Jump to content

Malwarebytes installed but does not start


Recommended Posts

Hello,

I had Malwarebytes installed on my laptop for quite some days now. Today I visited some websites which resulted in some viruses infecting my laptop. Malwarebytes will not launch, and the virus seems to have disabled my McAfee anti-virus software as well. Something called Total XP Security has begun running. I tried to change the name of MBAM.exe to some random characters, but it still does not start.

When I open taskmanager, I see all sorts of weird exes running, which even when I kill, reappear. Examples are ave.exe, smss.exe, crss.exe, etc.

I have bought the Malwarebytes' Anti-Malware Consumer License as well (bought it on Feb 2, 2010).

Please help!

Here are the contents of DDS.txt, and I am attaching the ARK.TXT and ATTACH.TXT files as a zipped folder as well.

==============================================

DDS (Ver_10-03-17.01) - NTFSx86

Run by D111214 at 22:35:10.45 on Fri 03/26/2010

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3063.2462 [GMT -7:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Cisco\Cisco Secure Services Client\Cisco_SSCservice.exe

svchost.exe

svchost.exe

C:\WINNT\system32\spoolsv.exe

svchost.exe

C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\progra~1\merlin\merlin.exe

C:\Program Files\lotus\notes\ntmulti.exe

C:\WINNT\system32\Prot_srv.exe

C:\WINNT\system32\svchost.exe -k imgsvc

C:\Program Files\Citrix\ICA Client\ssonsvr.exe

C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Merlin\MWIStats.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe

C:\WINNT\system32\igfxpers.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\WINNT\system32\igfxsrvc.exe

C:\Program Files\Cisco\Cisco Secure Services Client\Cisco_SSCgui.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\WINNT\system32\ctfmon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINNT\System32\svchost.exe -k netsvcs

C:\WINNT\system32\enstart.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Documents and Settings\d111214\Local Settings\Application Data\ave.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\d111214\Desktop\Defogger.exe

C:\Documents and Settings\d111214\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

mDefault_Page_URL = hxxp://kpnet.kp.org

uInternet Settings,ProxyOverride = <local>;*.local

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\winnt\system32\dla\tfswshx.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\d111214\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe

mRun: [Persistence] c:\winnt\system32\igfxpers.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [Pointsec Tray] c:\program files\pointsec\pointsec for pc\P95Tray.exe

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [MWIStats] "c:\program files\merlin\MWIStats.exe"

mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [CiscoCSSCgui] "c:\program files\cisco\cisco secure services client\Cisco_SSCgui.exe"

mRun: [<NO NAME>]

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\winnt\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\winnt\installer\{24c67b54-0718-445e-b663-3138d9246bd1}\Icon3E5562ED7.ico

uPolicies-explorer: NoDevMgrUpdate = 1 (0x1)

uPolicies-explorer: NoWindowsUpdate = 1 (0x1)

uPolicies-explorer: NoWelcomeScreen = 1 (0x1)

uPolicies-explorer: DisallowCpl = 1 (0x1)

uPolicies-explorer: DisallowRun = 1 (0x1)

uPolicies-disallowrun: ""1 = freecell.exe

uPolicies-disallowrun: ""2 = winmine.exe

uPolicies-disallowrun: ""3 = pinball.exe

uPolicies-disallowrun: ""4 = sol.exe

mPolicies-explorer: NoWindowsUpdate = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: kp.org\*.appl

Trusted Zone: kp.org\*.moss

Trusted Zone: kp.org\cnbcapphosting.ca

Trusted Zone: kp.org\cnprodapphosting.appl

Trusted Zone: kp.org\cobcapphosting.co

Trusted Zone: kp.org\coprodapphosting.appl

Trusted Zone: kp.org\csbcapphosting.ca

Trusted Zone: kp.org\csprodapphosting.appl

Trusted Zone: kp.org\gabcapphosting.ga

Trusted Zone: kp.org\gaprodapphosting.appl

Trusted Zone: kp.org\hibcapphosting.hi

Trusted Zone: kp.org\hiprodapphosting.appl

Trusted Zone: kp.org\mabcapphosting.md

Trusted Zone: kp.org\maprodapphosting.appl

Trusted Zone: kp.org\metaframe

Trusted Zone: kp.org\metaframeeast

Trusted Zone: kp.org\metaframewest

Trusted Zone: kp.org\nwbcapphosting.or

Trusted Zone: kp.org\nwprodapphosting.appl

Trusted Zone: kp.org\ohbcapphosting.oh

Trusted Zone: kp.org\ohprodapphosting.appl

DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab

DPF: Sametime Meeting Room Client ST25PF1 - hxxp://crdc-st01.kp.org/sametime/stmeetingroomclient/STMeetingRoomClient.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://cn067apps036:8080/qcbin/capicom.dll

DPF: {46CF8BCA-84A1-4437-847A-DC29496E01A5} - hxxp://10.233.49.167/iSite3_3.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {A4E84B61-1174-4309-87F0-E795A64158CC} - hxxp://crdc-st01.kp.org/sametime/stmeetingroomclient/STJNILoader.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.cric7.com/vjocx-en-black.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Notify: csscsso - csscsso.dll

Notify: igfxcui - igfxdev.dll

Notify: KPLogOn - KPLogOn.dll

AppInit_DLLs: fuveroge.dll

LSA: Authentication Packages = msv1_0 TivoliAP

mASetup: {0AF4C301-9A12-4452-BC65-8731488C711E} - msiexec /fu {0AF4C301-9A12-4452-BC65-8731488C711E}

mASetup: {0D167CC5-D945-4993-A7B4-D2C2E480B07E} - c:\program files\kphc downtime\PinShortcut.vbs /s

mASetup: {1887F5EF-077F-4A15-BCD4-DEBC060CF729} - msiexec /fu {1887F5EF-077F-4A15-BCD4-DEBC060CF729}

mASetup: {4490609F-D56B-43D3-8A34-A6D9B0E901CF} - c:\program files\rap 2.0\PinShortcut.vbs /s

mASetup: {90520409-6000-11D3-8CFE-0150048383C9} - msiexec /fup {90520409-6000-11D3-8CFE-0150048383C9}

mASetup: {AEB7C78C-735A-4350-93F1-56494ECDBBE1-DEL_MP10_USER_SHORTCUT} - MP10HKCU.EXE

mASetup: {B922E7CA-A873-4F92-85AA-042CB763F7AB} - c:\program files\kphc downtime\PinShortcut.vbs /s

mASetup: {C374B00E-07C9-474F-8BD4-EB6066DF9F99} - msiexec /fu {C374B00E-07C9-474F-8BD4-EB6066DF9F99}

mASetup: {DE581F3B-BE3D-4A3D-91A8-7D3B025501CB} - msiexec /fup {4490609F-D56B-43D3-8A34-A6D9B0E901CF} /qn

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\d111214\applic~1\mozilla\firefox\profiles\8s2dsjt4.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\documents and settings\d111214\application data\move networks\plugins\npqmp071705000014.dll

FF - plugin: c:\documents and settings\d111214\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 prot_2k;prot_2k;c:\winnt\system32\drivers\prot_2k.sys [2008-2-12 220096]

R1 enstart_;enstart_;c:\winnt\system32\enstart_.sys [2007-6-20 31744]

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2009-1-27 31848]

R2 Cisco Secure Services Client;Cisco Secure Services Client;c:\program files\cisco\cisco secure services client\Cisco_SSCservice.exe [2008-5-9 1232896]

R2 CITMDRV;CITMDRV;c:\winnt\system32\drivers\CITMDRV.SYS [2009-11-23 10752]

R2 enstart;enstart;c:\winnt\system32\enstart.exe [2007-6-20 491520]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-2 236368]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-22 103744]

R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-1-27 144704]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-1-27 54608]

R2 Merlin;Merlin;c:\progra~1\merlin\merlin.exe [2008-3-12 110592]

R2 Pointsec;Pointsec;c:\winnt\system32\Prot_srv.exe [2008-2-12 367168]

R3 CiscoSSD;Cisco Secure Services Miniport Driver;c:\winnt\system32\drivers\css_drv.sys [2010-1-18 42240]

R3 IFXTPM;IFXTPM;c:\winnt\system32\drivers\ifxtpm.sys [2008-3-12 41216]

R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [2010-2-2 19160]

R3 mfeavfk;McAfee Inc.;c:\winnt\system32\drivers\mfeavfk.sys [2008-3-12 73512]

R3 mfebopk;McAfee Inc.;c:\winnt\system32\drivers\mfebopk.sys [2008-3-12 34408]

R3 mfehidk;McAfee Inc.;c:\winnt\system32\drivers\mfehidk.sys [2008-3-12 177864]

R3 rismc32;RICOH Smart Card Reader;c:\winnt\system32\drivers\rismc32.sys [2009-11-13 47616]

S2 lcfd;Tivoli Endpoint;c:\winnt\tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe [2008-3-12 139264]

S2 Pointsec_start;Pointsec Service Start;c:\winnt\system32\pstartSr.exe [2008-2-12 145984]

S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\orant\ora81\bin\ONRSD.EXE [2000-10-19 411244]

S4 radexecd;Radia Notify Daemon;c:\program files\novadigm\radexecd.exe [2002-12-2 196608]

S4 radsched;Radia Scheduler Daemon;c:\program files\novadigm\radsched.exe [2002-9-30 200704]

S4 Radstgms;Radia MSI Redirector;c:\program files\novadigm\Radstgms.exe [2003-3-27 303104]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-03-27 05:34:06 0 ----a-w- c:\documents and settings\d111214\defogger_reenable

2010-03-13 12:54:18 0 d--h--w- C:\VJVod_Cache

2010-03-12 16:03:11 0 d-----w- c:\winnt\system32\nagasoft

2010-03-06 00:39:40 0 d-----w- c:\program files\common files\xing shared

2010-03-06 00:29:04 129784 ----a-w- c:\winnt\system32\pxafs.dll

2010-03-06 00:28:14 0 d-----w- c:\program files\common files\DivX Shared

2010-03-06 00:28:09 0 d-----w- c:\program files\DivX

2010-03-02 20:05:27 0 d-----w- c:\winnt\system32\appmgmt

==================== Find3M ====================

2010-01-19 07:19:12 411368 ----a-w- c:\winnt\system32\deploytk.dll

2010-01-18 19:00:08 356352 ----a-w- c:\winnt\system32\AegisI5Installer.exe

2009-12-27 07:35:50 34032 ---ha-w- c:\winnt\system32\mlfcache.dat

2009-11-13 19:19:08 796 ----a-w- c:\program files\INSTALL.LOG

2004-12-21 01:10:48 151552 ----a-w- c:\program files\UNWISE.EXE

2004-08-04 08:56:58 73728 --sha-w- c:\winnt\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe

============= FINISH: 22:35:40.34 ===============

Attach.zip

Link to post
Share on other sites

Hello bhavanis

Welcome to Malwarebytes.

=====================

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Hi!

I had to get some work done immediately and my system had totally gotten hung up. So I did a little search using another computer on the net and found instructions about deleting some of the entries in the HKEY registries on my system. It was a risk but I couldn't wait. Luckily for me, it seems to have worked, because the ave.exe and Windows XP Protector and all other problems vanished after that. I am able to use my system without any problem now. Thank you for the response, much appreciated.

Malware bytes has been running after that too. Prior to this problem, it used to find Windows.Tool.Disabled every day. Even if I got malware to remove this, it would reappear the next day.

Now I am back to this same situation. Malware finds this problem everyday, and I get it to remove and find it present the next day again when Malware starts it's scan. Could you help with that please?

I am attaching the log from today's run. Thanks!

mbam_log_2010_03_30__09_08_17_.txt

Link to post
Share on other sites

Sure I can help with it.

Please go to Start>Run type in Notepad.

Copy what is in the code box below into the open Notepad window.

Change the "Save As Type" to "All Files". Save it as fixthis.bat on your Desktop.

@Echo off

regedit /e look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT"
start notepad look.txt

Then please double click on fixthis.bat a window will open and close quickly.This is normal.

Please post the contents of the Notepad document that opens.

Link to post
Share on other sites

Hi! Thanks for the quick reply.

Here's the output from the run of the bat file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers]

"ServerThread"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

"DisableConfig"=dword:00000001

"DisableSR"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]

Link to post
Share on other sites

You are welcome :rolleyes:

Please open up Notepad and copy all of the items in the code box below.

Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig"=-
"DisableSR"=-

Now double-click fixthis.reg.

A window will come up asking if you want to let it merge with the registry.

Click yes.

Reboot for the changes to take place and run fixthis.bat once more and post the output of that log after rebooting.

Link to post
Share on other sites

Hi!

Here's the output after I ran the .reg file, and rebooted and ran the .bat file. I did take care to delete the previous look.txt file before doing all this.

The output looks the same!

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers]

"ServerThread"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

"DisableConfig"=dword:00000001

"DisableSR"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]

Link to post
Share on other sites

Ok no worries we will get to the bottom of it in a minute.

Delete the first fixthis.reg that I had you create.

Then do the following:

Please open up Notepad and copy all of the items in the code box below.

Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

Now double-click fixthis.reg.

A window will come up asking if you want to let it merge with the registry.

Click yes.

Reboot for the changes to take place and Reboot for the changes to take place and run fixthis.bat once more and post the output of that log after rebooting.

Link to post
Share on other sites

Hi! Here's the output. I made sure I deleted the previous version of look.txt before running the bat file.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers]

"ServerThread"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

"DisableConfig"=dword:00000001

"DisableSR"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]

Link to post
Share on other sites

ok did you get any errors when it merged?

PLease do the following:

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    ahcix86s.sys

    nvrd32.sys

    symmpi.sys

    adp3132.sys

    mv61xx.sys

    /md5stop

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /lockedfiles

    %systemroot%\System32\config\*.sav


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

Hi! No, I didn't seem to get any errors.

Here's the output from OTL.txt

===============================================

OTL logfile created on: 3/31/2010 4:14:53 PM - Run 1

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\d111214\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 45.73 Gb Free Space | 61.37% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 200.01 Gb Total Space | 93.08 Gb Free Space | 46.54% Space Free | Partition Type: NTFS

Drive N: | 200.01 Gb Total Space | 93.08 Gb Free Space | 46.54% Space Free | Partition Type: NTFS

Drive P: | 74.52 Gb Total Space | 45.73 Gb Free Space | 61.37% Space Free | Partition Type: *NT5CSC

Computer Name: CNORDAM3000582

Current User Name: D111214

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\d111214\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)

PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)

PRC - c:\Program Files\Merlin\Merlin.exe (Kaiser Permanente)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)

PRC - C:\Program Files\Cisco\Cisco Secure Services Client\Cisco_SSCgui.exe ()

PRC - C:\Program Files\Cisco\Cisco Secure Services Client\Cisco_SSCservice.exe ()

PRC - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe (BigFix Inc.)

PRC - C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe (BigFix, Inc.)

PRC - C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe (Check Point Software Tech Ltd)

PRC - C:\WINNT\system32\Prot_srv.exe ()

PRC - C:\WINNT\system32\pstartSr.exe ()

PRC - C:\WINNT\system32\enstart.exe ()

PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

PRC - C:\WINNT\system32\snmp.exe (Microsoft Corporation)

PRC - C:\Program Files\Lotus\Notes\ntmulti.exe (IBM Corp)

PRC - C:\Program Files\Kaiser\VPN Client\vpngui.exe (Cisco Systems, Inc.)

PRC - C:\Program Files\Kaiser\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)

PRC - C:\Program Files\Merlin\MWIStats.exe (Kaiser Permanente Information Technology)

PRC - C:\WINNT\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe ()

PRC - C:\WINNT\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)

PRC - C:\Program Files\Citrix\ICA Client\ssonsvr.exe ()

PRC - C:\Program Files\Lotus\Sametime Client\Connect.exe (Lotus Development Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\d111214\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer)

MOD - C:\WINNT\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll (Microsoft Corporation)

MOD - C:\WINNT\system32\msvcp71.dll (Microsoft Corporation)

MOD - C:\WINNT\system32\msvcr71.dll (Microsoft Corporation)

MOD - C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Lotus\Sametime Client\autoaway.dll (IBM Rehovot)

========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)

SRV - (vvdsvc) -- C:\WINNT\system32\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)

SRV - (Merlin) -- c:\Program Files\Merlin\Merlin.exe (Kaiser Permanente)

SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)

SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)

SRV - (Cisco Secure Services Client) -- C:\Program Files\Cisco\Cisco Secure Services Client\Cisco_SSCservice.exe ()

SRV - (BESClient) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe (BigFix Inc.)

SRV - (Pointsec) -- C:\WINNT\system32\Prot_srv.exe ()

SRV - (Pointsec_start) -- C:\WINNT\system32\pstartSr.exe ()

SRV - (enstart) -- C:\WINNT\system32\enstart.exe ()

SRV - (SNMP) -- C:\WINNT\system32\snmp.exe (Microsoft Corporation)

SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (CVPND) -- C:\Program Files\Kaiser\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

SRV - (lcfd) -- C:\winnt\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe ()

SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)

SRV - (Radstgms) -- C:\Program Files\Novadigm\Radstgms.exe (Novadigm)

SRV - (radexecd) -- C:\Program Files\Novadigm\radexecd.exe (Novadigm)

SRV - (radsched) -- C:\Program Files\Novadigm\radsched.exe (Novadigm)

SRV - (OracleOraHome81ClientCache) -- C:\orant\Ora81\bin\ONRSD.EXE ()

========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINNT\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (CITMDRV) -- C:\WINNT\system32\drivers\CITMDRV.SYS ()

DRV - (enstart_) -- C:\WINNT\system32\enstart_.sys (Guidance Software Inc.)

DRV - (mfehidk) -- C:\WINNT\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\WINNT\system32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfeapfk) -- C:\WINNT\system32\drivers\mfeapfk.sys (McAfee, Inc.)

DRV - (mfetdik) -- C:\WINNT\system32\drivers\mfetdik.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\WINNT\system32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)

DRV - (NETw5x32) Intel® -- C:\WINNT\system32\drivers\NETw5x32.sys (Intel Corporation)

DRV - (CiscoSSD) -- C:\WINNT\system32\drivers\css_drv.sys (Cisco Systems, Inc.)

DRV - (prot_2k) -- C:\WINNT\system32\drivers\prot_2k.sys ()

DRV - (ADIHdAudAddService) -- C:\WINNT\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)

DRV - (iaStor) -- C:\WINNT\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (SynTP) -- C:\WINNT\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (HpqKbFiltr) -- C:\WINNT\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (ialm) -- C:\WINNT\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (NETw4x32) Intel® -- C:\WINNT\system32\drivers\NETw4x32.sys (Intel Corporation)

DRV - (HSF_DPV) -- C:\WINNT\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINNT\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINNT\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (e1express) Intel® -- C:\WINNT\system32\drivers\e1e5132.sys (Intel Corporation)

DRV - (HECI) Intel® -- C:\WINNT\system32\drivers\HECI.sys (Intel Corporation)

DRV - (IFXTPM) -- C:\WINNT\system32\drivers\ifxtpm.sys (Infineon Technologies AG)

DRV - (rimmptsk) -- C:\WINNT\system32\drivers\rimmptsk.sys (REDC)

DRV - (rismc32) -- C:\WINNT\system32\drivers\rismc32.sys (RICOH Company, Ltd.)

DRV - (Accelerometer) -- C:\WINNT\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)

DRV - (hpdskflt) -- C:\WINNT\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)

DRV - (HBtnKey) -- C:\WINNT\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

DRV - (CVPNDRVA) -- C:\WINNT\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)

DRV - (DNE) -- C:\WINNT\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)

DRV - (CVirtA) -- C:\WINNT\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)

DRV - (HDAudBus) -- C:\WINNT\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (drvnddm) -- C:\WINNT\system32\drivers\drvnddm.sys (Sonic Solutions)

DRV - (tfsnudfa) -- C:\WINNT\system32\dla\tfsnudfa.sys (Sonic Solutions)

DRV - (tfsnudf) -- C:\WINNT\system32\dla\tfsnudf.sys (Sonic Solutions)

DRV - (tfsnifs) -- C:\WINNT\system32\dla\tfsnifs.sys (Sonic Solutions)

DRV - (tfsncofs) -- C:\WINNT\system32\dla\tfsncofs.sys (Sonic Solutions)

DRV - (tfsnboio) -- C:\WINNT\system32\dla\tfsnboio.sys (Sonic Solutions)

DRV - (tfsnopio) -- C:\WINNT\system32\dla\tfsnopio.sys (Sonic Solutions)

DRV - (tfsnpool) -- C:\WINNT\system32\dla\tfsnpool.sys (Sonic Solutions)

DRV - (tfsndrct) -- C:\WINNT\system32\dla\tfsndrct.sys (Sonic Solutions)

DRV - (tfsndres) -- C:\WINNT\system32\dla\tfsndres.sys (Sonic Solutions)

DRV - (drvmcdb) -- C:\WINNT\system32\drivers\drvmcdb.sys (Sonic Solutions)

DRV - (ati2mtaa) -- C:\WINNT\system32\drivers\ati2mtaa.sys (ATI Technologies Inc.)

DRV - (sscdbhk5) -- C:\WINNT\system32\drivers\sscdbhk5.sys (Sonic Solutions)

DRV - (ssrtln) -- C:\WINNT\system32\drivers\ssrtln.sys (Sonic Solutions)

DRV - (AliIde) -- C:\WINNT\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINNT\system32\drivers\ac97intc.sys (Intel Corporation)

DRV - (EL90XBC) -- C:\WINNT\system32\drivers\el90xbc5.sys (3Com Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://kpnet.kp.org

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://www.microsoft.com/isapi/redir.dll?P...mp;Ar=ie5update

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINNT\system32\shdocvw.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.2

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/01/19 00:19:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/05 17:40:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/23 09:36:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/23 09:36:20 | 000,000,000 | ---D | M]

[2009/11/26 11:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\d111214\Application Data\Mozilla\Extensions

[2009/11/26 11:41:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\d111214\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/11/26 11:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\d111214\Application Data\Mozilla\Firefox\Profiles\8s2dsjt4.default\extensions

[2010/03/30 17:18:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/03/23 09:36:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/01/19 00:19:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010/03/23 09:36:14 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/03/23 09:36:14 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/01/23 02:04:10 | 000,028,472 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll

[2010/01/23 02:04:12 | 000,185,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll

[2010/01/23 02:04:16 | 000,099,208 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll

[2010/01/23 02:04:22 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll

[2010/01/19 00:19:12 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2009/11/13 17:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

[2010/03/23 09:36:16 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2010/03/05 17:40:49 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2009/12/04 10:14:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2009/12/04 10:14:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2009/12/04 10:14:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2009/12/04 10:14:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2009/12/04 10:14:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2009/12/04 10:14:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/03/05 17:41:00 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

[2010/03/05 17:40:46 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2010/03/15 23:08:48 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/03/15 23:08:48 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/03/15 23:08:49 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/03/15 23:08:49 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/03/15 23:08:49 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/03/15 23:08:49 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/03/15 23:08:49 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2001/08/23 05:00:00 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)

O4 - HKLM..\Run: [CiscoCSSCgui] C:\Program Files\Cisco\Cisco Secure Services Client\Cisco_SSCgui.exe ()

O4 - HKLM..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [MWIStats] C:\Program Files\Merlin\MWIStats.exe (Kaiser Permanente Information Technology)

O4 - HKLM..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe (Check Point Software Tech Ltd)

O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synchronization Manager] C:\WINNT\System32\mobsync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\d111214\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINNT\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINNT\Installer\{24C67B54-0718-445E-B663-3138D9246BD1}\Icon3E5562ED7.ico ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Important Notice:

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = This is a private enterprise computer system limited to business use. Access to and use of this system requires explicit and current authorization. All users expressly consent to monitoring by system personnel to detect improper access or use. If such monitoring reveals possible criminal activity or improper access or use,system personnel may provide evidence of such conduct to law enforcement officials and/or company management.

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: ""1 = appwiz.cpl (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: ""2 = hdwwiz.cpl (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: ""3 = sysdm.cpl (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: ""4 = telephon.cpl (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: ""5 = timedate.cpl (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: ""1 = freecell.exe

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: ""2 = winmine.exe

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: ""3 = pinball.exe

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: ""4 = sol.exe

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINNT\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINNT\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINNT\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINNT\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: kp.org ([*.appl] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([*.moss] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([cnbcapphosting.ca] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([cnprodapphosting.appl] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([cobcapphosting.co] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([coprodapphosting.appl] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([csbcapphosting.ca] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([csprodapphosting.appl] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([gabcapphosting.ga] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([gaprodapphosting.appl] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([hibcapphosting.hi] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([hiprodapphosting.appl] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([mabcapphosting.md] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([maprodapphosting.appl] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([metaframe] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([metaframeeast] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([metaframewest] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([nwbcapphosting.or] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([nwprodapphosting.appl] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([ohbcapphosting.oh] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([ohprodapphosting.appl] http in Trusted sites)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} http://cn067apps036:8080/qcbin/capicom.dll (Certificates Class)

O16 - DPF: {46CF8BCA-84A1-4437-847A-DC29496E01A5} http://10.233.49.167/iSite3_3.cab (ISiteNonVisual Control 3.3)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {A4E84B61-1174-4309-87F0-E795A64158CC} http://crdc-st01.kp.org/sametime/stmeeting...STJNILoader.cab (JNILoader Control)

O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.cric7.com/vjocx-en-black.cab (VodClient Control Class)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)

O16 - DPF: Sametime Meeting Room Client ST25PF1 http://crdc-st01.kp.org/sametime/stmeeting...gRoomClient.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ord.ca.kp.org.

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINNT\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINNT\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (fuveroge.dll) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINNT\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINNT\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINNT\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINNT\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINNT\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINNT\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\csscsso: DllName - csscsso.dll - C:\WINNT\System32\csscsso.dll (Cisco Systems Inc.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINNT\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\KPLogOn: DllName - KPLogOn.dll - C:\WINNT\System32\kplogon.dll (Kaiser Permanente Information Technology)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINNT\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINNT\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINNT\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINNT\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\d111214\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\d111214\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINNT\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINNT\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINNT\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINNT\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (TivoliAP) - C:\WINNT\System32\TivoliAP.dll (IBM Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINNT\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINNT\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINNT\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/03/12 11:33:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{4afa3ed3-d471-11de-b892-00215c99a7bf}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINNT\system32\ias [2008/03/12 11:32:33 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2099/01/01 12:00:00 | 000,000,000 | --SD | C] -- \\cnlenwdvc012\Home\My Shapes

[2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- \\cnlenwdvc012\Home\My Videos

[2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- \\cnlenwdvc012\Home\My Music

[2099/01/01 12:00:00 | 000,000,000 | -HSD | C] -- \\cnlenwdvc012\Home\RECYCLER

[2099/01/01 12:00:00 | 000,000,000 | -HSD | C] -- \\cnlenwdvc012\Home\NotesIniSync

[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\cnlenwdvc012\Home\Downloads

[2010/03/31 16:12:54 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\d111214\Desktop\OTL.exe

[2010/03/29 15:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\d111214\Application Data\Sonic

[2010/03/29 15:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\d111214\Application Data\Leadertech

[2010/03/13 05:54:18 | 000,000,000 | -H-D | C] -- C:\VJVod_Cache

[2010/03/13 05:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\nagasoft

[2010/03/12 09:03:11 | 000,000,000 | ---D | C] -- C:\WINNT\System32\nagasoft

[2010/03/12 08:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[2010/03/05 17:40:49 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINNT\System32\rmoc3260.dll

[2010/03/05 17:40:44 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINNT\System32\pndx5016.dll

[2010/03/05 17:40:44 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINNT\System32\pndx5032.dll

[2010/03/05 17:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

[2010/03/05 17:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real

[2010/03/05 17:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\d111214\Application Data\DivX

[2010/03/05 17:29:04 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:\WINNT\System32\pxafs.dll

[2010/03/05 17:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared

[2010/03/05 17:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2010/03/02 13:05:27 | 000,000,000 | ---D | C] -- C:\WINNT\System32\appmgmt

[2010/01/08 12:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2009/12/24 18:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2009/11/23 13:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Peregrine

[2009/11/13 10:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel

[2009/11/13 10:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel

[2009/11/13 09:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\WinBatch

[2008/03/12 11:38:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2008/03/12 11:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2008/03/12 11:38:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2008/03/12 11:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[3 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

[1 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/31 16:12:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\d111214\Desktop\OTL.exe

[2010/03/31 16:12:00 | 000,000,986 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-706699826-839522115-644577UA.job

[2010/03/31 15:00:01 | 000,000,288 | ---- | M] () -- C:\WINNT\tasks\bvrsfbjr.job

[2010/03/31 14:40:25 | 000,002,339 | ---- | M] () -- C:\Documents and Settings\d111214\Desktop\SameTime Connect.lnk

[2010/03/31 14:39:43 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\d111214\Desktop\VPN Client.lnk

[2010/03/31 14:31:00 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT

[2010/03/31 14:30:26 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat

[2010/03/31 14:29:08 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\d111214\ntuser.dat

[2010/03/31 14:29:08 | 000,000,448 | -HS- | M] () -- C:\Documents and Settings\d111214\ntuser.ini

[2010/03/31 14:27:54 | 004,841,784 | -H-- | M] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\IconCache.db

[2010/03/31 14:27:06 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\d111214\Desktop\fixthis.reg

[2010/03/31 13:32:51 | 000,000,482 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2010/03/31 12:12:31 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\d111214\Desktop\Google Chrome.lnk

[2010/03/31 10:26:26 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\d111214\Desktop\fixthis.bat

[2010/03/31 10:20:47 | 000,034,088 | ---- | M] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/03/31 10:18:20 | 000,167,504 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT

[2010/03/30 21:12:00 | 000,000,934 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-706699826-839522115-644577Core.job

[2010/03/30 20:36:21 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl

[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys

[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys

[2010/03/26 23:18:03 | 000,010,730 | -HS- | M] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\FWQQE

[2010/03/26 23:18:03 | 000,010,730 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\FWQQE

[2010/03/26 23:17:46 | 000,202,752 | -HS- | M] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\3294913573.dll

[2010/03/26 22:34:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\d111214\defogger_reenable

[2010/03/26 22:31:49 | 042,281,152 | ---- | M] () -- C:\Documents and Settings\d111214\Desktop\dfadsfkjnav.exe

[2010/03/26 09:58:50 | 000,000,040 | ---- | M] () -- C:\WINNT\wwwbatch.ini

[2010/03/25 17:21:01 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job

[2010/03/24 10:04:02 | 000,007,138 | RHS- | M] () -- C:\Documents and Settings\d111214\ntuser.pol

[2010/03/19 22:15:35 | 000,477,670 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI

[2010/03/19 22:15:35 | 000,406,896 | ---- | M] () -- C:\WINNT\System32\perfh009.dat

[2010/03/19 22:15:35 | 000,063,930 | ---- | M] () -- C:\WINNT\System32\perfc009.dat

[2010/03/11 12:55:30 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/05 17:40:49 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINNT\System32\rmoc3260.dll

[2010/03/05 17:40:44 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINNT\System32\pndx5016.dll

[2010/03/05 17:40:44 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINNT\System32\pndx5032.dll

[2010/03/05 17:29:08 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk

[3 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

[1 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINNT\System32\puyuyabu

[2010/03/31 14:26:57 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\d111214\Desktop\fixthis.reg

[2010/03/31 10:26:26 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\d111214\Desktop\fixthis.bat

[2010/03/26 22:34:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\d111214\defogger_reenable

[2010/03/26 22:30:14 | 042,281,152 | ---- | C] () -- C:\Documents and Settings\d111214\Desktop\dfadsfkjnav.exe

[2010/03/26 22:08:23 | 000,202,752 | -HS- | C] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\3294913573.dll

[2010/03/26 21:56:26 | 000,010,730 | -HS- | C] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\FWQQE

[2010/03/26 21:56:26 | 000,010,730 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\FWQQE

[2010/03/05 17:29:08 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk

[2010/01/23 23:08:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\FnF4.txt

[2010/01/08 00:36:15 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/18 17:48:17 | 000,000,044 | ---- | C] () -- C:\WINNT\SMWizard.INI

[2009/11/23 12:04:54 | 000,010,752 | ---- | C] () -- C:\WINNT\System32\drivers\CITMDRV.SYS

[2009/11/16 15:21:33 | 000,001,345 | ---- | C] () -- C:\WINNT\LMAAT2DD.ini

[2009/11/16 12:48:26 | 000,000,091 | ---- | C] () -- C:\WINNT\mercury.ini

[2009/11/13 12:59:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\QSwitch.txt

[2009/11/13 12:59:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\DSwitch.txt

[2009/11/13 12:59:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\AtStart.txt

[2009/11/13 12:58:39 | 000,000,040 | ---- | C] () -- C:\WINNT\wwwbatch.ini

[2009/11/13 12:19:06 | 000,151,552 | ---- | C] () -- C:\Program Files\UNWISE.EXE

[2009/11/13 12:19:06 | 000,000,796 | ---- | C] () -- C:\Program Files\INSTALL.LOG

[2009/11/13 12:14:20 | 000,000,218 | ---- | C] () -- C:\WINNT\oraodbc.ini

[2009/11/13 11:59:42 | 000,000,076 | ---- | C] () -- C:\WINNT\webica.ini

[2009/11/13 11:55:07 | 000,000,509 | ---- | C] () -- C:\WINNT\ODBC.INI

[2009/11/13 10:29:56 | 000,000,138 | ---- | C] () -- C:\WINNT\wininit.ini

[2009/11/13 10:28:39 | 000,204,800 | ---- | C] () -- C:\WINNT\System32\IVIresizeW7.dll

[2009/11/13 10:28:39 | 000,192,512 | ---- | C] () -- C:\WINNT\System32\IVIresizeP6.dll

[2009/11/13 10:28:39 | 000,188,416 | ---- | C] () -- C:\WINNT\System32\IVIresizePX.dll

[2009/11/13 10:28:37 | 000,200,704 | ---- | C] () -- C:\WINNT\System32\IVIresizeA6.dll

[2009/11/13 10:28:37 | 000,192,512 | ---- | C] () -- C:\WINNT\System32\IVIresizeM6.dll

[2009/11/13 10:28:37 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\IVIresize.dll

[2008/04/10 13:49:28 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini

[2008/03/12 12:33:55 | 000,000,280 | ---- | C] () -- C:\WINNT\System32\epoPGPsdk.dll.sig

[2008/03/12 12:24:33 | 000,000,231 | ---- | C] () -- C:\WINNT\multi.ini

[2008/03/12 10:09:30 | 000,004,096 | ---- | C] () -- C:\WINNT\cchmvmsg.dll

[2008/03/12 10:06:08 | 000,204,800 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4831.dll

[2008/03/12 10:06:07 | 000,910,304 | ---- | C] () -- C:\WINNT\System32\igmedkrn.dll

[2008/02/12 13:01:44 | 000,141,888 | ---- | C] () -- C:\WINNT\System32\NovPwd32.dll

[2008/02/12 13:00:38 | 000,220,096 | ---- | C] () -- C:\WINNT\System32\drivers\prot_2k.sys

[2005/11/04 11:21:48 | 000,197,672 | ---- | C] () -- C:\WINNT\System32\vpnapi.dll

[2005/11/04 11:21:24 | 000,189,480 | ---- | C] () -- C:\WINNT\System32\CSGina.dll

[2004/09/22 12:17:35 | 000,000,000 | ---- | C] () -- C:\WINNT\System32\px.ini

[2004/06/22 15:38:18 | 000,335,872 | ---- | C] () -- C:\WINNT\btnotes.dll

[2004/06/19 12:52:14 | 000,221,184 | ---- | C] () -- C:\WINNT\exDirectory.dll

[2004/06/19 12:49:08 | 000,073,728 | ---- | C] () -- C:\WINNT\BTAdmin.dll

[2004/06/19 12:49:06 | 000,102,400 | ---- | C] () -- C:\WINNT\BTProgressDialog.DLL

[2004/04/20 13:03:20 | 000,053,248 | ---- | C] () -- C:\WINNT\BTCMTHook.dll

[2003/06/02 21:47:48 | 000,020,480 | ---- | C] () -- C:\WINNT\BTisoTranslate.dll

[2003/06/02 17:45:34 | 000,045,056 | ---- | C] () -- C:\WINNT\btcheck.dll

[2003/06/02 17:45:32 | 000,040,960 | ---- | C] () -- C:\WINNT\btbreak.dll

[2001/05/31 12:18:28 | 000,262,202 | ---- | C] () -- C:\WINNT\btprog.dll

[2000/06/05 16:41:22 | 000,028,672 | ---- | C] () -- C:\WINNT\BTwwait.dll

[1998/12/30 12:15:56 | 000,009,216 | ---- | C] () -- C:\WINNT\libcomm.dll

========== LOP Check ==========

[2009/11/13 12:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BigFix

[2010/01/18 12:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco

[2010/02/11 15:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBMERS

[2009/11/13 12:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus

[2009/12/14 10:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Peregrine

[2009/11/17 02:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pointsec

[2009/12/03 13:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion

[2009/12/04 10:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010/02/11 15:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\d111214\Application Data\IBMERS

[2009/11/13 12:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\d111214\Application Data\ICAClient

[2010/03/29 15:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\d111214\Application Data\Leadertech

[2009/11/19 12:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\d111214\Application Data\Research In Motion

[2010/03/12 12:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\d111214\Application Data\webex

[2010/03/31 15:00:01 | 000,000,288 | ---- | M] () -- C:\WINNT\Tasks\bvrsfbjr.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:AGP440.sys

[2004/08/03 16:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >

[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\drivers\atapi.sys

[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\system32\dllcache\eventlog.dll

[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\system32\eventlog.dll

< MD5 for: IASTOR.SYS >

[2007/09/29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINNT\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >

[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINNT\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\system32\dllcache\netlogon.dll

[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\system32\netlogon.dll

< MD5 for: SCECLI.DLL >

[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\system32\dllcache\scecli.dll

[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[3 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2008/02/12 13:00:38 | 000,220,096 | ---- | M] () Unable to obtain MD5 -- C:\WINNT\system32\drivers\prot_2k.sys

< %systemroot%\System32\config\*.sav >

[2008/03/12 03:22:51 | 000,094,208 | ---- | M] () -- C:\WINNT\system32\config\default.sav

[2008/03/12 03:22:51 | 000,659,456 | ---- | M] () -- C:\WINNT\system32\config\software.sav

[2008/03/12 03:22:51 | 000,872,448 | ---- | M] () -- C:\WINNT\system32\config\system.sav

< End of report >

===============================================

Here's the output from Extras.txt

===============================================

OTL Extras logfile created on: 3/31/2010 4:14:54 PM - Run 1

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\d111214\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 45.73 Gb Free Space | 61.37% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 200.01 Gb Total Space | 93.08 Gb Free Space | 46.54% Space Free | Partition Type: NTFS

Drive N: | 200.01 Gb Total Space | 93.08 Gb Free Space | 46.54% Space Free | Partition Type: NTFS

Drive P: | 74.52 Gb Total Space | 45.73 Gb Free Space | 61.37% Space Free | Partition Type: *NT5CSC

Computer Name: CNORDAM3000582

Current User Name: D111214

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

"DisableUnicastResponsesToMulticastBroadcast" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01C33895-5229-497E-8568-46DED43D2D52}" = TechSmithScreenCaptureCodec 2.06

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0AF4C301-9A12-4452-BC65-8731488C711E}" = QuickTime 6.5.2

"{0D167CC5-D945-4993-A7B4-D2C2E480B07E}" = KPHCDowntime 3.0

"{0D2CD8E6-EEEE-45F0-B408-5A13463DC45A}" = FlashPlayer 9.0

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{1887F5EF-077F-4A15-BCD4-DEBC060CF729}" = RealPlayer 10

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{240DE964-ADF8-42C8-B184-4982D6811732}" = Office 2003SP1

"{24C67B54-0718-445E-B663-3138D9246BD1}" = Cisco Systems VPN Client 4.8.00.0440

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17

"{31B33270-24D7-4307-84F2-A3288636B83A}" = Pointsec PC

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise

"{3EB7DC55-2460-43ED-9CB8-E958FC01375D}" = JavaRuntimeEnvironment 1.5.0.02

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{408CCB7B-D842-4A33-B1D1-FE635131A251}" = Oracle 8.1.7r1

"{429E92A4-159F-4AEC-85A1-D693E1E4274D}" = HP 3D DriveGuard

"{43A2D442-1724-460C-9F1D-BD031D322AE5}" = NotesCMTDlls 1.66

"{4490609F-D56B-43D3-8A34-A6D9B0E901CF}" = RAP 2.0

"{51404B39-CDA3-43F8-ABB5-93B117013C34}" = MANUAL-BlackberryDesktopManager 4.7.0.32

"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel® PROSet/Wireless WiFi Software

"{55884ffc-aba3-45fc-88df-a04926b57457}" = iSiteEnterprise 3.6.70.0

"{57D602B4-0DCC-4FE0-8998-4E40A5E1625C}" = QualityCenter 10.4

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C853 Driver WXP Ver.1.01.05

"{60242F85-4389-420A-B4BE-9E46E4C060EE}" = Extra 7.11

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6F1D1F78-931A-464D-805F-CFD52C5B6903}" = SameTime 3.1

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8509076C-B975-46EC-A3F3-7FE4DFBA4BD4}" = WIRE-NotebookWorkstation 1.0

"{87DCCD84-2007-4177-A790-44B395ED07DD}" = JavaRuntimeEnvironment 1.5.0.09

"{897B0191-F68F-49E6-A183-5178D538E020}" = iSiteExtOCX 3.3.1.7

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{90150409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003

"{903A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003

"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)

"{90530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus

"{98FFBF1A-BD35-48D2-AFDA-23AAACB13E83}" = NAP 1.0

"{A036C558-67F0-402F-9B9F-86886082558E}" = RemedyWorkbench 5.0.1.027

"{A3DD4B4B-6696-44A8-84C4-BAC339EE7E5B}" = Cisco Secure Services Client

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{A9C3C3B8-5EB4-4655-9F12-06D807DBFBA4}" = 816093

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional

"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{B922E7CA-A873-4F92-85AA-042CB763F7AB}" = KPHCDowntime 1.0

"{BE452791-3EEC-4E27-B468-7001F0A92E68}" = TNSNAMES.ORA 14-Feb-2008

"{BF7023BC-319B-4FE1-B569-C854A19F81F8}" = BigFix Enterprise Client

"{BF755CD9-E185-498A-AAFB-E9F8470AB1CC}" = User Profile Hive Cleanup Service

"{C1E26EED-CC8B-4371-9CC7-AD8A5814B4B2}" = IE5 Registration

"{C374B00E-07C9-474F-8BD4-EB6066DF9F99}" = ICAClient 8.0r1

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D12CD09C-BFEE-4B6F-A7F7-054AEA2E369C}" = Network Recording Player

"{D5378D6A-BC17-4178-B748-3FA98FB3BEB4}" = iSiteOCX 3.3.1.7r1

"{D91EEFEB-965F-4975-9094-14808CC0D651}" = Windows Media Player 9 Series

"{E008BEB1-AB63-46C1-BD3D-08D3A1F8E26D}" = McAfee Agent

"{EE77D7A0-5F5E-458C-B632-3CF79DD02073}" = PasswordExpressNotesLaptops 1.3

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F2345F6A-25F8-46DB-AA4D-4937547970CB}" = Radia Client

"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes

"{F64A026A-0CF2-4C17-B3A1-652E58FC3FCD}" = EncaseServlet 5.05G

"{FA00A998-F2EF-4030-9CDA-773FAEED2870}" = Lotus Notes 6.5.5

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"ActiveTouchMeetingClient" = WebEx

"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.0 Professional

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1

"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpqZ3795" = Soft Data Fax Modem with SmartCP

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"HDMI" = Intel® Graphics Media Accelerator Driver

"HECI" = Intel® Management Engine Interface

"IE 6.01" = IE 6.01

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)

"Picasa 3" = Picasa 3

"ProInst" = Intel PROSet Wireless

"PROSet" = Intel® PRO Network Connections Drivers

"RealPlayer 12.0" = RealPlayer

"RealPlayer10 Delete .LNK files" = RealPlayer10 Delete .LNK files

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"WMV9APDMOE" = Windows Media Video 9 Advanced Profile Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 3/15/2010 10:46:25 PM | Computer Name = CNORDAM3000582 | Source = Userenv | ID = 1096

Description = Windows cannot access the registry policy file, \\cs.msds.kp.org\sysvol\cs.msds.kp.org\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol.

(Access is denied. ).

Error - 3/15/2010 10:46:25 PM | Computer Name = CNORDAM3000582 | Source = Userenv | ID = 1085

Description = The Group Policy client-side extension Scripts failed to execute.

Please look for any errors reported earlier by that extension.

Error - 3/16/2010 2:48:01 AM | Computer Name = CNORDAM3000582 | Source = UserInit | ID = 1000

Description = Could not execute the following script \\CNPTCCSDC004\netlogon\logoff\xdlogoff.vbs.

The network path was not found. .

Error - 3/16/2010 12:44:19 PM | Computer Name = CNORDAM3000582 | Source = Userenv | ID = 1020

Description = Windows cannot create registry key Software\Policies\Microsoft\SystemCertificates\ACRS\Certificates.

(Access is denied. ).

Error - 3/16/2010 12:44:19 PM | Computer Name = CNORDAM3000582 | Source = Userenv | ID = 1096

Description = Windows cannot access the registry policy file, \\cs.msds.kp.org\sysvol\cs.msds.kp.org\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol.

(Access is denied. ).

Error - 3/16/2010 12:44:19 PM | Computer Name = CNORDAM3000582 | Source = Userenv | ID = 1085

Description = The Group Policy client-side extension Scripts failed to execute.

Please look for any errors reported earlier by that extension.

Error - 3/16/2010 12:44:28 PM | Computer Name = CNORDAM3000582 | Source = Merlin - XML Machine Update | ID = 0

Description = Trapped Error: The underlying connection was closed: Unable to connect

to the remote server.

Error - 3/16/2010 12:45:53 PM | Computer Name = CNORDAM3000582 | Source = MWI MSI Wrapper | ID = 0

Description = Install Failed - Error =

Exit Code = 1601 : T

Error - 3/16/2010 12:45:53 PM | Computer Name = CNORDAM3000582 | Source = Merlin - SWDIST | ID = 0

Description = Error Installing pcAnywhereHost 12.5 Release 100000, Error Number

From MSI Wrapper = 1601

Error - 3/16/2010 1:46:26 PM | Computer Name = CNORDAM3000582 | Source = MWI MSI Wrapper | ID = 0

Description = Install Failed - Error =

Exit Code = 1601 : T

[ System Events ]

Error - 3/31/2010 1:18:45 PM | Computer Name = CNORDAM3000582 | Source = NETLOGON | ID = 5719

Description = No Domain Controller is available for domain CS due to the following:

%%1311. Make sure that the computer is connected to the network and try again. If

the problem persists, please contact your domain administrator.

Error - 3/31/2010 1:19:32 PM | Computer Name = CNORDAM3000582 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

Error - 3/31/2010 1:19:34 PM | Computer Name = CNORDAM3000582 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 15 minutes. NtpClient has no source of accurate

time.

Error - 3/31/2010 2:20:53 PM | Computer Name = CNORDAM3000582 | Source = DCOM | ID = 10010

Description = The server {000C101C-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 3/31/2010 2:49:47 PM | Computer Name = CNORDAM3000582 | Source = DCOM | ID = 10010

Description = The server {000C101C-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 3/31/2010 3:21:30 PM | Computer Name = CNORDAM3000582 | Source = DCOM | ID = 10010

Description = The server {000C101C-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 3/31/2010 4:22:13 PM | Computer Name = CNORDAM3000582 | Source = DCOM | ID = 10010

Description = The server {000C101C-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 3/31/2010 5:22:52 PM | Computer Name = CNORDAM3000582 | Source = DCOM | ID = 10010

Description = The server {000C101C-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 3/31/2010 5:31:01 PM | Computer Name = CNORDAM3000582 | Source = NETLOGON | ID = 5719

Description = No Domain Controller is available for domain CS due to the following:

%%1311. Make sure that the computer is connected to the network and try again. If

the problem persists, please contact your domain administrator.

Error - 3/31/2010 5:38:08 PM | Computer Name = CNORDAM3000582 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

< End of report >

===============================================

Link to post
Share on other sites

First, we need to backup your registry:

Please go to Start > Run

Paste in the following line:regedit /e c:\registrybackup.reg

Click OK.

It won't appear to be doing anything, that's normal.

Your mouse pointer may turn to an hour glass for a minute.

Please continue when it no longer has the hour glass.

===================================

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: ""1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: ""2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: ""3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: ""4
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: ""5
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: ""1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: ""2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: ""3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: ""4
    O33 - MountPoints2\{4afa3ed3-d471-11de-b892-00215c99a7bf}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE -- File not found
    [2010/03/31 15:00:01 | 000,000,288 | ---- | M] () -- C:\WINNT\tasks\bvrsfbjr.job
    [2010/03/26 23:18:03 | 000,010,730 | -HS- | M] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\FWQQE
    [2010/03/26 23:18:03 | 000,010,730 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\FWQQE
    [2010/03/26 23:17:46 | 000,202,752 | -HS- | M] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\3294913573.dll
    [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINNT\System32\puyuyabu

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
    "DisableConfig"=-
    "DisableSR"=-

    :commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

================

Once that is done run the bat file again and post the out put of it again and do the following as well.

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Link to post
Share on other sites

Hello,

Here's the log file after the reboot following OTL run. I will now execute the next steps in your instructions and post those as well.

===========================================

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDevMgrUpdate deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisallowCpl deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisallowRun deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl\\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl\\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl\\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl\\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl\\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4afa3ed3-d471-11de-b892-00215c99a7bf}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4afa3ed3-d471-11de-b892-00215c99a7bf}\ not found.

File G:\EXPLORER.EXE not found.

C:\WINNT\tasks\bvrsfbjr.job moved successfully.

C:\Documents and Settings\d111214\Local Settings\Application Data\FWQQE moved successfully.

C:\Documents and Settings\All Users\Application Data\FWQQE moved successfully.

C:\Documents and Settings\d111214\Local Settings\Application Data\3294913573.dll moved successfully.

C:\WINNT\system32\puyuyabu moved successfully.

========== REGISTRY ==========

Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\\DisableConfig scheduled to be deleted on reboot.

Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\\DisableSR scheduled to be deleted on reboot.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: B451810a

->Temp folder emptied: 231194 bytes

->Temporary Internet Files folder emptied: 1744182 bytes

->Flash cache emptied: 541 bytes

User: d111214

->Temp folder emptied: 122471400 bytes

->Temporary Internet Files folder emptied: 18107331 bytes

->Java cache emptied: 29830040 bytes

->FireFox cache emptied: 34296458 bytes

->Google Chrome cache emptied: 18679562 bytes

->Flash cache emptied: 1995919 bytes

User: Default User

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 735314 bytes

User: mwisvc-pointsec

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 695566 bytes

User: tempadmin

->Temp folder emptied: 17612 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 372 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 65709558 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 9449584 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35123 bytes

RecycleBin emptied: 814115931 bytes

Total Files Cleaned = 1,066.00 mb

OTL by OldTimer - Version 3.1.37.3 log created on 04022010_104423

Files\Folders moved on Reboot...

File\Folder C:\WINNT\temp\WFV43.tmp not found!

Registry entries deleted on Reboot...

Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\\DisableConfig scheduled to be deleted on reboot.

Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\\DisableSR scheduled to be deleted on reboot.

Link to post
Share on other sites

OK don't run the bat file or OTL for now let's do something else.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hi!

Here's the output file after the second OTL run.

OTL logfile created on: 4/2/2010 11:15:44 AM - Run 2

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\d111214\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 46.68 Gb Free Space | 62.64% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

Drive H: | 200.01 Gb Total Space | 92.81 Gb Free Space | 46.41% Space Free | Partition Type: NTFS

Drive I: | 200.01 Gb Total Space | 92.81 Gb Free Space | 46.41% Space Free | Partition Type: NTFS

Drive N: | 200.01 Gb Total Space | 92.81 Gb Free Space | 46.41% Space Free | Partition Type: NTFS

Drive P: | 1427.87 Gb Total Space | 7.22 Gb Free Space | 0.51% Space Free | Partition Type: NTFS

Computer Name: CNORDAM3000582

Current User Name: D111214

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Documents and Settings\d111214\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)

PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)

PRC - c:\Program Files\Merlin\Merlin.exe (Kaiser Permanente)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)

PRC - C:\Program Files\Cisco\Cisco Secure Services Client\Cisco_SSCgui.exe ()

PRC - C:\Program Files\Cisco\Cisco Secure Services Client\Cisco_SSCservice.exe ()

PRC - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe (BigFix Inc.)

PRC - C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe (BigFix, Inc.)

PRC - C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe (Check Point Software Tech Ltd)

PRC - C:\WINNT\system32\Prot_srv.exe ()

PRC - C:\WINNT\system32\pstartSr.exe ()

PRC - C:\WINNT\system32\enstart.exe ()

PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

PRC - C:\WINNT\system32\snmp.exe (Microsoft Corporation)

PRC - C:\Program Files\Lotus\Notes\ntmulti.exe (IBM Corp)

PRC - C:\Program Files\Kaiser\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)

PRC - C:\Program Files\Merlin\MWIStats.exe (Kaiser Permanente Information Technology)

PRC - C:\WINNT\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe ()

PRC - C:\WINNT\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)

PRC - C:\Program Files\Citrix\ICA Client\ssonsvr.exe ()

PRC - C:\Program Files\Lotus\Sametime Client\Connect.exe (Lotus Development Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\d111214\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer)

MOD - C:\WINNT\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll (Microsoft Corporation)

MOD - C:\WINNT\system32\msvcp71.dll (Microsoft Corporation)

MOD - C:\WINNT\system32\msvcr71.dll (Microsoft Corporation)

MOD - C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Lotus\Sametime Client\autoaway.dll (IBM Rehovot)

========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)

SRV - (vvdsvc) -- C:\WINNT\system32\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)

SRV - (Merlin) -- c:\Program Files\Merlin\Merlin.exe (Kaiser Permanente)

SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)

SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)

SRV - (Cisco Secure Services Client) -- C:\Program Files\Cisco\Cisco Secure Services Client\Cisco_SSCservice.exe ()

SRV - (BESClient) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe (BigFix Inc.)

SRV - (Pointsec) -- C:\WINNT\system32\Prot_srv.exe ()

SRV - (Pointsec_start) -- C:\WINNT\system32\pstartSr.exe ()

SRV - (enstart) -- C:\WINNT\system32\enstart.exe ()

SRV - (SNMP) -- C:\WINNT\system32\snmp.exe (Microsoft Corporation)

SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (CVPND) -- C:\Program Files\Kaiser\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

SRV - (lcfd) -- C:\winnt\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe ()

SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)

SRV - (Radstgms) -- C:\Program Files\Novadigm\Radstgms.exe (Novadigm)

SRV - (radexecd) -- C:\Program Files\Novadigm\radexecd.exe (Novadigm)

SRV - (radsched) -- C:\Program Files\Novadigm\radsched.exe (Novadigm)

SRV - (OracleOraHome81ClientCache) -- C:\orant\Ora81\bin\ONRSD.EXE ()

========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINNT\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (CITMDRV) -- C:\WINNT\system32\drivers\CITMDRV.SYS ()

DRV - (enstart_) -- C:\WINNT\system32\enstart_.sys (Guidance Software Inc.)

DRV - (mfehidk) -- C:\WINNT\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\WINNT\system32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfeapfk) -- C:\WINNT\system32\drivers\mfeapfk.sys (McAfee, Inc.)

DRV - (mfetdik) -- C:\WINNT\system32\drivers\mfetdik.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\WINNT\system32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)

DRV - (NETw5x32) Intel® -- C:\WINNT\system32\drivers\NETw5x32.sys (Intel Corporation)

DRV - (CiscoSSD) -- C:\WINNT\system32\drivers\css_drv.sys (Cisco Systems, Inc.)

DRV - (prot_2k) -- C:\WINNT\system32\drivers\prot_2k.sys ()

DRV - (ADIHdAudAddService) -- C:\WINNT\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)

DRV - (iaStor) -- C:\WINNT\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (SynTP) -- C:\WINNT\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (HpqKbFiltr) -- C:\WINNT\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (ialm) -- C:\WINNT\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (NETw4x32) Intel® -- C:\WINNT\system32\drivers\NETw4x32.sys (Intel Corporation)

DRV - (HSF_DPV) -- C:\WINNT\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINNT\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINNT\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (e1express) Intel® -- C:\WINNT\system32\drivers\e1e5132.sys (Intel Corporation)

DRV - (HECI) Intel® -- C:\WINNT\system32\drivers\HECI.sys (Intel Corporation)

DRV - (IFXTPM) -- C:\WINNT\system32\drivers\ifxtpm.sys (Infineon Technologies AG)

DRV - (rimmptsk) -- C:\WINNT\system32\drivers\rimmptsk.sys (REDC)

DRV - (rismc32) -- C:\WINNT\system32\drivers\rismc32.sys (RICOH Company, Ltd.)

DRV - (Accelerometer) -- C:\WINNT\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)

DRV - (hpdskflt) -- C:\WINNT\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)

DRV - (HBtnKey) -- C:\WINNT\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

DRV - (CVPNDRVA) -- C:\WINNT\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)

DRV - (DNE) -- C:\WINNT\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)

DRV - (CVirtA) -- C:\WINNT\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)

DRV - (HDAudBus) -- C:\WINNT\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (drvnddm) -- C:\WINNT\system32\drivers\drvnddm.sys (Sonic Solutions)

DRV - (tfsnudfa) -- C:\WINNT\system32\dla\tfsnudfa.sys (Sonic Solutions)

DRV - (tfsnudf) -- C:\WINNT\system32\dla\tfsnudf.sys (Sonic Solutions)

DRV - (tfsnifs) -- C:\WINNT\system32\dla\tfsnifs.sys (Sonic Solutions)

DRV - (tfsncofs) -- C:\WINNT\system32\dla\tfsncofs.sys (Sonic Solutions)

DRV - (tfsnboio) -- C:\WINNT\system32\dla\tfsnboio.sys (Sonic Solutions)

DRV - (tfsnopio) -- C:\WINNT\system32\dla\tfsnopio.sys (Sonic Solutions)

DRV - (tfsnpool) -- C:\WINNT\system32\dla\tfsnpool.sys (Sonic Solutions)

DRV - (tfsndrct) -- C:\WINNT\system32\dla\tfsndrct.sys (Sonic Solutions)

DRV - (tfsndres) -- C:\WINNT\system32\dla\tfsndres.sys (Sonic Solutions)

DRV - (drvmcdb) -- C:\WINNT\system32\drivers\drvmcdb.sys (Sonic Solutions)

DRV - (ati2mtaa) -- C:\WINNT\system32\drivers\ati2mtaa.sys (ATI Technologies Inc.)

DRV - (sscdbhk5) -- C:\WINNT\system32\drivers\sscdbhk5.sys (Sonic Solutions)

DRV - (ssrtln) -- C:\WINNT\system32\drivers\ssrtln.sys (Sonic Solutions)

DRV - (AliIde) -- C:\WINNT\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINNT\system32\drivers\ac97intc.sys (Intel Corporation)

DRV - (EL90XBC) -- C:\WINNT\system32\drivers\el90xbc5.sys (3Com Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://kpnet.kp.org

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://www.microsoft.com/isapi/redir.dll?P...mp;Ar=ie5update

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINNT\system32\shdocvw.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/01/19 00:19:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/05 17:40:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 10:17:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 10:17:19 | 000,000,000 | ---D | M]

[2009/11/26 11:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\d111214\Application Data\Mozilla\Extensions

[2009/11/26 11:41:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\d111214\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/11/26 11:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\d111214\Application Data\Mozilla\Firefox\Profiles\8s2dsjt4.default\extensions

[2010/04/02 10:14:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/04/02 10:17:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/01/19 00:19:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010/04/02 10:17:12 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/04/02 10:17:12 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/01/23 02:04:10 | 000,028,472 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll

[2010/01/23 02:04:12 | 000,185,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll

[2010/01/23 02:04:16 | 000,099,208 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll

[2010/01/23 02:04:22 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll

[2010/01/19 00:19:12 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2009/11/13 17:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

[2010/04/02 10:17:14 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2010/03/05 17:40:49 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2009/12/04 10:14:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2009/12/04 10:14:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2009/12/04 10:14:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2009/12/04 10:14:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2009/12/04 10:14:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2009/12/04 10:14:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/03/05 17:41:00 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

[2010/03/05 17:40:46 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2010/03/15 23:08:48 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/03/15 23:08:48 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/03/15 23:08:49 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/03/15 23:08:49 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/03/15 23:08:49 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/03/15 23:08:49 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/03/15 23:08:49 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2001/08/23 05:00:00 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)

O4 - HKLM..\Run: [CiscoCSSCgui] C:\Program Files\Cisco\Cisco Secure Services Client\Cisco_SSCgui.exe ()

O4 - HKLM..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [MWIStats] C:\Program Files\Merlin\MWIStats.exe (Kaiser Permanente Information Technology)

O4 - HKLM..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe (Check Point Software Tech Ltd)

O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synchronization Manager] C:\WINNT\System32\mobsync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\d111214\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKLM..\RunOnce: [OTL] C:\Documents and Settings\d111214\Desktop\OTL.exe (OldTimer Tools)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINNT\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINNT\Installer\{24C67B54-0718-445E-B663-3138D9246BD1}\Icon3E5562ED7.ico ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Important Notice:

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = This is a private enterprise computer system limited to business use. Access to and use of this system requires explicit and current authorization. All users expressly consent to monitoring by system personnel to detect improper access or use. If such monitoring reveals possible criminal activity or improper access or use,system personnel may provide evidence of such conduct to law enforcement officials and/or company management.

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: ""1 = appwiz.cpl (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: ""2 = hdwwiz.cpl (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: ""3 = sysdm.cpl (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: ""4 = telephon.cpl (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: ""5 = timedate.cpl (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: ""1 = freecell.exe

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: ""2 = winmine.exe

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: ""3 = pinball.exe

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: ""4 = sol.exe

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINNT\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINNT\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINNT\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINNT\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: kp.org ([*.appl] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([*.moss] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([cnbcapphosting.ca] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([cnprodapphosting.appl] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([cobcapphosting.co] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([coprodapphosting.appl] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([csbcapphosting.ca] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([csprodapphosting.appl] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([gabcapphosting.ga] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([gaprodapphosting.appl] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([hibcapphosting.hi] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([hiprodapphosting.appl] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([mabcapphosting.md] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([maprodapphosting.appl] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([metaframe] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([metaframeeast] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([metaframewest] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([nwbcapphosting.or] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([nwprodapphosting.appl] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([ohbcapphosting.oh] http in Trusted sites)

O15 - HKLM\..Trusted Domains: kp.org ([ohprodapphosting.appl] http in Trusted sites)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} http://cn067apps036:8080/qcbin/capicom.dll (Certificates Class)

O16 - DPF: {46CF8BCA-84A1-4437-847A-DC29496E01A5} http://10.233.49.167/iSite3_3.cab (ISiteNonVisual Control 3.3)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {A4E84B61-1174-4309-87F0-E795A64158CC} http://crdc-st01.kp.org/sametime/stmeeting...STJNILoader.cab (JNILoader Control)

O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.cric7.com/vjocx-en-black.cab (VodClient Control Class)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)

O16 - DPF: Sametime Meeting Room Client ST25PF1 http://crdc-st01.kp.org/sametime/stmeeting...gRoomClient.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.233.15.221 10.246.66.252

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ord.ca.kp.org.

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINNT\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINNT\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (fuveroge.dll) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINNT\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINNT\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINNT\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINNT\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINNT\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINNT\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\csscsso: DllName - csscsso.dll - C:\WINNT\System32\csscsso.dll (Cisco Systems Inc.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINNT\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\KPLogOn: DllName - KPLogOn.dll - C:\WINNT\System32\kplogon.dll (Kaiser Permanente Information Technology)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINNT\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINNT\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINNT\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINNT\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\d111214\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\d111214\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINNT\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINNT\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINNT\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINNT\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (TivoliAP) - C:\WINNT\System32\TivoliAP.dll (IBM Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINNT\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINNT\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINNT\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/03/12 11:33:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/02 10:44:23 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/03/31 16:12:54 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\d111214\Desktop\OTL.exe

[2010/03/29 15:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\d111214\Application Data\Sonic

[2010/03/29 15:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\d111214\Application Data\Leadertech

[2010/03/22 08:04:30 | 000,000,000 | -HSD | C] -- \\cnlenwdvc012\Home\NotesIniSync

[2010/03/13 05:54:18 | 000,000,000 | -H-D | C] -- C:\VJVod_Cache

[2010/03/13 05:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\nagasoft

[2010/03/12 09:03:11 | 000,000,000 | ---D | C] -- C:\WINNT\System32\nagasoft

[2010/03/12 08:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[2010/03/05 17:40:49 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINNT\System32\rmoc3260.dll

[2010/03/05 17:40:44 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINNT\System32\pndx5016.dll

[2010/03/05 17:40:44 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINNT\System32\pndx5032.dll

[2010/03/05 17:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

[2010/03/05 17:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real

[2010/03/05 17:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\d111214\Application Data\DivX

[2010/03/05 17:29:04 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:\WINNT\System32\pxafs.dll

[2010/03/05 17:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared

[2010/03/05 17:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2010/01/08 12:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2009/12/24 18:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2009/11/23 13:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Peregrine

[2009/11/13 10:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel

[2009/11/13 10:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel

[2009/11/13 09:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\WinBatch

[2008/03/12 11:38:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2008/03/12 11:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2008/03/12 11:38:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2008/03/12 11:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/04/02 11:12:00 | 000,000,986 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-706699826-839522115-644577UA.job

[2010/04/02 10:51:38 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk

[2010/04/02 10:51:38 | 000,002,339 | ---- | M] () -- C:\Documents and Settings\d111214\Desktop\SameTime Connect.lnk

[2010/04/02 10:51:35 | 000,034,088 | ---- | M] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/04/02 10:51:33 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

[2010/04/02 10:50:47 | 000,000,040 | ---- | M] () -- C:\WINNT\wwwbatch.ini

[2010/04/02 10:50:10 | 000,000,482 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2010/04/02 10:49:15 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT

[2010/04/02 10:48:43 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl

[2010/04/02 10:48:38 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat

[2010/04/02 10:48:29 | 000,167,504 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT

[2010/04/02 10:47:16 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\d111214\ntuser.dat

[2010/04/02 10:47:16 | 000,000,448 | -HS- | M] () -- C:\Documents and Settings\d111214\ntuser.ini

[2010/04/02 10:43:31 | 088,512,896 | ---- | M] () -- C:\registrybackup.reg

[2010/04/01 21:12:00 | 000,000,934 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-706699826-839522115-644577Core.job

[2010/04/01 17:21:00 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job

[2010/04/01 14:29:01 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\d111214\Desktop\Business Tasks to be added to Program Plan.xls

[2010/04/01 08:57:39 | 004,843,174 | -H-- | M] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\IconCache.db

[2010/03/31 16:12:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\d111214\Desktop\OTL.exe

[2010/03/31 14:39:43 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\d111214\Desktop\VPN Client.lnk

[2010/03/31 14:27:06 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\d111214\Desktop\fixthis.reg

[2010/03/31 12:12:31 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\d111214\Desktop\Google Chrome.lnk

[2010/03/31 10:26:26 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\d111214\Desktop\fixthis.bat

[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys

[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys

[2010/03/26 22:34:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\d111214\defogger_reenable

[2010/03/26 22:31:49 | 042,281,152 | ---- | M] () -- C:\Documents and Settings\d111214\Desktop\dfadsfkjnav.exe

[2010/03/24 10:04:02 | 000,007,138 | RHS- | M] () -- C:\Documents and Settings\d111214\ntuser.pol

[2010/03/19 22:15:35 | 000,477,670 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI

[2010/03/19 22:15:35 | 000,406,896 | ---- | M] () -- C:\WINNT\System32\perfh009.dat

[2010/03/19 22:15:35 | 000,063,930 | ---- | M] () -- C:\WINNT\System32\perfc009.dat

[2010/03/11 12:55:30 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/05 17:40:49 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINNT\System32\rmoc3260.dll

[2010/03/05 17:40:44 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINNT\System32\pndx5016.dll

[2010/03/05 17:40:44 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINNT\System32\pndx5032.dll

[2010/03/05 17:29:08 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk

========== Files Created - No Company Name ==========

[2010/04/02 10:43:06 | 088,512,896 | ---- | C] () -- C:\registrybackup.reg

[2010/03/31 22:11:13 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\d111214\Desktop\Business Tasks to be added to Program Plan.xls

[2010/03/31 14:26:57 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\d111214\Desktop\fixthis.reg

[2010/03/31 10:26:26 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\d111214\Desktop\fixthis.bat

[2010/03/26 22:34:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\d111214\defogger_reenable

[2010/03/26 22:30:14 | 042,281,152 | ---- | C] () -- C:\Documents and Settings\d111214\Desktop\dfadsfkjnav.exe

[2010/03/05 17:29:08 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk

[2010/01/23 23:08:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\FnF4.txt

[2010/01/08 00:36:15 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/18 17:48:17 | 000,000,044 | ---- | C] () -- C:\WINNT\SMWizard.INI

[2009/11/23 12:04:54 | 000,010,752 | ---- | C] () -- C:\WINNT\System32\drivers\CITMDRV.SYS

[2009/11/16 15:21:33 | 000,001,345 | ---- | C] () -- C:\WINNT\LMAAT2DD.ini

[2009/11/16 12:48:26 | 000,000,091 | ---- | C] () -- C:\WINNT\mercury.ini

[2009/11/13 12:59:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\QSwitch.txt

[2009/11/13 12:59:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\DSwitch.txt

[2009/11/13 12:59:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\d111214\Local Settings\Application Data\AtStart.txt

[2009/11/13 12:58:39 | 000,000,040 | ---- | C] () -- C:\WINNT\wwwbatch.ini

[2009/11/13 12:19:06 | 000,151,552 | ---- | C] () -- C:\Program Files\UNWISE.EXE

[2009/11/13 12:19:06 | 000,000,796 | ---- | C] () -- C:\Program Files\INSTALL.LOG

[2009/11/13 12:14:20 | 000,000,218 | ---- | C] () -- C:\WINNT\oraodbc.ini

[2009/11/13 11:59:42 | 000,000,076 | ---- | C] () -- C:\WINNT\webica.ini

[2009/11/13 11:55:07 | 000,000,509 | ---- | C] () -- C:\WINNT\ODBC.INI

[2009/11/13 10:29:56 | 000,000,138 | ---- | C] () -- C:\WINNT\wininit.ini

[2009/11/13 10:28:39 | 000,204,800 | ---- | C] () -- C:\WINNT\System32\IVIresizeW7.dll

[2009/11/13 10:28:39 | 000,192,512 | ---- | C] () -- C:\WINNT\System32\IVIresizeP6.dll

[2009/11/13 10:28:39 | 000,188,416 | ---- | C] () -- C:\WINNT\System32\IVIresizePX.dll

[2009/11/13 10:28:37 | 000,200,704 | ---- | C] () -- C:\WINNT\System32\IVIresizeA6.dll

[2009/11/13 10:28:37 | 000,192,512 | ---- | C] () -- C:\WINNT\System32\IVIresizeM6.dll

[2009/11/13 10:28:37 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\IVIresize.dll

[2008/04/10 13:49:28 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini

[2008/03/12 12:33:55 | 000,000,280 | ---- | C] () -- C:\WINNT\System32\epoPGPsdk.dll.sig

[2008/03/12 12:24:33 | 000,000,231 | ---- | C] () -- C:\WINNT\multi.ini

[2008/03/12 10:09:30 | 000,004,096 | ---- | C] () -- C:\WINNT\cchmvmsg.dll

[2008/03/12 10:06:08 | 000,204,800 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4831.dll

[2008/03/12 10:06:07 | 000,910,304 | ---- | C] () -- C:\WINNT\System32\igmedkrn.dll

[2008/02/12 13:01:44 | 000,141,888 | ---- | C] () -- C:\WINNT\System32\NovPwd32.dll

[2008/02/12 13:00:38 | 000,220,096 | ---- | C] () -- C:\WINNT\System32\drivers\prot_2k.sys

[2005/11/04 11:21:48 | 000,197,672 | ---- | C] () -- C:\WINNT\System32\vpnapi.dll

[2005/11/04 11:21:24 | 000,189,480 | ---- | C] () -- C:\WINNT\System32\CSGina.dll

[2004/09/22 12:17:35 | 000,000,000 | ---- | C] () -- C:\WINNT\System32\px.ini

[2004/06/22 15:38:18 | 000,335,872 | ---- | C] () -- C:\WINNT\btnotes.dll

[2004/06/19 12:52:14 | 000,221,184 | ---- | C] () -- C:\WINNT\exDirectory.dll

[2004/06/19 12:49:08 | 000,073,728 | ---- | C] () -- C:\WINNT\BTAdmin.dll

[2004/06/19 12:49:06 | 000,102,400 | ---- | C] () -- C:\WINNT\BTProgressDialog.DLL

[2004/04/20 13:03:20 | 000,053,248 | ---- | C] () -- C:\WINNT\BTCMTHook.dll

[2003/06/02 21:47:48 | 000,020,480 | ---- | C] () -- C:\WINNT\BTisoTranslate.dll

[2003/06/02 17:45:34 | 000,045,056 | ---- | C] () -- C:\WINNT\btcheck.dll

[2003/06/02 17:45:32 | 000,040,960 | ---- | C] () -- C:\WINNT\btbreak.dll

[2001/05/31 12:18:28 | 000,262,202 | ---- | C] () -- C:\WINNT\btprog.dll

[2000/06/05 16:41:22 | 000,028,672 | ---- | C] () -- C:\WINNT\BTwwait.dll

[1998/12/30 12:15:56 | 000,009,216 | ---- | C] () -- C:\WINNT\libcomm.dll

< End of report >

Link to post
Share on other sites

Hi!

Here's the Combix.txt attachment. I also could NOT disable my antivirus since I don't have the authority to. I kept getting some errors when downloading but finally managed to save Combofix and then run. Let me know if you would like me to attach that error message as well. I saved the screen shot. Something about Artemis.

Combofix.txt

Link to post
Share on other sites

Hi!

the admins will not disable it, because it will mean I am seeking tech support from outside of my company and will be against the policies.

I ran MBAM today after 5 days. It does show the error still. Are you indicating that without the disabling of the antivirus, Combofix will not run/do what it's supposed to? Here's the artemis error screenshot I am getting (see attachment). Thanks!

Link to post
Share on other sites

Hi no I didn't mean your antivirus meant the registry restrictions that are set to disable system restore that must have been set by the administrators and we can do nothing from your account to get rid of it.

What error are you referring to is the the same detection that you are talking about by mbam because that is what mbam is detecting is the registry disable of system restore.

There is not an attachment that i can see.

Link to post
Share on other sites

Hi!

I am sorry you didn't see the attachment. The forum log showed that the attachment had been uploaded. I deleted the file after uploading so now I don't have it.

What do you suggest as the next step? Should I just live with it since I cannot enable system restore? Thanks!

Link to post
Share on other sites

Well pretty much you will have too lol.

It really isn't much of a big deal just won't be able to do a system restore should something go wrong.

Either way they more than likely have an image of the system to simply restore it back if needed.

Otherwise anything else wrong with the system?

How is it running?

Link to post
Share on other sites

It's running just fine! No other problems. I have also stayed away from those sites which I think got me the virus problem I reported earlier.

I do see the system giving me an error that says I have booted in safe mode, and it does not let me uninstall stuff like iTunes or QuickTime. I know I am booting normally. Oh well!

Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.