16
PowerDVD 5.7
QFolder
QuickTime
ScrewDrivers Client v3
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SigmaTel Audio
Terminal Services Client
Trend Micro OfficeScan Client
UltraVNC v1.0
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb981433)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows System Scanner
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/23/2010 7:22:33 AM, information: Windows File Protection [64004] - The protected system file kbdclass.sys could not be restored to its original, valid version. The file version of the bad file is 0.0.0.1 The specific error code is 0x000006ba [The RPC server is unavailable. ].
4/23/2010 7:00:07 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
4/23/2010 6:59:12 AM, information: Windows File Protection [64004] - The protected system file kbdclass.sys could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.5512 The specific error code is 0x000006ba [The RPC server is unavailable. ].
4/23/2010 6:42:43 AM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\kbdclass.sys could not be copied into the DLL cache. The specific error code is 0x00000000 [The operation completed successfully. ]. This file is necessary to maintain system stability.
4/23/2010 12:38:59 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\drivers\kbdclass.sys. This file was restored to the original version to maintain system stability. The file version of the bad file is 0.0.0.1, the version of the system file is 5.1.2600.5512.
4/23/2010 12:22:45 AM, error: NETLOGON [5721] - The session setup to the Windows NT or Windows 2000 Domain Controller \\PHIDC01.wgyates.com for the domain WGYATES failed because the Domain Controller does not have an account for the computer 24740-1CZ7QC1.
4/23/2010 12:14:30 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\kbdclass.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
4/23/2010 1:30:20 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\drivers\kbdclass.sys. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
4/22/2010 9:52:45 PM, error: NETLOGON [5721] - The session setup to the Windows NT or Windows 2000 Domain Controller \\bildc01.wgyates.com for the domain WGYATES failed because the Domain Controller does not have an account for the computer 24740-1CZ7QC1.
4/22/2010 9:22:52 AM, error: Print [33] - The PrintQueue Container could not be found because the DNS Domain name could not be retrieved. Error: 54b
4/22/2010 9:22:28 AM, error: NETLOGON [5719] - No Domain Controller is available for domain WGYATES due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
4/22/2010 9:20:56 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/22/2010 8:50:28 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm OMCI tmtdi
4/22/2010 8:49:04 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
4/22/2010 8:49:04 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
4/22/2010 8:03:52 PM, information: Windows File Protection [64000] - File replacement was attempted on the protected system file c:\windows\system32\drivers\kbdclass.sys. This file was restored to the original version to maintain system stability. The file version of the bad file is 0.0.0.1.
4/22/2010 10:52:46 PM, error: NETLOGON [5721] - The session setup to the Windows NT or Windows 2000 Domain Controller \\byrdc01.wgyates.com for the domain WGYATES failed because the Domain Controller does not have an account for the computer 24740-1CZ7QC1.
4/22/2010 10:22:45 PM, error: NETLOGON [5721] - The session setup to the Windows NT or Windows 2000 Domain Controller \\PHIDC02.wgyates.com for the domain WGYATES failed because the Domain Controller does not have an account for the computer 24740-1CZ7QC1.
4/20/2010 6:59:09 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
4/20/2010 12:20:27 PM, error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
4/20/2010 12:20:21 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================


Report •

#5
April 23, 2010 at 09:34:38
OTL Extras logfile created on: 4/23/2010 11:22:22 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\master\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 570.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.80 Gb Total Space | 39.86 Gb Free Space | 71.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 24740-1CZ7QC1
Current User Name: kgeorge
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5900:TCP" = 5900:TCP:*:Enabled:Port 5900
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"15254:TCP" = 15254:TCP:*:Enabled:Trend Micro OfficeScan Listener

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\app4r.exe:*:Enabled:Printing Application -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:UltraVNC Server -- (UltraVNC)
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:UltraVNC Viewer -- (UltraVNC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Look@LAN\LookAtLan.exe" = C:\Program Files\Look@LAN\LookAtLan.exe:*:Enabled:Look@LAN -- (Carlo Medas)
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System -- File not found
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor -- File not found
"C:\Program Files\Lexmark 2500 Series\App4R.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- File not found
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: -- File not found
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: -- File not found
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: -- File not found
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (EXAKTIME)
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366E24C6-9097-4F63-BF42-3F3EF356A960}" = Photosynth 2.0.1519.16
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8EDF23FC-A3FE-4E0F-8FBB-DEB0439D0A44}" = Color Network ScanGear Ver.2.21
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{B97762AA-8AE5-40CE-9AA3-ABC3764C19A4}" = Exaktime TimeSummit
"{BBE3E502-F1D6-4FC9-9844-CC0850B7C516}" = Network ScanGear Ver.2.21
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{FF8157AA-F640-45BD-B7C2-BAA1016B267A}" = palmOne
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8 Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"BFGC" = Big Fish Games: Game Manager
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Citrix Program Neighborhood ( Citrix ICA Client )" = Citrix Program Neighborhood ( Citrix ICA Client )
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{8EDF23FC-A3FE-4E0F-8FBB-DEB0439D0A44}" = Color Network ScanGear Ver.2.21
"InstallShield_{BBE3E502-F1D6-4FC9-9844-CC0850B7C516}" = Network ScanGear Ver.2.21
"Java Web Start" = Java Web Start
"JobclockD" = JobclockD Palm Conduit
"KeynoteConnector" = Keynote Connector
"Look@LAN_1.0" = Look@LAN 2.50 Build 29
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfficeScanNT" = Trend Micro OfficeScan Client
"PROPLUS" = Microsoft Office Professional Plus 2007
"ScrewDrivers Client v3" = ScrewDrivers Client v3
"Terminal Server Client" = Terminal Services Client
"uninstall.exe" = iLinc Client
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Windows System Scanner" = Windows System Scanner

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 4/23/2010 7:19:59 AM | Computer Name = 24740-1CZ7QC1 | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (Access is denied.
). Group Policy processing aborted.

Error - 4/23/2010 9:07:17 AM | Computer Name = 24740-1CZ7QC1 | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (Access is denied.
). Group Policy processing aborted.

Error - 4/23/2010 10:21:51 AM | Computer Name = 24740-1CZ7QC1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007052b). Unable to update the password. The value provided
as the current password is incorrect. Enrollment will not be performed.

Error - 4/23/2010 10:29:32 AM | Computer Name = 24740-1CZ7QC1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/23/2010 10:29:32 AM | Computer Name = 24740-1CZ7QC1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/23/2010 10:29:32 AM | Computer Name = 24740-1CZ7QC1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 4/23/2010 12:12:58 PM | Computer Name = 24740-1CZ7QC1 | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (Access is denied.
). Group Policy processing aborted.

Error - 4/23/2010 12:15:39 PM | Computer Name = 24740-1CZ7QC1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/23/2010 12:15:39 PM | Computer Name = 24740-1CZ7QC1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/23/2010 12:15:40 PM | Computer Name = 24740-1CZ7QC1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ OSession Events ]
Error - 10/27/2008 10:38:18 AM | Computer Name = 24740-1CZ7QC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 2329
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 3/30/2009 7:18:41 AM | Computer Name = 24740-1CZ7QC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 376
seconds with 120 seconds of active time. This session ended with a crash.

Error - 3/30/2009 7:20:53 AM | Computer Name = 24740-1CZ7QC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 82
seconds with 60 seconds of active time. This session ended with a crash.

Error - 3/30/2009 7:22:14 AM | Computer Name = 24740-1CZ7QC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 65
seconds with 60 seconds of active time. This session ended with a crash.

Error - 4/21/2009 8:12:04 AM | Computer Name = 24740-1CZ7QC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4308
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/23/2010 5:52:46 AM | Computer Name = 24740-1CZ7QC1 | Source = NETLOGON | ID = 5721
Description = The session setup to the Windows NT or Windows 2000 Domain Controller
\\PHIDC01.wgyates.com for the domain WGYATES failed because the Domain Controller
does not have an account for the computer 24740-1CZ7QC1.

Error - 4/23/2010 7:07:46 AM | Computer Name = 24740-1CZ7QC1 | Source = NETLOGON | ID = 5721
Description = The session setup to the Windows NT or Windows 2000 Domain Controller
\\bildc01.wgyates.com for the domain WGYATES failed because the Domain Controller
does not have an account for the computer 24740-1CZ7QC1.

Error - 4/23/2010 8:00:07 AM | Computer Name = 24740-1CZ7QC1 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 4/23/2010 8:15:25 AM | Computer Name = 24740-1CZ7QC1 | Source = NETLOGON | ID = 5721
Description = The session setup to the Windows NT or Windows 2000 Domain Controller
\\byrdc01.wgyates.com for the domain WGYATES failed because the Domain Controller
does not have an account for the computer 24740-1CZ7QC1.

Error - 4/23/2010 8:45:25 AM | Computer Name = 24740-1CZ7QC1 | Source = NETLOGON | ID = 5721
Description = The session setup to the Windows NT or Windows 2000 Domain Controller
\\PHIDC02.wgyates.com for the domain WGYATES failed because the Domain Controller
does not have an account for the computer 24740-1CZ7QC1.

Error - 4/23/2010 10:59:48 AM | Computer Name = 24740-1CZ7QC1 | Source = NETLOGON | ID = 5721
Description = The session setup to the Windows NT or Windows 2000 Domain Controller
\\PHIDC01.wgyates.com for the domain WGYATES failed because the Domain Controller
does not have an account for the computer 24740-1CZ7QC1.

Error - 4/23/2010 11:14:48 AM | Computer Name = 24740-1CZ7QC1 | Source = NETLOGON | ID = 5721
Description = The session setup to the Windows NT or Windows 2000 Domain Controller
\\PHIDC02.wgyates.com for the domain WGYATES failed because the Domain Controller
does not have an account for the computer 24740-1CZ7QC1.

Error - 4/23/2010 11:16:47 AM | Computer Name = 24740-1CZ7QC1 | Source = NETLOGON | ID = 5721
Description = The session setup to the Windows NT or Windows 2000 Domain Controller
\\bildc01.wgyates.com for the domain WGYATES failed because the Domain Controller
does not have an account for the computer 24740-1CZ7QC1.

Error - 4/23/2010 11:59:35 AM | Computer Name = 24740-1CZ7QC1 | Source = NETLOGON | ID = 5721
Description = The session setup to the Windows NT or Windows 2000 Domain Controller
\\byrdc01.wgyates.com for the domain WGYATES failed because the Domain Controller
does not have an account for the computer 24740-1CZ7QC1.

Error - 4/23/2010 12:14:14 PM | Computer Name = 24740-1CZ7QC1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain WGYATES due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.


< End of report >

Report •

#6
April 23, 2010 at 09:36:22
OTL logfile created on: 4/23/2010 11:22:22 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\master\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 570.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.80 Gb Total Space | 39.86 Gb Free Space | 71.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 24740-1CZ7QC1
Current User Name: kgeorge
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/04/23 11:21:32 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\master\Desktop\OTL.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/03/18 19:32:58 | 000,296,224 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\Temp\QUFC1B.EXE
PRC - [2009/03/18 19:32:54 | 000,988,456 | ---- | M] (Trend Micro Inc.) -- c:\ProgramFiles\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2009/03/18 19:32:54 | 000,918,824 | ---- | M] (Trend Micro Inc.) -- c:\ProgramFiles\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2009/03/18 19:32:54 | 000,718,120 | ---- | M] (Trend Micro Inc.) -- C:\ProgramFiles\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2009/03/18 19:27:18 | 000,435,576 | ---- | M] (Trend Micro Inc.) -- c:\ProgramFiles\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/04/24 14:45:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/02/19 14:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/02/19 14:26:32 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/02/08 12:55:22 | 000,286,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\pnagent.exe
PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2005/06/24 21:56:16 | 000,843,776 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/06/09 14:16:08 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe
PRC - [2002/12/17 12:28:00 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/04/23 11:21:32 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\master\Desktop\OTL.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$EXAKTIME) SQL Server (EXAKTIME)
SRV - [2009/03/18 19:32:54 | 000,988,456 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\ProgramFiles\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2009/03/18 19:32:54 | 000,918,824 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\ProgramFiles\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2009/03/18 19:27:06 | 000,652,552 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- c:\ProgramFiles\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2007/10/26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/04/24 14:45:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/02/19 14:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2005/06/24 21:56:16 | 000,843,776 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\WinVNC.exe -- (winvnc)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010/04/23 11:20:02 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tsk7.tmp -- (atapi)
DRV - [2009/12/04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\ProgramFiles\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2009/12/04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\ProgramFiles\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2009/12/04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\ProgramFiles\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2009/05/07 02:04:50 | 000,157,712 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/03/18 19:32:46 | 000,076,304 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/04/28 13:58:10 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/05/16 18:14:58 | 005,707,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/02/19 14:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 18:47:36 | 000,989,696 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 18:47:00 | 000,209,152 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/11/02 18:46:56 | 000,730,112 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/08/04 13:04:57 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2006/08/04 13:04:57 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2006/08/04 13:04:57 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2006/08/04 13:04:57 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2005/12/01 01:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/11/02 13:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/01/26 10:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2002/12/17 12:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/12/17 12:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/12/17 12:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*;10.*;172.*;160.*;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=160.122.16.169:8080;https=160.122.16.169:8080

[color=#E56717]========== FireFox ==========[/color]


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/01 09:01:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/01 09:01:16 | 000,000,000 | ---D | M]

[2010/04/01 09:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Mozilla\Extensions
[2010/04/15 16:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Mozilla\Firefox\Profiles\sqsk6ua2.default\extensions
[2010/04/08 10:56:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\master\Application Data\Mozilla\Firefox\Profiles\sqsk6ua2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/01 09:01:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2007/08/22 09:08:59 | 000,001,092 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 160.122.16.32 bid2winsvr.wgyates.com
O1 - Hosts: 160.122.1.6 mailserver.wgyates.com
O1 - Hosts: 160.122.16.3 mailserver2.wgyates.com
O1 - Hosts: 160.122.16.23 mailserver3.wgyates.com
O1 - Hosts: 160.122.16.56 mailserver4.wgyates.com
O1 - Hosts: 160.122.16.54 mailserver5.wgyates.com
O1 - Hosts: 160.122.16.62 nocsvr3.wgyates.com
O1 - Hosts: 160.122.16.21 phifilesvr.wgyates.com
O1 - Hosts: 160.122.16.59 wgydc01.wgyates.com
O1 - Hosts: 160.122.1.20 nocsvr01
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [Exaktime SyncCenter] C:\Program Files\Exaktime\TimeSummit\SyncCenter\SyncCenter.exe (Exaktime, Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] c:\ProgramFiles\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\UltraVNC\WinVNC.exe (UltraVNC)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk = C:\WINDOWS\Installer\{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}\Icon80951CEC.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\master\Start Menu\Programs\Startup\palmOne Registration.lnk = C:\Program Files\palmOne\register.exe (palmOne/Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://antivirus.wgyates.com:4343/officescan/console/html/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {03A89EFD-E023-A100-A22D-45F77558EB4C} https://content10.ilinc.com/download/AXCltInstall.dll (ILINCInstall101 Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downl... (Office Genuine Advantage Validation Tool)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://antivirus.wgyates.com:4343/officescan/console/html/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/... (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/... (Shockwave ActiveX Control)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/app... (Keynote Connector Launcher 2)
O16 - DPF: {65F31DBD-290F-44F8-9B18-47F5AE400A04} http://www.gould.edu.au/wildlifecam... (RAS_Watch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/ge... (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramewo... (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin... (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/... (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcapl... (PopCapLoader Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wgyates.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\master\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\master\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/02 10:46:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{59a793a0-7063-11dc-b3d9-001c230ee373}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O33 - MountPoints2\{bd219329-c8f7-11dc-a730-001c230ee373}\Shell - "" = AutoRun
O33 - MountPoints2\{bd219329-c8f7-11dc-a730-001c230ee373}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bd219329-c8f7-11dc-a730-001c230ee373}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c850dfe5-0653-11dd-a773-001c230ee373}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2010/04/23 11:21:25 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\master\Desktop\OTL.exe
[2010/04/23 11:20:02 | 000,036,488 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2010/04/22 14:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/04/22 14:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/04/22 14:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2010/04/20 12:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\master\Application Data\TeamViewer
[2010/04/20 12:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\master\temp
[2010/04/20 09:16:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/20 09:15:58 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/20 09:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/20 09:14:59 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\master\Desktop\mbam-setup-1.45.exe
[2010/04/19 16:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\master\Application Data\Malwarebytes
[2010/04/19 16:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/19 14:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/19 14:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/19 14:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/19 14:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\master\Application Data\503D0BEDA2659B34FD1F431FF57240D1
[2010/04/01 09:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\master\Local Settings\Application Data\Mozilla
[2010/04/01 09:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\master\Application Data\Mozilla
[2010/04/01 09:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/22 10:43:42 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\master\Desktop\TDSSKiller.exe
[2010/03/18 10:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\master\My Documents\EEO
[2010/02/24 11:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\master\Application Data\Office Genuine Advantage
[2010/02/24 07:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/02/24 07:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/02/24 07:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/02/24 07:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/02/24 07:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/02/24 07:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/02/24 07:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/02/24 07:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/02/24 07:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/02/24 07:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/02/24 07:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/02/24 07:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/02/24 07:58:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/02/24 07:58:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/02/24 07:58:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/02/24 07:58:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/02/24 07:58:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

Report •

#7
April 23, 2010 at 09:36:49
[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010/04/23 11:21:32 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\master\Desktop\OTL.exe
[2010/04/23 11:21:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/23 11:20:02 | 000,036,488 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2010/04/23 11:19:55 | 000,582,472 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/23 11:19:55 | 000,484,366 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/23 11:19:55 | 000,087,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/23 11:17:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/23 11:15:46 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/23 11:15:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/23 11:15:39 | 000,000,318 | -HS- | M] () -- C:\WINDOWS\tasks\Jxdcpqilev.job
[2010/04/23 11:15:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/23 11:15:32 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/04/23 11:15:32 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/04/23 11:15:31 | 000,002,403 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
[2010/04/23 11:15:31 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/04/23 11:15:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/23 11:14:36 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\master\NTUSER.DAT
[2010/04/23 11:14:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\master\ntuser.ini
[2010/04/23 11:12:27 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\master\Desktop\TDSSKiller.exe
[2010/04/23 10:01:17 | 000,014,284 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2010/04/23 09:52:36 | 000,002,631 | ---- | M] () -- C:\Documents and Settings\master\Desktop\Viewpoint V6-SVR2.pnagent
[2010/04/23 09:52:36 | 000,002,631 | ---- | M] () -- C:\Documents and Settings\master\Desktop\Viewpoint V6-SVR1.pnagent
[2010/04/23 09:52:36 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\master\Desktop\Invoice Router.pnagent
[2010/04/23 09:52:35 | 000,002,549 | ---- | M] () -- C:\Documents and Settings\master\Desktop\CDM.pnagent
[2010/04/23 09:52:35 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\master\Desktop\AX.pnagent
[2010/04/23 09:30:16 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\master\Desktop\VPN Client.lnk
[2010/04/23 09:27:39 | 002,111,000 | -H-- | M] () -- C:\Documents and Settings\master\Local Settings\Application Data\IconCache.db
[2010/04/21 07:06:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/20 09:16:03 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/20 09:14:59 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\master\Desktop\mbam-setup-1.45.exe
[2010/04/20 07:19:06 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\master\Local Settings\Application Data\housecall.guid.cache
[2010/04/19 14:54:29 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/19 14:48:57 | 000,070,656 | RHS- | M] () -- C:\WINDOWS\System32\p2pgraphj.dll
[2010/04/19 10:05:54 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\master\My Documents\Transmittal of Payroll Time Cards.xls
[2010/04/19 08:06:26 | 000,002,405 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TimeSummit.lnk
[2010/04/15 07:26:12 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/14 17:05:29 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 06:56:40 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\master\Start Menu\Programs\Startup\palmOne Registration.lnk
[2010/04/01 15:09:45 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/01 09:01:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/04/01 09:01:20 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 09:05:38 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\master\My Documents\TRUCK2010.xls
[2010/03/17 15:33:02 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\master\My Documents\EXPENSE REPORT FORM.xls
[2010/03/08 08:21:14 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\master\Desktop\PriceList.xlr
[2010/02/25 07:57:12 | 002,005,131 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/02/23 11:57:06 | 000,021,929 | ---- | M] () -- C:\Documents and Settings\master\Desktop\Sign In Sheet.xlsx
[2010/02/18 15:15:17 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\master\Desktop\Microsoft Office Outlook 2007.lnk
[2010/02/09 16:59:44 | 000,025,374 | ---- | M] () -- C:\Documents and Settings\master\My Documents\Graph Paper1.xlsx
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/04/20 09:16:03 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/20 07:10:19 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\master\Local Settings\Application Data\housecall.guid.cache
[2010/04/19 14:54:29 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/19 14:54:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/19 14:48:58 | 000,000,318 | -HS- | C] () -- C:\WINDOWS\tasks\Jxdcpqilev.job
[2010/04/19 14:48:57 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\p2pgraphj.dll
[2010/04/15 07:26:12 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/01 09:01:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/01 09:01:20 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/29 08:44:49 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\master\My Documents\TRUCK2010.xls
[2010/03/08 08:21:11 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\master\Desktop\PriceList.xlr
[2010/02/23 11:57:05 | 000,021,929 | ---- | C] () -- C:\Documents and Settings\master\Desktop\Sign In Sheet.xlsx
[2010/02/09 16:59:44 | 000,025,374 | ---- | C] () -- C:\Documents and Settings\master\My Documents\Graph Paper1.xlsx
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/22 08:42:20 | 000,014,284 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009/06/04 12:36:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/04/07 15:25:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/04/28 16:06:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/10/26 14:28:18 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 14:28:04 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/08/17 15:47:02 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/08/17 15:47:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2006/08/03 15:04:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/02 17:41:39 | 000,000,032 | ---- | C] () -- C:\WINDOWS\concentr.ini
[2006/08/02 17:32:49 | 000,000,176 | ---- | C] () -- C:\WINDOWS\WFCMGR.INI
[2006/08/02 12:47:03 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/08/02 12:47:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2004/08/04 05:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 05:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 05:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 05:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 05:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color=#E56717]========== LOP Check ==========[/color]

[2010/04/19 08:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Exaktime
[2010/04/22 14:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/04/28 13:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2007/05/01 10:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBMERS
[2009/03/12 06:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/04/22 14:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/20 10:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\503D0BEDA2659B34FD1F431FF57240D1
[2007/04/24 14:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Citrix
[2008/04/28 15:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Exaktime
[2008/04/28 13:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\HotSync
[2007/05/01 10:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\IBMERS
[2007/10/01 16:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\ICAClient
[2009/03/31 06:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Keynote Systems
[2008/04/28 14:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Leadertech
[2010/04/20 12:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\TeamViewer
[2009/06/04 07:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Total Eclipse
[2008/04/28 15:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Weather
[2010/04/23 11:15:39 | 000,000,318 | -HS- | M] () -- C:\WINDOWS\Tasks\Jxdcpqilev.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< :Commands >[/color]

[color=#A23BEC]< [resethosts] >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE07D0EE
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A5207FA
< End of report >
[2010/04/23 11:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Desktop
[2010/04/23 11:22:54 | 000,036,864 | -H-- | M] () -- C:\Documents and Settings\master\ntuser.dat.LOG
[2010/04/23 11:21:32 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\master\Desktop\OTL.exe
[2010/04/23 11:21:18 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\master\Cookies
[2010/04/23 11:21:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/23 11:20:02 | 000,036,488 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2010/04/23 11:19:55 | 000,582,472 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/23 11:19:55 | 000,484,366 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/23 11:19:55 | 000,087,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/23 11:19:33 | 000,000,000 | R--D | M] -- C:\Documents and Settings\master\Favorites
[2010/04/23 11:17:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/23 11:15:46 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/23 11:15:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/23 11:15:39 | 000,000,318 | -HS- | M] () -- C:\WINDOWS\tasks\Jxdcpqilev.job
[2010/04/23 11:15:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/23 11:15:32 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/04/23 11:15:32 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/04/23 11:15:31 | 000,002,403 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
[2010/04/23 11:15:31 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/04/23 11:15:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/23 11:14:36 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\master\NTUSER.DAT
[2010/04/23 11:14:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\master\ntuser.ini
[2010/04/23 11:12:27 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\master\Desktop\TDSSKiller.exe
[2010/04/23 10:59:27 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\master\Recent
[2010/04/23 10:01:17 | 000,014,284 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2010/04/23 09:52:36 | 000,002,631 | ---- | M] () -- C:\Documents and Settings\master\Desktop\Viewpoint V6-SVR2.pnagent
[2010/04/23 09:52:36 | 000,002,631 | ---- | M] () -- C:\Documents and Settings\master\Desktop\Viewpoint V6-SVR1.pnagent
[2010/04/23 09:52:36 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\master\Desktop\Invoice Router.pnagent
[2010/04/23 09:52:35 | 000,002,549 | ---- | M] () -- C:\Documents and Settings\master\Desktop\CDM.pnagent
[2010/04/23 09:52:35 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\master\Desktop\AX.pnagent
[2010/04/23 09:30:16 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\master\Desktop\VPN Client.lnk
[2010/04/23 09:27:39 | 002,111,000 | -H-- | M] () -- C:\Documents and Settings\master\Local Settings\Application Data\IconCache.db
[2010/04/23 06:59:01 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdclass.sys
[2010/04/22 14:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2010/04/22 14:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/22 14:21:46 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2010/04/22 14:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/04/22 14:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2010/04/22 14:17:43 | 000,000,000 | ---D | M] -- C:\Program Files\bfgclient
[2010/04/22 10:17:17 | 000,000,000 | R--D | M] -- C:\Documents and Settings\master\Start Menu
[2010/04/22 10:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2010/04/21 07:06:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/20 12:27:45 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\master\Application Data
[2010/04/20 12:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\TeamViewer
[2010/04/20 12:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\temp
[2010/04/20 10:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\503D0BEDA2659B34FD1F431FF57240D1
[2010/04/20 09:16:04 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/20 09:16:03 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/20 09:14:59 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\master\Desktop\mbam-setup-1.45.exe
[2010/04/20 07:19:06 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\master\Local Settings\Application Data\housecall.guid.cache
[2010/04/19 16:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Malwarebytes
[2010/04/19 16:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/19 15:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/19 14:54:29 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/19 14:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/19 14:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/19 14:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/19 14:48:57 | 000,070,656 | RHS- | M] () -- C:\WINDOWS\System32\p2pgraphj.dll
[2010/04/19 10:05:54 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\master\My Documents\Transmittal of Payroll Time Cards.xls
[2010/04/19 10:05:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings\master\My Documents
[2010/04/19 08:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Exaktime
[2010/04/19 08:06:26 | 000,002,405 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TimeSummit.lnk
[2010/04/15 16:23:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/04/15 07:26:12 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/15 07:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/04/15 07:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Local Settings\Application Data\Temp
[2010/04/14 17:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/04/14 17:05:29 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 06:56:40 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\master\Start Menu\Programs\Startup\palmOne Registration.lnk
[2010/04/01 15:09:45 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/01 09:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Mozilla
[2010/04/01 09:01:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/04/01 09:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Local Settings\Application Data\Mozilla
[2010/04/01 09:01:20 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/31 17:01:32 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 09:05:38 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\master\My Documents\TRUCK2010.xls
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010/04/23 11:21:32 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\master\Desktop\OTL.exe
[2010/04/23 11:21:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/23 11:20:02 | 000,036,488 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2010/04/23 11:19:55 | 000,582,472 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/23 11:19:55 | 000,484,366 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/23 11:19:55 | 000,087,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/23 11:17:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/23 11:15:46 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/23 11:15:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/23 11:15:39 | 000,000,318 | -HS- | M] () -- C:\WINDOWS\tasks\Jxdcpqilev.job
[2010/04/23 11:15:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/23 11:15:32 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/04/23 11:15:32 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/04/23 11:15:31 | 000,002,403 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
[2010/04/23 11:15:31 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/04/23 11:15:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/23 11:14:36 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\master\NTUSER.DAT
[2010/04/23 11:14:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\master\ntuser.ini
[2010/04/23 11:12:27 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\master\Desktop\TDSSKiller.exe
[2010/04/23 10:01:17 | 000,014,284 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2010/04/23 09:52:36 | 000,002,631 | ---- | M] () -- C:\Documents and Settings\master\Desktop\Viewpoint V6-SVR2.pnagent
[2010/04/23 09:52:36 | 000,002,631 | ---- | M] () -- C:\Documents and Settings\master\Desktop\Viewpoint V6-SVR1.pnagent
[2010/04/23 09:52:36 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\master\Desktop\Invoice Router.pnagent
[2010/04/23 09:52:35 | 000,002,549 | ---- | M] () -- C:\Documents and Settings\master\Desktop\CDM.pnagent
[2010/04/23 09:52:35 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\master\Desktop\AX.pnagent
[2010/04/23 09:30:16 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\master\Desktop\VPN Client.lnk
[2010/04/23 09:27:39 | 002,111,000 | -H-- | M] () -- C:\Documents and Settings\master\Local Settings\Application Data\IconCache.db
[2010/04/23 06:59:01 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdclass.sys
[2010/04/21 07:06:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/20 09:16:03 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/20 09:14:59 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\master\Desktop\mbam-setup-1.45.exe
[2010/04/20 07:19:06 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\master\Local Settings\Application Data\housecall.guid.cache
[2010/04/19 14:54:29 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/19 14:48:57 | 000,070,656 | RHS- | M] () -- C:\WINDOWS\System32\p2pgraphj.dll
[2010/04/19 10:05:54 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\master\My Documents\Transmittal of Payroll Time Cards.xls
[2010/04/19 08:06:26 | 000,002,405 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TimeSummit.lnk
[2010/04/15 07:26:12 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/14 17:05:29 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 06:56:40 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\master\Start Menu\Programs\Startup\palmOne Registration.lnk
[2010/04/01 15:09:45 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/01 09:01:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/04/01 09:01:20 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 09:05:38 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\master\My Documents\TRUCK2010.xls
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[color=#E56717]========== LOP Check ==========[/color]

[2010/04/19 08:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Exaktime
[2010/04/22 14:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/04/28 13:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2007/05/01 10:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBMERS
[2009/03/12 06:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/04/22 14:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/20 10:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\503D0BEDA2659B34FD1F431FF57240D1
[2007/04/24 14:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Citrix
[2008/04/28 15:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Exaktime
[2008/04/28 13:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\HotSync
[2007/05/01 10:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\IBMERS
[2007/10/01 16:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\ICAClient
[2009/03/31 06:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Keynote Systems
[2008/04/28 14:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Leadertech
[2010/04/20 12:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\TeamViewer
[2009/06/04 07:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Total Eclipse
[2008/04/28 15:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Weather
[2010/04/23 11:15:39 | 000,000,318 | -HS- | M] () -- C:\WINDOWS\Tasks\Jxdcpqilev.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< :Commands >[/color]

[color=#A23BEC]< [resethosts] >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE07D0EE
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A5207FA

< End of report >


Report •

#8
May 4, 2010 at 14:21:40
kimeydiann, can you post an update on this. Has this been completely removed or are you still seeing random webpages opening constantly. Please let me know what was the solution. My wife's XP machine is corrupted by this one today. Although Malware Bytes software has removed all the apparent infected files, she doesn't have a good control on many of her apps yet and she is so frustrated. Any help will be greatly appreciated. Thanks!

Report •

#9
May 6, 2010 at 06:17:07
looks like a self inflicted post LOL

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •


Ask Question