Windows Server 2003 - login issues, can't access windows update si

PS - for whatever reason, OTL did not generate the Extras.txt file.

Running GMER in safe mode but I can't click on "Save..." because the window resolution is too low and there's no vertical scroll bar to uncover the button. Can't tab to the button, tab only toggles between OK and Cancel. I was just barely able to click on "Scan" button.

Let GMER take up 99% CPU for 30 minutes in safe mode. Killed it from task manager since there was no way to save anything anyway. How long should it take? Is there any other way to save the log? (If I can get it to finish)
Any help would be appreciated.

Hello toddalmond,

Welcome to Geekstogo.

Please run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O4 - HKCU..\Run: [] File not found
  O33 - MountPoints2\##itmnb-023#d\Shell - "" = AutoRun
  O33 - MountPoints2\##itmnb-023#d\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\##itmnb-023#d\Shell\AutoRun\command - "" = Z:\autorun.exe -- File not found
  
  :Services
  IISADMIN
  
  :Files
  C:\WINDOWS\system32\inetsrv\inetinfo.exe
  
  :Commands
  [emptytemp]
  [resethosts]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• It will produce a log for you on reboot, please post that log in your next reply.

Next

• Close all windows and open OTL again.
• under the Extra Registry check the Use Safe List box
• Click Run Scan and let the program run uninterrupted
• It will produce two logs for you - OTL.txt and Extras.txt
  Post the logs here.

So when you return please post

• OTL fix log
• OTL scan logs - OTL.txt and Extras.txt

bear with me - I'm currently on vacation, be back sometime next week.

No problem I will keep the topic open at least until then.

Oops.

Edited by emeraldnzl, 07 June 2010 - 06:57 PM.
wrong forum

OTL fix log...

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##itmnb-023#d\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##itmnb-023#d\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##itmnb-023#d\ not found.
File Z:\autorun.exe not found.
========== SERVICES/DRIVERS ==========
Error: Unable to stop service IISADMIN!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IISADMIN deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\inetsrv\inetinfo.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator.IONALTD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1945820 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: blumley
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: bstcyr
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: civory
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: cobrien
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ctx_cpsvcuser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 40456 bytes
->Flash cache emptied: 0 bytes

User: fhoffman
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: itsupport
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jdickhaut
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: krand
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: lforrest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mrees
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: sabdelrahman
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: talmond
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 78010 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.37.1 log created on 06072010_172318

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\LocalService\Local Settings\Temp\hsperfdata_LOCAL SERVICE\1620 not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\JETC1A0.tmp not found!
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...


*******************
OTL.txt scan log...

OTL logfile created on: 6/7/2010 5:32:31 PM - Run 4
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Administrator.IONALTD\Desktop
Windows Server 2003 Server 2003 R2 Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.67 Gb Total Space | 38.52 Gb Free Space | 56.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IONA-CTX
Current User Name: administrator
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/01 09:01:44 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/01 09:01:44 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/01 09:01:44 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/01 09:01:42 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/01 09:01:42 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/29 15:24:54 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/03/29 15:24:52 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/03/15 13:00:51 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.IONALTD\Desktop\OTL.exe
PRC - [2010/03/10 14:22:21 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/03/10 14:22:21 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/01 16:31:35 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/10/01 16:31:29 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/04/17 21:42:56 | 000,428,592 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
PRC - [2009/04/05 09:41:12 | 000,122,880 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\System32\Citrix\Ima\ImaSrv.exe
PRC - [2009/04/05 09:07:48 | 000,320,832 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
PRC - [2009/04/04 21:31:14 | 000,020,480 | ---- | M] (Citrix Systems, Inc) -- C:\Program Files\Citrix\HealthMon\HCAService.exe
PRC - [2009/04/04 21:15:14 | 000,102,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\System32\wfshell.exe
PRC - [2009/04/04 21:15:08 | 000,036,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\System32\ctxactivesync.exe
PRC - [2009/04/04 21:11:10 | 000,031,744 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\System32\ctxxmlss.exe
PRC - [2009/04/04 21:09:14 | 000,172,032 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\System32\encsvc.exe
PRC - [2009/04/04 21:04:06 | 000,360,448 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\System32\CpSvc.exe
PRC - [2009/04/04 21:02:10 | 000,421,888 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\System32\mfcom.exe
PRC - [2009/04/03 18:01:56 | 000,147,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
PRC - [2009/03/17 18:59:08 | 001,836,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Licensing\LicWMI\Citrix_GTLicensingProv.exe
PRC - [2009/03/17 18:58:58 | 000,033,112 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Licensing\LS\CtxLSPortSvc.exe
PRC - [2009/03/16 08:23:36 | 000,057,344 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Citrix\Licensing\LMC\Tomcat\bin\tomcat6.exe
PRC - [2009/03/06 14:39:18 | 001,500,424 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Citrix\Licensing\LS\lmgrd.exe
PRC - [2009/03/06 14:39:00 | 001,631,568 | ---- | M] (Citrix Systems, Inc) -- C:\Program Files\Citrix\Licensing\LS\CITRIX.exe
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/07/24 18:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/07/24 18:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/01/10 13:03:10 | 001,081,344 | ---- | M] (Accubid Systems) -- C:\Program Files\Accubid\Accubid Security\SecurityService2.exe
PRC - [2007/03/08 11:38:06 | 000,015,872 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\XTE\bin\XTE.exe
PRC - [2007/03/08 11:37:26 | 000,032,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2007/02/17 08:03:56 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007/02/17 08:03:43 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lserver.exe
PRC - [2007/02/17 08:03:39 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe


========== Modules (SafeList) ==========

MOD - [2010/03/15 13:00:51 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.IONALTD\Desktop\OTL.exe
MOD - [2009/04/05 09:52:58 | 000,938,120 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\System32\twnhook.dll
MOD - [2009/04/04 21:55:54 | 000,019,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\System32\tzhook.dll
MOD - [2009/04/04 21:55:54 | 000,010,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\System32\wdmaudhook.dll
MOD - [2009/04/04 21:55:52 | 000,122,880 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\System32\scardhook.dll
MOD - [2009/04/04 21:55:52 | 000,069,632 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\System32\mmhook.dll
MOD - [2009/04/01 17:30:14 | 000,251,208 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\System32\mfaphook.dll
MOD - [2009/03/31 15:03:38 | 000,496,968 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\System32\CtxSbxHook.DLL
MOD - [2007/03/08 11:37:58 | 000,008,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\System32\cxinjime.dll
MOD - [2007/02/18 00:26:08 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll
MOD - [2007/02/17 08:03:20 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2007/02/17 08:03:15 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tsappcmp.dll
MOD - [2006/07/11 19:35:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - File not found [On_Demand | Running] -- -- (CitrixXTEServer)
SRV - [2010/03/29 15:24:54 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/10 14:22:21 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/05 14:58:12 | 000,738,120 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe -- (BackupExecAgentAccelerator)
SRV - [2009/10/01 16:31:35 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/04/17 21:42:56 | 000,428,592 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe -- (vmware-converter-agent)
SRV - [2009/04/05 09:42:18 | 000,160,016 | ---- | M] (Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\Server Resource Management\CPU Utilization Management\bin\ctxcpusched.exe -- (ctxcpuSched)
SRV - [2009/04/05 09:42:08 | 000,053,520 | ---- | M] (Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\Server Resource Management\CPU Utilization Management\bin\ctxcpubal.exe -- (CTXCPUBal)
SRV - [2009/04/05 09:41:12 | 000,122,880 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\System32\Citrix\Ima\ImaSrv.exe -- (IMAService)
SRV - [2009/04/05 09:07:48 | 000,320,832 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe -- (CdfSvc)
SRV - [2009/04/04 21:31:14 | 000,020,480 | ---- | M] (Citrix Systems, Inc) [Auto | Running] -- C:\Program Files\Citrix\HealthMon\HCAService.exe -- (CitrixHealthMon)
SRV - [2009/04/04 21:26:40 | 000,139,264 | ---- | M] (Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\Server Resource Management\Memory Optimization Management\Program\CtxSFOSvc.exe -- (Citrix Virtual Memory Optimization)
SRV - [2009/04/04 21:15:08 | 000,036,864 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\System32\CtxActiveSync.exe -- (CtxActiveSync)
SRV - [2009/04/04 21:11:10 | 000,031,744 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\System32\ctxxmlss.exe -- (CtxHttp)
SRV - [2009/04/04 21:09:14 | 000,172,032 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\system32\encsvc.exe -- (Citrix Encryption Service)
SRV - [2009/04/04 21:04:56 | 000,061,440 | ---- | M] (Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Citrix\System32\cdmsvc.exe -- (CdmService)
SRV - [2009/04/04 21:04:06 | 000,360,448 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\system32\CpSvc.exe -- (cpsvc)
SRV - [2009/04/04 21:02:10 | 000,421,888 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\System32\mfcom.exe -- (MFCom)
SRV - [2009/04/03 18:01:56 | 000,147,456 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe -- (IMAAdvanceSrv)
SRV - [2009/03/17 18:59:08 | 001,836,400 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\Licensing\LicWMI\Citrix_GTLicensingProv.exe -- (Citrix_GTLicensingProv)
SRV - [2009/03/17 18:58:58 | 000,033,112 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\Licensing\LS\CtxLSPortSvc.exe -- (CtxLSPortSvc)
SRV - [2009/03/16 08:23:36 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Citrix\Licensing\LMC\Tomcat\bin\tomcat6.exe -- (CTXLMC)
SRV - [2009/03/06 14:39:18 | 001,500,424 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files\Citrix\Licensing\LS\lmgrd.exe -- (CitrixLicensing)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008/11/24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$CITRIX_METAFRAME) SQL Server (CITRIX_METAFRAME)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/08/20 23:23:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/01 09:31:11 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/08/01 09:31:01 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/07/24 18:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/01/10 13:03:10 | 001,081,344 | ---- | M] (Accubid Systems) [Auto | Running] -- C:\Program Files\Accubid\Accubid Security\SecurityService2.exe -- (AccubidSecurityServer2)
SRV - [2007/03/08 11:37:44 | 000,032,768 | ---- | M] (Citrix Systems Inc.) [Auto | Stopped] -- C:\Program Files\Citrix\Sma\SmaService.exe -- (Citrix SMA Service)
SRV - [2007/02/17 08:04:02 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/17 08:03:58 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/17 08:03:53 | 000,792,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/17 08:03:43 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lserver.exe -- (TermServLicensing)
SRV - [2007/02/17 08:03:43 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/17 08:03:42 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/17 08:03:35 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007/02/17 08:02:54 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2005/03/25 06:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2005/03/25 06:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)


========== Driver Services (SafeList) ==========

DRV - [2010/06/01 09:01:44 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/01 09:01:44 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/03/10 14:22:42 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/03/10 14:22:34 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/01 16:31:30 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/06/15 11:46:24 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2009/05/28 11:32:42 | 000,026,112 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dcdbas32.sys -- (dcdbas)
DRV - [2009/04/17 21:42:58 | 000,027,312 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bmdrvr.sys -- (bmdrvr)
DRV - [2009/04/17 21:42:48 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys -- (vstor2-mntapi10)
DRV - [2009/04/05 09:52:58 | 000,301,008 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdica.sys -- (WDICA)
DRV - [2009/04/05 09:52:58 | 000,021,720 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdcrypt1.sys -- (pdcrypt1)
DRV - [2009/04/05 09:52:58 | 000,019,416 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\icareduc.sys -- (icareduc)
DRV - [2009/04/05 09:52:58 | 000,018,648 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdrframe.sys -- (PDRFRAME)
DRV - [2009/04/05 09:52:58 | 000,009,680 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\icacdd.sys -- (IcaCDD)
DRV - [2009/04/05 09:52:56 | 000,032,216 | ---- | M] (Citrix Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ctxrmpn.sys -- (CtxRMPN)
DRV - [2009/04/05 09:52:56 | 000,016,728 | ---- | M] (Citrix Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ctxsmcdrv.sys -- (ctxsmcdrv)
DRV - [2009/04/05 09:49:08 | 000,186,832 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdcrypt2.sys -- (pdcrypt2)
DRV - [2009/04/05 09:48:22 | 000,061,520 | ---- | M] (Citrix Systems, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ctxaltstr.sys -- (ctxaltstr)
DRV - [2009/04/05 09:48:16 | 000,379,592 | ---- | M] (Citrix Systems, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\cdm.sys -- (Cdm)
DRV - [2009/04/05 09:07:46 | 000,027,672 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdfdrv.sys -- (cdfdrv)
DRV - [2009/03/31 15:04:06 | 000,186,912 | ---- | M] (Citrix Systems, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\CtxSbx.sys -- (CtxSbx)
DRV - [2009/03/31 15:03:52 | 000,022,816 | ---- | M] (Citrix Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ctxpidmn.sys -- (ctxpidmn)
DRV - [2009/02/10 13:10:04 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/07/24 18:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/15 17:57:46 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2008/05/08 07:27:43 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2007/03/08 11:37:58 | 000,017,672 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdcomp.sys -- (PDCOMP)
DRV - [2007/02/20 12:01:04 | 000,375,296 | R--- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007/02/17 00:29:40 | 000,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/17 00:07:34 | 000,009,216 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2007/02/17 00:02:56 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk)
DRV - [2007/02/16 23:51:18 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2006/12/22 10:23:34 | 000,050,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bxnd52x.sys -- (l2nd)
DRV - [2006/12/22 10:14:02 | 000,033,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bxdiagx.sys -- (b06diag)
DRV - [2006/12/15 11:53:00 | 000,021,504 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\percsas.sys -- (percsas)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/11/22 10:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2006/11/22 10:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2006/04/06 04:03:54 | 001,431,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/24 19:26:12 | 000,029,184 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2005/03/24 19:25:38 | 000,049,664 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (symmpi)
DRV - [2005/03/24 19:25:36 | 000,028,160 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2005/03/24 19:14:50 | 000,026,624 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2005/03/24 19:14:50 | 000,024,064 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2005/03/24 19:12:56 | 000,708,608 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2005/03/24 19:07:54 | 000,036,352 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2005/03/24 19:07:24 | 000,024,064 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2005/03/24 19:06:56 | 000,113,664 | ---- | M] (Emulex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\lp6nds35.sys -- (lp6nds35)
DRV - [2005/03/24 19:05:10 | 000,027,648 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ipsraidn.sys -- (ipsraidn)
DRV - [2005/03/24 19:05:04 | 000,031,744 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2005/03/24 19:04:26 | 000,023,552 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\hpcisss.sys -- (hpcisss)
DRV - [2005/03/24 19:00:52 | 000,024,064 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys -- (dpti2o)
DRV - [2005/03/24 18:58:22 | 000,018,432 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cpqcissm.sys -- (cpqcissm)
DRV - [2005/03/24 18:55:32 | 000,343,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad)
DRV - [2005/03/24 18:55:30 | 000,043,520 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\arc.sys -- (arc)
DRV - [2005/03/24 18:55:26 | 000,134,144 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2003/03/25 00:13:08 | 000,022,016 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dellcerc.sys -- (dellcerc)
DRV - [2003/03/25 00:13:08 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2003/03/25 00:13:06 | 000,069,632 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cpqfcalm.sys -- (cpqfcalm)
DRV - [2003/03/25 00:13:04 | 000,015,360 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cpqarry2.sys -- (cpqarry2)
DRV - [2003/03/25 00:05:22 | 000,221,696 | ---- | M] (Agilent Technologies) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\afcnt.sys -- (afcnt)
DRV - [2003/03/25 00:05:16 | 000,039,424 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2003/03/25 00:05:14 | 000,048,640 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2003/03/25 00:05:14 | 000,041,472 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2003/03/25 00:05:12 | 000,154,624 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql2200.sys -- (ql2200)
DRV - [2003/03/25 00:05:12 | 000,130,560 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql2100.sys -- (ql2100)
DRV - [2003/03/25 00:05:12 | 000,050,688 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2003/03/25 00:05:08 | 000,054,272 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2003/03/25 00:05:00 | 000,016,384 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cpqarray.sys -- (Cpqarray)
DRV - [2003/03/25 00:04:50 | 000,007,168 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/06/07 17:24:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains: microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.ma...are/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.6.cab (DLM Control)
O16 - DPF: {5685BC20-FBE6-11D2-885F-00A0243C2C64} https://pay.adp.ca/p...SpectrumRDC.cab (iVantage Remote Data Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1268370207709 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1235971580964 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1235971561415 (MUWebControl Class)
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} https://pay.adp.ca/p...mmon/iemenu.cab (PopupMenu Object)
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} https://ar.adp.ca/pa...mon/arview2.cab (ActiveReports Viewer2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {A7A61128-0EAA-11D1-B22F-0000C08C00C4} https://pay.adp.ca/p...on/Ssdw3b32.cab (SSDBCombo Control 3.1 - A)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://accubid.webe...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ionaltd.local
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (mfaphook.dll) - C:\Program Files\Citrix\system32\mfaphook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\system32\ctxgina.dll) - C:\WINDOWS\system32\ctxgina.dll (Citrix Systems, Inc.)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\MetaFrame: DllName - ctxnotif.dll - C:\Program Files\Citrix\system32\ctxnotif.dll (Citrix Systems, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O30 - LSA: Security Packages - (ctxauth) - C:\WINDOWS\System32\ctxauth.dll (Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/02 18:00:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/07 17:00:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/10 14:18:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/10 14:18:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/10 14:18:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/10 14:18:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/06/07 17:31:26 | 000,778,110 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/07 17:31:26 | 000,625,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/07 17:31:26 | 000,136,082 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/07 17:29:03 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Administrator.IONALTD\NTUSER.DAT
[2010/06/07 17:29:03 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.IONALTD\ntuser.ini
[2010/06/07 17:27:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/07 17:24:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/06/07 17:11:38 | 004,294,886 | -H-- | M] () -- C:\Documents and Settings\Administrator.IONALTD\Local Settings\Application Data\IconCache.db
[2010/06/07 16:33:25 | 060,811,867 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/03 17:36:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/01 09:01:44 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/01 09:01:44 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/16 23:04:56 | 000,000,462 | RHS- | M] () -- C:\Documents and Settings\Administrator.IONALTD\ntuser.pol

========== Files Created - No Company Name ==========

[2009/11/23 14:10:59 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS47.DLL
[2009/10/02 11:25:55 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\eST3snm.dll
[2009/10/02 11:22:30 | 000,423,936 | ---- | C] () -- C:\WINDOWS\System32\eST3snm6.dll
[2009/07/08 00:00:44 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcesmwdm.sys
[2009/07/07 16:43:03 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\BiosMsg.dll
[2009/06/25 16:27:33 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Administrator.IONALTD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/04 22:27:20 | 000,004,592 | ---- | C] () -- C:\Program Files\Common Files\radecom.tlb
[2008/11/16 04:29:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\OutAboutOutlook.INI
[2008/09/10 14:49:40 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\HPPCPR01.DLL
[2008/08/15 13:01:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2008/07/15 17:57:46 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2008/06/07 18:05:15 | 000,561,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/06/07 16:32:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AISAWFileMap.dll
[2008/05/08 15:57:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2008/05/08 14:11:29 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\eSTsnmp6.dll
[2008/05/08 13:23:47 | 000,018,560 | ---- | C] () -- C:\WINDOWS\System32\HPZuci12.dll
[2008/05/08 10:06:14 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sugg1l3.dll
[2008/05/06 12:02:03 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Administrator.IONALTD\Local Settings\Application Data\fusioncache.dat
[2008/01/16 15:17:10 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\VSHP2600.DLL
[2008/01/16 15:17:05 | 011,194,368 | ---- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL
[2008/01/16 15:16:57 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\AGISSI.DLL
[2007/10/02 13:56:38 | 000,002,296 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/09/25 10:21:51 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2007/09/13 14:28:21 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\eSTsnmp.dll
[2007/08/30 17:53:22 | 000,000,245 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/30 14:53:56 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/08/30 14:53:56 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/08/30 14:53:56 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/08/17 23:31:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/17 23:12:10 | 000,000,439 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/08/06 11:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/18 00:00:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/12 12:14:56 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\haspds_msi.dll
[2006/08/21 15:45:40 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dll
[2005/05/02 17:46:18 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2005/05/02 17:46:12 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2005/05/02 17:46:12 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2005/05/02 17:46:12 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2005/05/02 17:46:00 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2005/05/02 17:45:58 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
< End of report >


**********************
extras.txt scan log...

OTL Extras logfile created on: 6/7/2010 5:32:31 PM - Run 4
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Administrator.IONALTD\Desktop
Windows Server 2003 Server 2003 R2 Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.67 Gb Total Space | 38.52 Gb Free Space | 56.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IONA-CTX
Current User Name: administrator
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Citrix\system32\iexplore.exe (Citrix Systems, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" /n /dde File not found
htmlfile [open] -- "C:\Program Files\Citrix\system32\iexplore.exe" "%1" (Citrix Systems, Inc.)
htmlfile [opennew] -- "C:\Program Files\Citrix\system32\iexplore.exe" "%1" (Citrix Systems, Inc.)
http [open] -- "C:\Program Files\Citrix\system32\iexplore.exe" "%1" (Citrix Systems, Inc.)
https [open] -- "C:\Program Files\Citrix\system32\iexplore.exe" "%1" (Citrix Systems, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9089:TCP" = 9089:TCP:*:Enabled:VMware vCenter Converter Standalone Agent - Agent

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe" = C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe:*:Enabled:Backup Exec Remote Agent for Windows Systems -- (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1101EE32-E1BA-4E5C-B069-AA7E753D1E30}" = Symantec Backup Exec Remote Agent for Windows Systems
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1273A2F6-496E-4F36-92F5-06BCE138BBCB}" = Management Console for Citrix Presentation Server 4.5
"{12F924FF-D5C4-461C-BE73-89C9228BB343}" = Citrix Presentation Server - Administration Snap-in
"{13AD0029-FB8E-470E-9EFE-84DA4F5A54AB}" = IBM OnDemand AFP Web Viewer
"{142E0726-73B2-4CD5-95BE-8B018801886C}" = Simply Accounting by Sage 2009
"{23AED65D-3B51-4BE9-BA08-403A6F8D719D}" = Accubid v9.0
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{34D133E0-4984-42C7-8B52-2934837F6F61}" = Citrix Presentation Server - Presentation Server Reports
"{37C11957-8228-4119-888D-3EA6B742BD9C}" = Simply Accounting by Sage 2009
"{40E9841C-CF57-4B88-8A06-F944D322E92E}" = Citrix Access Management Console - Hotfix Management
"{43F11231-708E-4EFB-B675-B0397A394F78}" = Broadcom Drivers and Management Applications
"{44412985-02EE-4824-9EA5-B2AF6D98924E}" = Citrix Presentation Server for Windows
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5436F894-39CC-41D7-AEFC-AF5E2C7F0852}" = Citrix Access Management Console - Framework
"{557E05DF-F2E6-410A-8C35-2E73552110C8}" = Citrix Access Management Console - Knowledge Base
"{55D1BF8E-EA8F-4969-82B9-B577010CFBCD}" = Microsoft Baseline Security Analyzer 2.1
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.1.5
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (CITRIX_METAFRAME)
"{6E619BFE-20CA-448A-A0D0-B8ADD42D168A}" = Citrix Web Interface
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{760D0614-9608-4637-919B-3573FC0F0D87}" = Citrix Access Management Console - Legacy Tools
"{7BDE499A-3CE1-4505-99ED-147864DA4955}" = Simply Accounting by Sage 2008
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAA9207-A30A-4158-9640-8886AA9BD86F}" = Citrix Licensing
"{9B5AEAE3-8CE1-4524-A7C4-1CFD2B98F1E9}" = Citrix Access Management Console - Diagnostics
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9F524F2F-2B6F-4D57-B76A-1D0C175F726E}" = Citrix Access Management Console - Web Interface
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A4F8313B-0E21-478B-B289-BFB7736CA7AA}" = Remote Administration Tools
"{ABC0EFE1-B5D2-4A52-AC20-E1F111CBC4BF}" = Citrix Presentation Server Document Center
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{DA83FEB1-B397-461D-B120-7B996E83ADEE}" = Simply Accounting by Sage 2008
"{DF3FEF48-918A-4510-AEF7-4AD6B91096D9}" = VMware vCenter Converter Standalone Agent
"{E2B88EA8-20B7-40EB-9DDB-269CE4730106}" = Citrix License Server Administration
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{F0B2CBE2-BBA4-4409-B246-EC64BCB33BD3}" = Accubid Security 2.0
"{F929096B-54A0-4C5C-B125-1E7EB1917412}" = MySQL Connector/ODBC 3.51
"{FAE589B8-1227-4501-BA0D-46B9677F2C93}" = Citrix Access Management Console - Report Center
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.5 Professional
"Adobe Acrobat 8 Professional_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG 9.0
"Business-in-a-Box" = Business-in-a-Box
"Dell PowerEdge Diagnostics" = Dell Online Diagnostics 2.14
"ERUNT_is1" = ERUNT 1.1j
"HASP Device Drivers" = HASP Device Drivers
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PlanWin32" = Twiddlebit Plan for Windows
"PSE450W2K3R01" = Citrix Hotfix Rollup Pack PSE450W2K3R01
"PSE450W2K3R02" = Citrix Hotfix Rollup Pack PSE450W2K3R02
"PSE450W2K3R03" = Citrix Hotfix Rollup Pack PSE450W2K3R03
"PSE450W2K3R04" = Citrix Hotfix Rollup Pack PSE450W2K3R04
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Remote Agent for Windows Servers" = Symantec Backup Exec Remote Agent for Windows Systems
"Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/7/2010 6:55:36 PM | Computer Name = IONA-CTX | Source = Userenv | ID = 1110
Description = Attempt to determine whether user and machine accounts are in the
same forest failed (The interface is unknown. ).

Error - 6/7/2010 7:05:51 PM | Computer Name = IONA-CTX | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.37.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/7/2010 7:15:52 PM | Computer Name = IONA-CTX | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The system detected
a possible attempt to compromise security. Please ensure that you can contact
the server that authenticated you. ). Group Policy processing aborted.

Error - 6/7/2010 7:17:31 PM | Computer Name = IONA-CTX | Source = Userenv | ID = 1110
Description = Attempt to determine whether user and machine accounts are in the
same forest failed (The interface is unknown. ).

Error - 6/7/2010 7:18:24 PM | Computer Name = IONA-CTX | Source = MetaframeEvents | ID = 1250
Description = Failed to get domain trust information for this server.

Error - 6/7/2010 7:21:36 PM | Computer Name = IONA-CTX | Source = Userenv | ID = 1110
Description = Attempt to determine whether user and machine accounts are in the
same forest failed (The interface is unknown. ).

Error - 6/7/2010 7:27:30 PM | Computer Name = IONA-CTX | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The system detected
a possible attempt to compromise security. Please ensure that you can contact
the server that authenticated you. ). Group Policy processing aborted.

Error - 6/7/2010 7:27:51 PM | Computer Name = IONA-CTX | Source = Userenv | ID = 1110
Description = Attempt to determine whether user and machine accounts are in the
same forest failed (The interface is unknown. ).

Error - 6/7/2010 7:29:30 PM | Computer Name = IONA-CTX | Source = Userenv | ID = 1110
Description = Attempt to determine whether user and machine accounts are in the
same forest failed (The interface is unknown. ).

Error - 6/7/2010 7:30:13 PM | Computer Name = IONA-CTX | Source = MetaframeEvents | ID = 1250
Description = Failed to get domain trust information for this server.

[ OSession Events ]
Error - 4/29/2009 9:44:19 AM | Computer Name = IONA-CTX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 4/29/2009 12:30:32 PM | Computer Name = IONA-CTX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 4/29/2009 2:52:08 PM | Computer Name = IONA-CTX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 5/1/2009 4:25:07 PM | Computer Name = IONA-CTX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 5/1/2009 4:25:18 PM | Computer Name = IONA-CTX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 5/1/2009 6:40:38 PM | Computer Name = IONA-CTX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 5/5/2009 1:43:59 PM | Computer Name = IONA-CTX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 5/5/2009 5:56:52 PM | Computer Name = IONA-CTX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 5/5/2009 5:59:45 PM | Computer Name = IONA-CTX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 5/5/2009 6:01:13 PM | Computer Name = IONA-CTX | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 6/7/2010 7:28:58 PM | Computer Name = IONA-CTX | Source = Service Control Manager | ID = 7003
Description = The HTTP SSL service depends on the following nonexistent service:
IISADMIN

Error - 6/7/2010 7:29:33 PM | Computer Name = IONA-CTX | Source = TermServDevices | ID = 1111
Description = Driver TOSHIBA e-STUDIO4520CSeriesPCL6 required for printer BVE-CGY-Toshiba2330c-PCL
is unknown. Contact the administrator to install the driver before you log in again.

Error - 6/7/2010 7:30:12 PM | Computer Name = IONA-CTX | Source = IMAService | ID = 266141
Description = Installation of the following product failed verification: Citrix
Access Management Console - Web Interface 4.5.0.0. This occurs when the installer
files are missing from the Windows Installer cache. Run a repair on the missing
product from the Add or Remove Programs Control Panel Applet to correct this problem.

Error - 6/7/2010 7:30:16 PM | Computer Name = IONA-CTX | Source = TermServDevices | ID = 1111
Description = Driver Microsoft Shared Fax Driver required for printer Fax is unknown.
Contact the administrator to install the driver before you log in again.

Error - 6/7/2010 7:30:16 PM | Computer Name = IONA-CTX | Source = TermServDevices | ID = 1111
Description = Driver HP Officejet H470 series required for printer HP Officejet
H470 series is unknown. Contact the administrator to install the driver before you
log in again.

Error - 6/7/2010 7:30:16 PM | Computer Name = IONA-CTX | Source = TermServDevices | ID = 1111
Description = Driver TOSHIBA eS451c/453cSeries PCL5c required for printer ICL-CGY-TOSHIBA281c-PCL5
is unknown. Contact the administrator to install the driver before you log in again.

Error - 6/7/2010 7:30:16 PM | Computer Name = IONA-CTX | Source = TermServDevices | ID = 1111
Description = Driver TOSHIBA eS451c/453cSeries PSL3 required for printer ICL-CGY-TOSHIBA281c-PSL3
is unknown. Contact the administrator to install the driver before you log in again.

Error - 6/7/2010 7:30:20 PM | Computer Name = IONA-CTX | Source = TermServDevices | ID = 1111
Description = Driver KIP 2900 required for printer KIP 2900 is unknown. Contact
the administrator to install the driver before you log in again.

Error - 6/7/2010 7:30:21 PM | Computer Name = IONA-CTX | Source = TermServDevices | ID = 1111
Description = Driver Microsoft XPS Document Writer required for printer Microsoft
XPS Document Writer is unknown. Contact the administrator to install the driver
before you log in again.

Error - 6/7/2010 7:30:21 PM | Computer Name = IONA-CTX | Source = TermServDevices | ID = 1111
Description = Driver PDFCreator required for printer PDFCreator is unknown. Contact
the administrator to install the driver before you log in again.


< End of report >

Hello toddalmond,

Your Java is out to date. Older versions are vunerable to attack.

Please follow these steps:

• Download from here Java Runtime Environment (JDK) Update
• Scroll to where it says "Windows 7/Vista/2000/2003/2008 online" and download and follow the instructions.
  
  Reboot your computer.
  You also need to uininstall older versions of Java.
  
  
• Click Start > Control Panel > Add or Remove Programs
  
• Remove all Java updates except the latest one you have just installed.

Next

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

This topic has been re-opened at the request of the user.

Further to my last post please do this now:

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3. It uses Java Runtime Environment (JRE) .

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

• Read through the requirements and privacy statement and click on Accept button.
• It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Copy and paste that information in your next post.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, July 4, 2010
Operating system: Microsoft Windows Server 2003 R2, Standard Edition Service Pack 2 (build 3790)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, July 04, 2010 15:01:03
Records in database: 4247770
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
E:\

Scan statistics:
Objects scanned: 100285
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 01:43:08


File name / Threat / Threats count
C:\Program Files\Citrix\Web Interface\4.5\Clients\en\icawince\cex86\icasetup.x86.CAB Infected: Packed.Win32.Krap.ai 1

Selected area has been scanned.

Hello again toddalmond,

Please run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Files
  C:\Program Files\Citrix\Web Interface\4.5\Clients\en\icawince\cex86\icasetup.x86.CAB
  :Commands
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• It will produce a log for you on reboot, please post that log in your next reply and tell me how you machine is now.

Hi emeraldnzl,

I suspected that the infection detected in icasetup.x86.CAB was a false-positive so I ran another scan of that file at virustotal.com, it shows that of 36 virus scanners only Kaspersky sees this file as malicious.

I also submitted the file to the Kaspersky Lab analysts for confirmation and they have replied saying it's a false-positive.

Malwarebytes continues to pop-up alerts regarding IPs it is blocking, there are three unique IPs:
94.228.209.200
91.212.226.67
91.212.226.59

Hopefully there is something else we can try...