Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Anti Mailware won't run [Solved]

Started by DaveRo , Oct 28 2009 02:26 PM

  • This topic is locked This topic is locked

#16
chamber
Posted 30 October 2009 - 08:54 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Can you transfer OTL to your desktop using another computer?
  • 0

Advertisements

#17
DaveRo
Posted 30 October 2009 - 10:00 AM

DaveRo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
I tried downloading it to my computer which worked. Opening a window to the other computer and copying it. I got the error message "disk full or write protected".
  • 0

#18
chamber
Posted 30 October 2009 - 10:02 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Can you try running it in safe mode?
  • 0

#19
DaveRo
Posted 30 October 2009 - 10:06 AM

DaveRo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
i'll give it a try... I need to leave the office for a while... I'll try doing it later this afternooon
  • 0

#20
DaveRo
Posted 30 October 2009 - 02:53 PM

DaveRo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
this is wierd... I went into safemode with networking and downloaded otl.exe to the desktop.

shutdown and restarted into normal mode. went to run otl and it wasn't on the desktop.

I got the following error message when restarting

Windows Script Host
c:\Program Files\Configuration\ConfigCheck\ScheduleConfig.vbs
system can not find file.
  • 0

#21
chamber
Posted 31 October 2009 - 03:47 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Run OTL in safe mode.
  • 0

#22
DaveRo
Posted 31 October 2009 - 12:49 PM

DaveRo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Ok I was able to run it in regular mode... here's the log

OTL logfile created on: 10/31/2009 2:22:50 PM - Run 4
OTL by OldTimer - Version 3.1.1.7 Folder = C:\Documents and Settings\R103470\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.27% Memory free
3.85 Gb Paging File | 3.40 Gb Available in Paging File | 88.29% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 59.21 Gb Free Space | 79.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: W1115072
Current User Name: R103470
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\R103470\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Altiris\Altiris Agent\Software Delivery\{01B54EB5-3679-4C73-9E10-E169D5A5EC59}\cache\AeXMachInv.exe (Altiris)
PRC - C:\Program Files\Altiris\Altiris Agent\Software Delivery\{01B54EB5-3679-4C73-9E10-E169D5A5EC59}\cache\AeXInvSoln.exe (Altiris)
PRC - C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe (Altiris, Inc.)
PRC - C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe (Altiris, Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Network Associates\Common Framework\Mctray.exe (McAfee, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Utimaco\SafeGuard Easy\ecview.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe ()
PRC - C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\SgLogPlayer.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe (Visioneer Inc)
PRC - c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)
PRC - c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
PRC - C:\WINDOWS\system32\FSRremoS.EXE ()
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)


========== Win32 Services (SafeList) ==========

SRV - C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe (Altiris, Inc.)
SRV - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - C:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation)
SRV - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe (Utimaco Safeware AG)
SRV - C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe ()
SRV - C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe (Utimaco Safeware AG)
SRV - C:\WINDOWS\system32\ati2sgag.exe ()
SRV - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - C:\Program Files\Lotus\Notes\ntmulti.exe (IBM Corp)
SRV - C:\Program Files\Lotus\Notes\nslsvice.exe (IBM Corp)
SRV - C:\WINDOWS\system32\SgLogPlayer.exe (Utimaco Safeware AG)
SRV - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe (Visioneer Inc)
SRV - c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)
SRV - c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)


========== Driver Services (SafeList) ==========

DRV - C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - C:\WINDOWS\system32\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV - C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\AW_HOST5.sys (Symantec Corporation)
DRV - C:\WINDOWS\System32\Drivers\awlegacy.sys (Symantec Corporation)
DRV - C:\WINDOWS\system32\drivers\awechomd.sys (Symantec Corporation)
DRV - C:\WINDOWS\system32\drivers\GERNUWA.sys (Symantec Corporation)
DRV - C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - C:\WINDOWS\SYSTEM32\DRIVERS\SGEFLT.SYS (Utimaco Safeware AG)
DRV - C:\WINDOWS\SYSTEM32\DRIVERS\AES256.SYS (Utimaco Safeware AG)
DRV - C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - C:\WINDOWS\system32\drivers\UBHelper.sys ()
DRV - C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
DRV - C:\WINDOWS\system32\drivers\pelusblf.sys (Primax Electronics Ltd.)
DRV - C:\WINDOWS\system32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\R103470\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\AMInit.dll (Altiris, Inc.)
MOD - C:\Program Files\Utimaco\SafeGuard Easy\SgMsgBhk.dll (Utimaco Safeware AG)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.advisorcompass.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ File not found


O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Altiris, Inc.)
O4 - HKLM..\Run: [AltirisConfiguration] C:\Program Files\Configuration\ConfigCheck\ScheduleConfig.vbs ()
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [DLPSP] c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4 - HKLM..\Run: [EdWizard] C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RunningApp] C:\Program Files\Configuration\shared\Runningapp.vbs ()
O4 - HKLM..\Run: [SGEConfiguration] C:\Program Files\Utimaco\SafeGuard Easy\SGEConfigurations.bat ()
O4 - HKLM..\Run: [SgeEcView] C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [USG] C:\WINDOWS\system32\USG.EXE ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 127.0.0.1 ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 50below.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: advisorcompass.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aefatesting.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aexp.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: americanexpress.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ameriprise.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ameriprise.webex.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ameriprisecentral.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ameripriseu.webex.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: amexweb.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ampadvisor.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ampf.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: assetlink.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: brainshark.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: cenveo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: documentsonthenet.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ezdata.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ez-data.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ez-data.com ([ampf] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ez-data.com/java ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ez-data.com/java/index.htm ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fiserv.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: forefield.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: foremostadvice.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: FundPOINTDesktop.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: mainaccount.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: marketwatch.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: morningstar.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ogilvy.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: orders.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pii121.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: riversource.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: smartofficeonline.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1FA44E01-A60B-4449-BF97-66CDAA200433} https://ampf.ez-data...s/SOConfig6.cab (SOConfig6 Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1175715704046 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1175715759437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {9C8CBDB4-53AC-4434-B3B2-404B1C5533F3} https://ams.stoneriv.../amsrptview.cab (FISERV FIPSCO Report Viewer)
O16 - DPF: {C37CCB56-C46A-4778-98C7-7B12A9C1EEAD} https://atslead.ez-d...ficeLinkOLM.cab (SmartOfficeLinkOLM Class)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://webmail.advi...ecom0/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ameriprise.w...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ampf.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\AMInit.dll) - C:\WINDOWS\system32\AMInit.dll (Altiris, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (SGGINA.DLL) - C:\WINDOWS\System32\Sggina.dll (Utimaco Safeware AG)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NotLog: DllName - SGLogEx.dll - C:\WINDOWS\System32\SGLogEx.dll (Utimaco Safeware AG)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/04 15:27:22 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/31 14:15:52 | 00,526,336 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\R103470\Desktop\OTL.exe
[2009/10/31 14:05:33 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/10/31 14:04:32 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/10/30 09:19:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/10/29 12:56:18 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/29 10:39:33 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/29 10:38:52 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/29 10:38:52 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/29 10:38:52 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/29 10:38:52 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/29 10:38:29 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/29 10:20:47 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/27 13:30:34 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/10/27 13:23:32 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\R103470\Desktop\RootRepeal.exe
[2009/10/27 12:58:51 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\R103470\Desktop\kelly.exe
[2009/10/27 12:58:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/27 12:57:20 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/27 12:55:51 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\R103470\Desktop\erunt_setup.exe
[2009/10/27 12:55:07 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\R103470\Desktop\SysRestorePoint.exe
[2009/10/27 12:49:01 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\R103470\Desktop\TFC.exe
[2009/10/27 10:07:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/27 09:38:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\clean up
[2009/10/13 09:32:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/10/13 09:32:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\R103470\Application Data\Office Genuine Advantage
[2009/10/13 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2009/10/13 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2009/10/13 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2009/10/13 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2009/10/13 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2009/10/13 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2009/10/13 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2009/10/13 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2009/10/13 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2009/10/13 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2009/10/13 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2009/10/13 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2009/10/13 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2009/10/13 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2009/10/13 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2009/10/13 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2009/10/13 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2007/12/20 11:08:09 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[4 C:\Documents and Settings\R103470\My Documents\*.tmp files -> C:\Documents and Settings\R103470\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\R103470\*.tmp files -> C:\Documents and Settings\R103470\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/10/31 14:21:31 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/10/31 14:21:05 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/31 14:20:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/31 14:20:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/31 14:19:54 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\R103470\NTUSER.DAT
[2009/10/31 14:19:54 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\R103470\ntuser.ini
[2009/10/31 14:19:52 | 04,768,744 | -H-- | M] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\IconCache.db
[2009/10/31 14:15:53 | 00,526,336 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\R103470\Desktop\OTL.exe
[2009/10/30 16:29:37 | 00,203,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/29 13:01:47 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/29 10:47:21 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/29 10:39:53 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/29 10:28:56 | 03,427,862 | R--- | M] () -- C:\Documents and Settings\R103470\Desktop\ComboFix.exe
[2009/10/29 10:22:51 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\yezaradu
[2009/10/28 12:02:03 | 00,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2009/10/27 14:05:51 | 00,009,770 | ---- | M] () -- C:\WINDOWS\wcds.ini
[2009/10/27 14:05:33 | 00,010,498 | ---- | M] () -- C:\WINDOWS\EzCDSODB.INI
[2009/10/27 13:24:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\R103470\Desktop\settings.dat
[2009/10/27 13:23:33 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\R103470\Desktop\RootRepeal.exe
[2009/10/27 12:58:55 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\R103470\Desktop\kelly.exe
[2009/10/27 12:57:21 | 00,000,639 | ---- | M] () -- C:\Documents and Settings\R103470\Desktop\NTREGOPT.lnk
[2009/10/27 12:57:21 | 00,000,620 | ---- | M] () -- C:\Documents and Settings\R103470\Desktop\ERUNT.lnk
[2009/10/27 12:55:52 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\R103470\Desktop\erunt_setup.exe
[2009/10/27 12:55:07 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\R103470\Desktop\SysRestorePoint.exe
[2009/10/27 12:49:02 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\R103470\Desktop\TFC.exe
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/21 13:58:31 | 00,244,873 | ---- | M] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Milliken Household 10- 21- 2009.XLSM
[2009/10/21 13:55:37 | 00,241,700 | ---- | M] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Skarda Household 10- 21- 2009.XLSM
[2009/10/21 13:54:11 | 00,240,338 | ---- | M] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Cooper Household 10- 21- 2009.XLSM
[2009/10/21 13:50:10 | 00,242,049 | ---- | M] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Thomas Household 10- 21- 2009.XLSM
[2009/10/14 17:09:34 | 00,524,282 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/14 17:09:34 | 00,458,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/14 17:09:34 | 00,076,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/14 17:05:52 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/12 13:01:30 | 00,242,192 | ---- | M] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Lindstrom Household 10- 12- 2009.XLSM
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/02 08:59:14 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2009/10/02 08:59:11 | 00,087,352 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2009/10/02 08:59:11 | 00,028,984 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[4 C:\Documents and Settings\R103470\My Documents\*.tmp files -> C:\Documents and Settings\R103470\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\R103470\*.tmp files -> C:\Documents and Settings\R103470\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/29 10:39:53 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/29 10:39:50 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/29 10:38:52 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/29 10:38:52 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/29 10:38:52 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/29 10:38:52 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/29 10:38:52 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/29 10:28:53 | 03,427,862 | R--- | C] () -- C:\Documents and Settings\R103470\Desktop\ComboFix.exe
[2009/10/27 13:24:13 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\R103470\Desktop\settings.dat
[2009/10/27 12:57:21 | 00,000,639 | ---- | C] () -- C:\Documents and Settings\R103470\Desktop\NTREGOPT.lnk
[2009/10/27 12:57:21 | 00,000,620 | ---- | C] () -- C:\Documents and Settings\R103470\Desktop\ERUNT.lnk
[2009/10/21 13:58:30 | 00,244,873 | ---- | C] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Milliken Household 10- 21- 2009.XLSM
[2009/10/21 13:55:36 | 00,241,700 | ---- | C] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Skarda Household 10- 21- 2009.XLSM
[2009/10/21 13:54:11 | 00,240,338 | ---- | C] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Cooper Household 10- 21- 2009.XLSM
[2009/10/21 13:50:10 | 00,242,049 | ---- | C] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Thomas Household 10- 21- 2009.XLSM
[2009/10/12 13:01:30 | 00,242,192 | ---- | C] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Lindstrom Household 10- 12- 2009.XLSM
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/08 15:32:45 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM.INI
[2009/01/08 15:32:45 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2008/04/29 09:52:24 | 00,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/02/06 10:35:39 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\TaxPrintPDF.dll
[2008/02/05 14:46:57 | 00,000,101 | ---- | C] () -- C:\WINDOWS\applink.ini
[2008/02/05 14:46:56 | 00,000,128 | ---- | C] () -- C:\WINDOWS\Utdsysap.ini
[2008/02/05 14:46:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tmp.ini
[2007/12/20 16:40:12 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\FASTWiz.html
[2007/12/20 16:37:49 | 00,030,393 | ---- | C] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\FASTWiz.log
[2007/12/20 13:13:50 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/12/20 11:57:19 | 00,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/12/20 11:57:18 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2007/12/20 11:56:56 | 00,007,803 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2007/12/20 11:56:39 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2007/12/20 11:56:39 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\lmmonres.dll
[2007/12/20 11:38:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AEFALDS.INI
[2007/12/20 11:37:39 | 00,010,498 | ---- | C] () -- C:\WINDOWS\EzCDSODB.INI
[2007/12/20 11:14:41 | 00,000,349 | ---- | C] () -- C:\WINDOWS\ezmail.ini
[2007/12/20 11:14:35 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2007/12/20 11:09:13 | 04,768,744 | -H-- | C] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\IconCache.db
[2007/12/20 11:08:30 | 00,009,770 | ---- | C] () -- C:\WINDOWS\wcds.ini
[2007/12/20 11:08:21 | 00,319,488 | ---- | C] () -- C:\WINDOWS\System32\EzActRpt.dll
[2007/12/20 11:08:21 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\ezhelp32.dll
[2007/12/20 11:08:20 | 00,147,968 | ---- | C] () -- C:\WINDOWS\System32\AL21FVB.DLL
[2007/12/20 11:08:20 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\DTCTRACE.DLL
[2007/12/20 11:08:19 | 03,203,072 | ---- | C] () -- C:\WINDOWS\System32\LCPPN201.DLL
[2007/12/20 11:08:19 | 00,024,461 | ---- | C] () -- C:\WINDOWS\DrDll.INI
[2007/12/20 11:08:12 | 00,377,856 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2007/12/20 11:08:12 | 00,244,736 | ---- | C] () -- C:\WINDOWS\System32\TAB32D20.DLL
[2007/12/20 11:08:12 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\CTREESTD.DLL
[2007/12/20 11:08:12 | 00,128,000 | ---- | C] () -- C:\WINDOWS\System32\IMP32D20.DLL
[2007/12/20 11:08:12 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\U2LFINRA.DLL
[2007/12/20 11:08:12 | 00,000,151 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[2007/12/20 11:08:09 | 00,316,416 | ---- | C] () -- C:\WINDOWS\System32\P2SMCUBE.DLL
[2007/12/20 11:08:09 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\LFFAX60N.DLL
[2007/12/20 11:08:09 | 00,147,241 | ---- | C] () -- C:\WINDOWS\System32\P2OESBSE.DLL
[2007/12/20 11:08:09 | 00,141,824 | ---- | C] () -- C:\WINDOWS\System32\LFCMP60N.DLL
[2007/12/20 11:08:09 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\U2LEXPO.DLL
[2007/12/20 11:08:09 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\U25STORE.DLL
[2007/12/20 11:08:09 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\U25TOTAL.DLL
[2007/12/20 11:08:09 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\U25DTS.DLL
[2007/12/20 11:08:09 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\U2LJUL.DLL
[2007/12/20 11:08:09 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\LFEPS60N.DLL
[2007/12/20 11:08:09 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFBMP60N.DLL
[2007/12/20 11:08:08 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\LFPNG60N.DLL
[2007/12/20 11:08:08 | 00,082,432 | ---- | C] () -- C:\WINDOWS\System32\U2LSQRT.DLL
[2007/12/20 11:08:08 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\U2LESBSE.DLL
[2007/12/20 11:08:08 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\U2LPDXTM.DLL
[2007/12/20 11:08:08 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\U2LSSM.DLL
[2007/12/20 11:08:08 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\U2LBAR.DLL
[2007/12/20 11:08:08 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\U2LCAPS.DLL
[2007/12/20 11:08:08 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\U2LSTR.DLL
[2007/12/20 11:08:08 | 00,030,720 | ---- | C] () -- C:\WINDOWS\System32\U2LTIME.DLL
[2007/12/20 11:08:08 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\U2LTEC1.DLL
[2007/12/20 11:08:08 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\U2LSTRNG.DLL
[2007/12/20 11:08:08 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\U2LSAMP1.DLL
[2007/12/20 11:08:08 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\U2LTDATE.DLL
[2007/12/20 11:08:08 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\LFPCX60N.DLL
[2007/12/20 11:08:08 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\LFPCT60N.DLL
[2007/12/20 11:08:08 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\LFPSD60N.DLL
[2007/12/20 11:08:08 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\LFMSP60N.DLL
[2007/12/20 11:08:08 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\LFMAC60N.DLL
[2007/12/20 11:08:07 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\LFTIF60N.DLL
[2007/12/20 11:08:07 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL60N.DLL
[2007/12/20 11:08:07 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\U2LDTS.DLL
[2007/12/20 11:08:07 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\U2LEXCH.DLL
[2007/12/20 11:08:07 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\U2LASC.DLL
[2007/12/20 11:08:07 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\LFTGA60N.DLL
[2007/12/20 11:08:07 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\LFWPG60N.DLL
[2007/12/20 11:08:07 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\LFWMF60N.DLL
[2007/12/19 20:42:36 | 00,049,776 | ---- | C] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/12/19 20:41:06 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\fusioncache.dat
[2007/12/19 20:40:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\R103470\Application Data\desktop.ini
[2007/07/24 14:53:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/07/23 21:22:04 | 00,164,864 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2007/07/23 21:09:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/07/23 21:08:59 | 00,000,511 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/23 20:29:48 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2007/07/23 20:29:45 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2007/07/23 20:22:15 | 00,200,796 | ---- | C] () -- C:\WINDOWS\System32\Crypto.dll
[2007/07/16 12:58:10 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 12:58:00 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/04/04 18:04:55 | 00,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/04/04 16:56:59 | 00,002,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\pciinfo.sys
[2007/04/04 15:57:10 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2007/04/04 10:15:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/03/16 17:00:00 | 00,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/02/09 21:26:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/22 17:06:56 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\SGEGINATHK.dll
[2006/09/22 17:06:42 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\Sgegina040C.Dll
[2006/09/22 17:06:38 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\SgeGina0407.Dll
[2006/08/25 11:14:36 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\loaddlln.dll
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/11/15 15:32:22 | 00,003,638 | R--- | C] () -- C:\Program Files\Common Files\Altiris_Icon.ico
[2005/03/31 12:27:18 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGCleanLocalGPO.dll
[2004/08/04 06:00:00 | 00,000,564 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/03/06 03:30:52 | 00,000,173 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI

========== LOP Check ==========

[2008/06/24 11:08:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ameriprise
[2008/07/28 09:15:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brentmark
[2009/07/15 09:06:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2007/07/24 13:50:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2007/04/04 18:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/06/01 13:33:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2007/07/23 20:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2007/12/20 12:59:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Pack
[2007/12/20 10:46:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Utimaco
[2007/12/20 10:47:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007/12/19 20:41:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\ATI
[2008/07/30 15:44:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\Brentmark
[2009/07/15 09:07:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\Cisco
[2008/10/28 13:59:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/12/20 11:03:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\CyberLink
[2009/04/22 12:39:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\E-Z Data
[2007/12/20 10:51:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\ImagiSOFT
[2007/12/20 18:01:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\LinkManager 4.0
[2009/07/29 09:49:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\webex
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/31 14:20:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >
  • 0

#23
chamber
Posted 02 November 2009 - 03:24 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi,

You have a couple of different antivirus products on there.

Symantec and Norton. which one are you using?

1) Scan a file

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\WINDOWS\system32\USG.EXE
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

2) OTL

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

In your reply I would like to see copied and pasted,

1) OTL logs
2) Results of the scanned file
  • 0

#24
DaveRo
Posted 02 November 2009 - 06:27 AM

DaveRo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
This computer is my assistant's. We should be running McAfee VirusScan. She may have installed those products when she was tried to rid the system of the virus.

I ran the first scan - posted the results. When I was running OTL, the system rebooted automatically. So I lost the log of the first scan. should I rerun it after OTL?

thanks
  • 0

#25
chamber
Posted 02 November 2009 - 06:58 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Please visit HERE, determine the version of the Symantec product that is installed. (To determine the version, click Help and About.)

Select the appropriate link for the product that you want to uninstall and then run the tool.

Follow the on-screen instructions.

Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

Yes re run it after OTL
  • 0

Advertisements

#26
DaveRo
Posted 02 November 2009 - 08:28 AM

DaveRo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Here's the virus scan results...more to come

VirSCAN.org Scanned Report :
Scanned time : 2009/11/02 08:53:47 (EST)
Scanner results: Scanners did not find malware!
File Name : USG.EXE
File Size : 111351 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 0f92cd0ee555d7a6306c0466e7b16a13
SHA1 : 797754b3574456afea27f05e54e76ca30b03179b
Online report : http://virscan.org/r...20367fb088.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091102200214 2009-11-02 40.12 -
AhnLab V3 2009.11.02.00 2009.11.02 2009-11-02 40.13 -
AntiVir 8.2.1.53 7.1.6.177 2009-11-02 0.21 -
Antiy 2.0.18 20091102.3201984 2009-11-02 0.12 -
Arcavir 2009 200911012157 2009-11-01 0.10 -
Authentium 5.1.1 200911011547 2009-11-01 1.23 -
AVAST! 4.7.4 091101-1 2009-11-01 0.03 -
AVG 8.5.288 270.14.45/2476 2009-11-02 0.36 -
BitDefender 7.81008.4480747 7.28708 2009-11-02 4.01 -
CA (VET) 35.1.0 7094 2009-10-30 40.12 -
ClamAV 0.95.2 9971 2009-11-01 0.02 -
Comodo 3.12 2815 2009-11-02 40.13 -
CP Secure 1.3.0.5 2009.10.30 2009-10-30 0.00 -
Dr.Web 4.44.0.9170 2009.11.02 2009-11-02 6.31 -
F-Prot 4.4.4.56 20091101 2009-11-01 1.21 -
F-Secure 7.02.73807 2009.11.02.09 2009-11-02 8.98 -
Fortinet 2.81-3.120 11.13 2009-11-02 40.12 -
GData 19.8693/19.531 20091102 2009-11-02 40.13 -
ViRobot 20091102 2009.11.02 2009-11-02 40.13 -
Ikarus T3.1.01.72 2009.11.02.74407 2009-11-02 4.24 -
JiangMin 11.0.800 2009.11.02 2009-11-02 40.13 -
Kaspersky 5.5.10 2009.11.02 2009-11-02 0.18 -
KingSoft 2009.2.5.15 2009.11.2.16 2009-11-02 40.13 -
McAfee 5.3.00 5789 2009-11-01 3.39 -
Microsoft 1.5202 2009.11.02 2009-11-02 40.13 -
Norman 6.01.09 6.01.00 2009-11-01 4.01 -
Panda 9.05.01 2009.10.31 2009-10-31 40.13 -
Trend Micro 8.700-1004 6.596.06 2009-11-02 0.03 -
Quick Heal 10.00 2009.11.02 2009-11-02 40.12 -
Rising 20.0 21.54.04.00 2009-11-02 40.12 -
Sophos 3.00.1 4.46 2009-11-02 2.87 -
Sunbelt 5482 5482 2009-11-01 40.13 -
Symantec 1.3.0.24 20091031.035 2009-10-31 0.00 -
nProtect 20091030.01 6063347 2009-10-30 40.13 -
The Hacker 6.5.0.2 v00058 2009-10-31 40.13 -
VBA32 3.12.10.11 20091101.2111 2009-11-01 1.96 -
VirusBuster 4.5.11.10 10.113.4/1996453 2009-11-02 2.44 -
  • 0

#27
DaveRo
Posted 02 November 2009 - 08:36 AM

DaveRo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
first otl log
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZT0QIMVY\desktop.ini deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\J1JJQDD1\desktop.ini deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8K6NT110\desktop.ini deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\63XSRD4F\desktop.ini deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PPKLPU39\desktop.ini deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N5ZSYCHA\desktop.ini deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\DPPSMBJB\desktop.ini deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\43XBWD0V\desktop.ini deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 33170 bytes

User: R103470
C:\Documents and Settings\R103470\Local Settings\Temp\{AC76BA86-1033-0000-7760-100000000002}\acro.SIF deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temp\{AC76BA86-1033-0000-7760-100000000002}\asneu.dll deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temp\2c32c2.msp deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temp\2c32c3.mst deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temp\2c3477.msp deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temp\2c3478.mst deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temp\2f06f0.msp deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temp\2f06f1.mst deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temp\AUInst.log deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temp\ColorProfile.log deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temp\dw.log deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temp\dwa7res_en.dll deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temp\MSI39b08.LOG deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temp\MSIb121f.LOG deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temp\MSIb1220.LOG deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temp\Perflib_Perfdata_a64.dat deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temp\Perflib_Perfdata_d2c.dat deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temp\~DFB4BE.tmp deleted successfully.
->Temp folder emptied: 81033927 bytes
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\abg-en-100c-000000[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\add-reply-f37-to256870[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\adjuggler[1] deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\ads[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\ads[2].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\ahnlab[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\antivir[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\arrow-up[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\attach_logo[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\attach_wait[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\blushing[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\bottom[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\clamav[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\ContactManager[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\css_25[1].css deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\css_rte[1].css deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\c_tl[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\desktop.ini deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\dom-drag[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\EBill3[1].jpg deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\f-prot[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\favicon[1].ico deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\favicon[2].ico deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\favicon[3].ico deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\f_norm_no[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\ga[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\gender_male[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\grippy[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\header_short[1].jpg deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\icon10[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\icon14[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\icon6[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\ikarus[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\ips_menu[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\ips_text_editor_lite[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\kingsoft_av[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\load[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\login_corners_sprite[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\logo[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\lookaround[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\mail[1] deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\mail[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\mail[2] deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\mail[2].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\mail[3] deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\mail[4] deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\maintitle[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\mcafee[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\media-api[1].swf deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\menu_action_down-padded[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\pcc[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\print[1].css deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\progress_bar_null[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\p_edit[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\p_quote[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\quickheal[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\rc[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\rc[2].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\rc[3].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\rolleyes1[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\rte-align-right[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\rte-bbcode-help-sm[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\rte-emo-button[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\rte-extra[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\rte-italic[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\rte-outdent[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\rte-resize-down[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\rte_dots[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\rules[1].ref deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\spacer[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\spellcheck[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\sss[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\style[1].css deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\template_css[1].css deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\tile_sub[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\t_new[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\upload[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\userlinks_con[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\vba[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\ULEY5OL4\virscan_org[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\1[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\ads[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\angry[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\arcavir[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\av-245766[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\bigtenani[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\bitdefender[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\blue-tile[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\bluesearch[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\Channel4[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\cleardot[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\close[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\conversion[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\cpsecure[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\c_tr[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\desktop.ini deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\exp_plus[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\find_posts[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\fortinet[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\friend_add_small[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\f_norm[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\gender_mystery[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\get_status[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\get_status[2].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\google_ads[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\google_transparent[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\HJTstaff[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\icon12[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\icon2[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\icon5[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\icon[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\icon[1].jpg deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\indexbg[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\index[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\ipb_global[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\ipb_global_xmlenhanced[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\ips_text_editor_func[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\kaspersky[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\labs_bar_icon[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\lang_javascript[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\login_features_sprite[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\logo[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\mail[1] deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\mail[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\mail[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\mail[2] deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\mail[2].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\mail[2].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\mail[3] deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\mail[3].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\mail[4] deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\mbam.check[1].program deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\menu_action_down[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\menu_bg[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\navstrip[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\norman[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\null[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\ohmy[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\police[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\rte-align-left[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\rte-code-button[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\rte-emoticon[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\rte-ipd-tag[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\rte-link-button[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\rte-list-numbered[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\rte-redo[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\rte-textcolor[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\show_ads[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\sophos[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\tachyon[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\top[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\t_qr[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\t_reply[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\user-online[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\wink[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\w_b[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\K0KX4F02\ZeroClipboard[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\a-squared[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\adjuggler[1] deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\ads[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\Anti-Mailware-won-t-run-t256870[2].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\authentium[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\avast[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\banner_bg[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\button_bg[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\ca-vet[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\chamber_helper_sig[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\css_pp_header[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\c_bl[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\c_br[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\desktop.ini deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\drweb[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\expansion_embed[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\exp_minus[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\favicon[1].ico deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\favicon[2].ico deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\FiberConnect[1].jpg deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\gdata[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\get_status[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\gmail_solid_white[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\Go[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\hauri[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\horizontalimages2[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\icon13[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\icon3[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\icon7[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\icon9[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\ipb_topic[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\ips_attach[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\ips_xmlhttprequest[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\laughing[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\load[1] deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\logo2[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\mail[1] deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\mail[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\mail[2] deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\mail[2].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\mail[3].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\mbam.check[1].database deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\member1[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\newpost[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\panda[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\pip[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\powered_by[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\p_mq_add[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\quant[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\rar[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\rating_5_mini[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\rc[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\render_ads[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\rpc[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\rte-align-center[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\rte-bold[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\rte-email-button[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\rte-image-button[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\rte-list[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\rte-remove-formatting[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\rte-resize-up[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\rte-switch-editor[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\rte-toggle-html[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\sad[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\sma8[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\stylebox[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\sunbelt[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\test_gam_domain[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\thehacker[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\tile_head[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\tongue[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\TranslatePageLink[1].aspx deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\uploaderapi2[1].swf deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\urchin[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\winbox[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\w_l[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\H5DNOAJN\ZeroClipboard[1].swf deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\6087107b6bf30576333593e6520bd45f[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\advertisement[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\advisorcompass_com[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\antiy[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\arrow-down[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\attachicon[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\attach_ok[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\avg[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\bg[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\btn_donate_SM[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\button[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\chatsound[1].swf deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\checkout_999999[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\cleardot[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\comodo[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\css_img_code[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\c[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\c[2].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\desktop.ini deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\EBill1[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\f-secure[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\getstatus[1].xml deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\get_status[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\google_service[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\greybtn[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\icon11[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\icon1[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\icon4[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\icon8[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\icons_ns6[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\icon_open[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\iframe[2].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\ips_ipsclass[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\ips_menu_html[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\ips_text_editor[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\jiangmin[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\loading_anim[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\mail[1] deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\mail[2] deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\mail[3] deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\menu_item[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\microsoft[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\nav_bg[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\nav_m[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\news[1].txt deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\photo-thumb-245766[1].jpg deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\powered_by_centos[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\pp-blank-thumb[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\progress_bar[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\p_up[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\rating_0_mini[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\rc[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\rising[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\rss[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\rte-bgcolor[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\rte-indent[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\rte-justify[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\rte-quote-button[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\rte-toggle-options[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\rte-underlined[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\rte-undo[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\send_pm_small[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\sma_blank[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\smile[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\sound[1].swf deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\subhead_bg[1].png deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\symantec[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\test_domain[1].js deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\text-overflow[1].css deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\to_post_off[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\userlinks[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\virusbuster[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\wacko[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\weathertease[1].htm deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\wub[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\w_r[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\24AZUBZR\w_t[1].gif deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\Content.IE5\index.dat deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat deleted successfully.
C:\Documents and Settings\R103470\Local Settings\Temporary Internet Files\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 6939330 bytes
->Java cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
C:\WINDOWS\temp\AeXAM\AeX1B4.tmp deleted successfully.
C:\WINDOWS\temp\AeXAM\AeX1B5.tmp deleted successfully.
C:\WINDOWS\temp\AeXAM\AeX1B6.tmp deleted successfully.
C:\WINDOWS\temp\dd_ATL90SP1_KB973924MSI3E18.txt deleted successfully.
C:\WINDOWS\temp\dd_ATL90SP1_KB973924UI3E18.txt deleted successfully.
C:\WINDOWS\temp\Perflib_Perfdata_1c4.dat deleted successfully.
C:\WINDOWS\temp\Perflib_Perfdata_1dc.dat deleted successfully.
C:\WINDOWS\temp\Perflib_Perfdata_1f4.dat deleted successfully.
C:\WINDOWS\temp\Perflib_Perfdata_a0.dat deleted successfully.
C:\WINDOWS\temp\Perflib_Perfdata_d8.dat deleted successfully.
C:\WINDOWS\temp\Perflib_Perfdata_dc.dat deleted successfully.
C:\WINDOWS\temp\Perflib_Perfdata_ec.dat deleted successfully.
C:\WINDOWS\temp\SCP13D.tmp deleted successfully.
C:\WINDOWS\temp\SCP1AD.tmp deleted successfully.
C:\WINDOWS\temp\SCP1B3.tmp deleted successfully.
C:\WINDOWS\temp\SCPD5.tmp deleted successfully.
C:\WINDOWS\temp\WFV131.tmp deleted successfully.
C:\WINDOWS\temp\WGAErrLog.txt deleted successfully.
C:\WINDOWS\temp\~DF6786.tmp deleted successfully.
Windows Temp folder emptied: 54227675 bytes
RecycleBin emptied: 250 bytes

Total Files Cleaned = 135.68 mb


OTL by OldTimer - Version 3.1.1.7 log created on 11022009_070506

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#28
DaveRo
Posted 02 November 2009 - 08:39 AM

DaveRo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
quickscan otl log
OTL logfile created on: 11/2/2009 9:33:54 AM - Run 5
OTL by OldTimer - Version 3.1.2.2 Folder = C:\Documents and Settings\R103470\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.41% Memory free
3.85 Gb Paging File | 3.24 Gb Available in Paging File | 84.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 60.04 Gb Free Space | 80.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 74.50 Gb Total Space | 42.35 Gb Free Space | 56.85% Space Free | Partition Type: NTFS
Drive M: | 74.50 Gb Total Space | 42.35 Gb Free Space | 56.85% Space Free | Partition Type: NTFS
Drive R: | 74.50 Gb Total Space | 42.35 Gb Free Space | 56.85% Space Free | Partition Type: NTFS
Drive T: | 232.83 Gb Total Space | 197.47 Gb Free Space | 84.81% Space Free | Partition Type: FAT
Drive V: | 74.50 Gb Total Space | 42.35 Gb Free Space | 56.85% Space Free | Partition Type: NTFS
Drive X: | 74.50 Gb Total Space | 42.35 Gb Free Space | 56.85% Space Free | Partition Type: NTFS
Drive Z: | 74.50 Gb Total Space | 47.76 Gb Free Space | 64.12% Space Free | Partition Type: NTFS

Computer Name: W1115072
Current User Name: R103470
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\R103470\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe (Altiris, Inc.)
PRC - C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe (Altiris, Inc.)
PRC - C:\Program Files\Adobe\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Network Associates\Common Framework\Mctray.exe (McAfee, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Utimaco\SafeGuard Easy\ecview.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe ()
PRC - C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe (Utimaco Safeware AG)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\SgLogPlayer.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe (Visioneer Inc)
PRC - c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)
PRC - c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
PRC - C:\WINDOWS\system32\FSRremoS.EXE ()


========== Win32 Services (SafeList) ==========

SRV - (LMIMaint) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (vpnagent) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (McAfeeFramework) [Unknown | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (FontCache3.0.0.0) [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) [Unknown | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (AeXNSClient) [Auto | Running] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe (Altiris, Inc.)
SRV - (helpsvc) [Auto | Running] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (LogMeIn) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (PrismXL) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (odserv) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (CVPND) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (awhost32) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation)
SRV - (ose) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (SgeCtl) [Auto | Running] -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe (Utimaco Safeware AG)
SRV - (SgeClient) [Auto | Running] -- C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe ()
SRV - (WksCfgSrv) [Auto | Running] -- C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe (Utimaco Safeware AG)
SRV - (ATI Smart) [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (Ati HotKey Poller) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (Multi-user Cleanup Service) [Disabled | Stopped] -- C:\Program Files\Lotus\Notes\ntmulti.exe (IBM Corp)
SRV - (Lotus Notes Single Logon) [Disabled | Stopped] -- C:\Program Files\Lotus\Notes\nslsvice.exe (IBM Corp)
SRV - (SgLogPlayer) [Auto | Running] -- C:\WINDOWS\system32\SgLogPlayer.exe (Utimaco Safeware AG)
SRV - (OneTouch 4.0 Monitor) [Auto | Running] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe (Visioneer Inc)
SRV - (DLSDB) [Auto | Running] -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)
SRV - (DLPWD) [Auto | Running] -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\R103470\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\AMInit.dll (Altiris, Inc.)
MOD - C:\Program Files\Utimaco\SafeGuard Easy\SgMsgBhk.dll (Utimaco Safeware AG)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.advisorcompass.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 13:16:00 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Altiris, Inc.)
O4 - HKLM..\Run: [AltirisConfiguration] C:\Program Files\Configuration\ConfigCheck\ScheduleConfig.vbs ()
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [DLPSP] c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4 - HKLM..\Run: [EdWizard] C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RunningApp] C:\Program Files\Configuration\shared\Runningapp.vbs ()
O4 - HKLM..\Run: [ScheduleEncompass] C:\Program Files\Configuration\Encompass\altiris.vbs ()
O4 - HKLM..\Run: [SGEConfiguration] C:\Program Files\Utimaco\SafeGuard Easy\SGEConfigurations.bat ()
O4 - HKLM..\Run: [SgeEcView] C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [USG] C:\WINDOWS\system32\USG.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 127.0.0.1 ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 50below.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: advisorcompass.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aefatesting.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aexp.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: americanexpress.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ameriprise.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ameriprise.webex.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ameriprisecentral.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ameripriseu.webex.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: amexweb.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ampadvisor.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ampf.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: assetlink.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: brainshark.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: cenveo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: documentsonthenet.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ezdata.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ez-data.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ez-data.com ([ampf] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ez-data.com/java ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ez-data.com/java/index.htm ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fiserv.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: forefield.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: foremostadvice.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: FundPOINTDesktop.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: mainaccount.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: marketwatch.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: morningstar.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ogilvy.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: orders.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pii121.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: riversource.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: smartofficeonline.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1FA44E01-A60B-4449-BF97-66CDAA200433} https://ampf.ez-data...s/SOConfig6.cab (SOConfig6 Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1175715704046 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1175715759437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {9C8CBDB4-53AC-4434-B3B2-404B1C5533F3} https://ams.stoneriv.../amsrptview.cab (FISERV FIPSCO Report Viewer)
O16 - DPF: {C37CCB56-C46A-4778-98C7-7B12A9C1EEAD} https://atslead.ez-d...ficeLinkOLM.cab (SmartOfficeLinkOLM Class)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://webmail.advi...ecom0/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ameriprise.w...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 159.202.20.190 159.202.50.190 159.202.70.11 165.87.13.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ampf.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\AMInit.dll) - C:\WINDOWS\system32\AMInit.dll (Altiris, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (SGGINA.DLL) - C:\WINDOWS\System32\Sggina.dll (Utimaco Safeware AG)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NotLog: DllName - SGLogEx.dll - C:\WINDOWS\System32\SGLogEx.dll (Utimaco Safeware AG)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/04 14:27:22 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/08/08 09:59:46 | 00,000,000 | ---D | M] - T:\autorun -- [ FAT ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/02 09:30:30 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\R103470\Desktop\OTL.exe
[2009/11/01 14:49:02 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/01 14:49:00 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/31 14:18:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\R103470\My Documents\My Received Files
[2009/10/31 14:05:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF
[2009/10/30 08:19:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/10/29 11:56:18 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/29 09:39:33 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/29 09:38:52 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/29 09:38:52 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/29 09:38:52 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/29 09:38:52 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/29 09:38:29 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/29 09:20:47 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/27 12:30:34 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/10/27 12:23:32 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\R103470\Desktop\RootRepeal.exe
[2009/10/27 11:58:51 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\R103470\Desktop\kelly.exe
[2009/10/27 11:58:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/27 11:57:20 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/27 11:55:51 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\R103470\Desktop\erunt_setup.exe
[2009/10/27 11:55:07 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\R103470\Desktop\SysRestorePoint.exe
[2009/10/27 11:49:01 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\R103470\Desktop\TFC.exe
[2009/10/27 09:07:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/27 08:38:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\R103470\Desktop\clean up
[2007/12/20 10:08:09 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[4 C:\Documents and Settings\R103470\My Documents\*.tmp files -> C:\Documents and Settings\R103470\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\R103470\*.tmp files -> C:\Documents and Settings\R103470\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/02 09:30:42 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\R103470\Desktop\OTL.exe
[2009/11/02 09:03:51 | 00,002,239 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/11/02 09:03:33 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/02 09:02:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/02 09:02:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/02 09:02:00 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\R103470\NTUSER.DAT
[2009/11/01 14:49:05 | 00,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/01 14:39:30 | 00,544,994 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 14:39:30 | 00,458,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 14:39:30 | 00,076,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/31 17:02:05 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\R103470\ntuser.ini
[2009/10/31 15:11:21 | 04,844,560 | -H-- | M] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\IconCache.db
[2009/10/31 14:14:33 | 00,204,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/29 12:01:47 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/29 09:47:21 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/29 09:39:53 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/29 09:28:56 | 03,427,862 | R--- | M] () -- C:\Documents and Settings\R103470\Desktop\ComboFix.exe
[2009/10/29 09:22:51 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\yezaradu
[2009/10/28 11:02:03 | 00,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2009/10/27 13:05:51 | 00,009,770 | ---- | M] () -- C:\WINDOWS\wcds.ini
[2009/10/27 13:05:33 | 00,010,498 | ---- | M] () -- C:\WINDOWS\EzCDSODB.INI
[2009/10/27 12:24:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\R103470\Desktop\settings.dat
[2009/10/27 12:23:33 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\R103470\Desktop\RootRepeal.exe
[2009/10/27 11:58:55 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\R103470\Desktop\kelly.exe
[2009/10/27 11:57:21 | 00,000,639 | ---- | M] () -- C:\Documents and Settings\R103470\Desktop\NTREGOPT.lnk
[2009/10/27 11:57:21 | 00,000,620 | ---- | M] () -- C:\Documents and Settings\R103470\Desktop\ERUNT.lnk
[2009/10/27 11:55:52 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\R103470\Desktop\erunt_setup.exe
[2009/10/27 11:55:07 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\R103470\Desktop\SysRestorePoint.exe
[2009/10/27 11:49:02 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\R103470\Desktop\TFC.exe
[2009/10/25 05:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/21 12:58:31 | 00,244,873 | ---- | M] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Milliken Household 10- 21- 2009.XLSM
[2009/10/21 12:55:37 | 00,241,700 | ---- | M] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Skarda Household 10- 21- 2009.XLSM
[2009/10/21 12:54:11 | 00,240,338 | ---- | M] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Cooper Household 10- 21- 2009.XLSM
[2009/10/21 12:50:10 | 00,242,049 | ---- | M] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Thomas Household 10- 21- 2009.XLSM
[4 C:\Documents and Settings\R103470\My Documents\*.tmp files -> C:\Documents and Settings\R103470\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\R103470\*.tmp files -> C:\Documents and Settings\R103470\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/01 14:49:05 | 00,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/31 14:06:00 | 00,002,239 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/10/29 09:39:53 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/29 09:39:50 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/29 09:38:52 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/29 09:38:52 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/29 09:38:52 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/29 09:38:52 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/29 09:38:52 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/29 09:28:53 | 03,427,862 | R--- | C] () -- C:\Documents and Settings\R103470\Desktop\ComboFix.exe
[2009/10/27 12:24:13 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\R103470\Desktop\settings.dat
[2009/10/27 11:57:21 | 00,000,639 | ---- | C] () -- C:\Documents and Settings\R103470\Desktop\NTREGOPT.lnk
[2009/10/27 11:57:21 | 00,000,620 | ---- | C] () -- C:\Documents and Settings\R103470\Desktop\ERUNT.lnk
[2009/10/21 12:58:30 | 00,244,873 | ---- | C] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Milliken Household 10- 21- 2009.XLSM
[2009/10/21 12:55:36 | 00,241,700 | ---- | C] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Skarda Household 10- 21- 2009.XLSM
[2009/10/21 12:54:11 | 00,240,338 | ---- | C] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Cooper Household 10- 21- 2009.XLSM
[2009/10/21 12:50:10 | 00,242,049 | ---- | C] () -- C:\Documents and Settings\R103470\My Documents\Asset Class Worksheet Thomas Household 10- 21- 2009.XLSM
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/08 14:32:45 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM.INI
[2009/01/08 14:32:45 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2008/04/29 08:52:24 | 00,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/02/06 09:35:39 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\TaxPrintPDF.dll
[2008/02/05 13:46:57 | 00,000,101 | ---- | C] () -- C:\WINDOWS\applink.ini
[2008/02/05 13:46:56 | 00,000,128 | ---- | C] () -- C:\WINDOWS\Utdsysap.ini
[2008/02/05 13:46:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tmp.ini
[2007/12/20 15:40:12 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\FASTWiz.html
[2007/12/20 15:37:49 | 00,030,393 | ---- | C] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\FASTWiz.log
[2007/12/20 12:13:50 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/12/20 10:57:19 | 00,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/12/20 10:57:18 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2007/12/20 10:56:56 | 00,007,803 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2007/12/20 10:56:39 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2007/12/20 10:56:39 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\lmmonres.dll
[2007/12/20 10:38:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AEFALDS.INI
[2007/12/20 10:37:39 | 00,010,498 | ---- | C] () -- C:\WINDOWS\EzCDSODB.INI
[2007/12/20 10:14:41 | 00,000,349 | ---- | C] () -- C:\WINDOWS\ezmail.ini
[2007/12/20 10:14:35 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2007/12/20 10:09:13 | 04,844,560 | -H-- | C] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\IconCache.db
[2007/12/20 10:08:30 | 00,009,770 | ---- | C] () -- C:\WINDOWS\wcds.ini
[2007/12/20 10:08:21 | 00,319,488 | ---- | C] () -- C:\WINDOWS\System32\EzActRpt.dll
[2007/12/20 10:08:21 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\ezhelp32.dll
[2007/12/20 10:08:20 | 00,147,968 | ---- | C] () -- C:\WINDOWS\System32\AL21FVB.DLL
[2007/12/20 10:08:20 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\DTCTRACE.DLL
[2007/12/20 10:08:19 | 03,203,072 | ---- | C] () -- C:\WINDOWS\System32\LCPPN201.DLL
[2007/12/20 10:08:19 | 00,024,461 | ---- | C] () -- C:\WINDOWS\DrDll.INI
[2007/12/20 10:08:12 | 00,377,856 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2007/12/20 10:08:12 | 00,244,736 | ---- | C] () -- C:\WINDOWS\System32\TAB32D20.DLL
[2007/12/20 10:08:12 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\CTREESTD.DLL
[2007/12/20 10:08:12 | 00,128,000 | ---- | C] () -- C:\WINDOWS\System32\IMP32D20.DLL
[2007/12/20 10:08:12 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\U2LFINRA.DLL
[2007/12/20 10:08:12 | 00,000,151 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[2007/12/20 10:08:09 | 00,316,416 | ---- | C] () -- C:\WINDOWS\System32\P2SMCUBE.DLL
[2007/12/20 10:08:09 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\LFFAX60N.DLL
[2007/12/20 10:08:09 | 00,147,241 | ---- | C] () -- C:\WINDOWS\System32\P2OESBSE.DLL
[2007/12/20 10:08:09 | 00,141,824 | ---- | C] () -- C:\WINDOWS\System32\LFCMP60N.DLL
[2007/12/20 10:08:09 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\U2LEXPO.DLL
[2007/12/20 10:08:09 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\U25STORE.DLL
[2007/12/20 10:08:09 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\U25TOTAL.DLL
[2007/12/20 10:08:09 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\U25DTS.DLL
[2007/12/20 10:08:09 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\U2LJUL.DLL
[2007/12/20 10:08:09 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\LFEPS60N.DLL
[2007/12/20 10:08:09 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFBMP60N.DLL
[2007/12/20 10:08:08 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\LFPNG60N.DLL
[2007/12/20 10:08:08 | 00,082,432 | ---- | C] () -- C:\WINDOWS\System32\U2LSQRT.DLL
[2007/12/20 10:08:08 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\U2LESBSE.DLL
[2007/12/20 10:08:08 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\U2LPDXTM.DLL
[2007/12/20 10:08:08 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\U2LSSM.DLL
[2007/12/20 10:08:08 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\U2LBAR.DLL
[2007/12/20 10:08:08 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\U2LCAPS.DLL
[2007/12/20 10:08:08 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\U2LSTR.DLL
[2007/12/20 10:08:08 | 00,030,720 | ---- | C] () -- C:\WINDOWS\System32\U2LTIME.DLL
[2007/12/20 10:08:08 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\U2LTEC1.DLL
[2007/12/20 10:08:08 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\U2LSTRNG.DLL
[2007/12/20 10:08:08 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\U2LSAMP1.DLL
[2007/12/20 10:08:08 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\U2LTDATE.DLL
[2007/12/20 10:08:08 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\LFPCX60N.DLL
[2007/12/20 10:08:08 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\LFPCT60N.DLL
[2007/12/20 10:08:08 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\LFPSD60N.DLL
[2007/12/20 10:08:08 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\LFMSP60N.DLL
[2007/12/20 10:08:08 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\LFMAC60N.DLL
[2007/12/20 10:08:07 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\LFTIF60N.DLL
[2007/12/20 10:08:07 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL60N.DLL
[2007/12/20 10:08:07 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\U2LDTS.DLL
[2007/12/20 10:08:07 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\U2LEXCH.DLL
[2007/12/20 10:08:07 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\U2LASC.DLL
[2007/12/20 10:08:07 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\LFTGA60N.DLL
[2007/12/20 10:08:07 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\LFWPG60N.DLL
[2007/12/20 10:08:07 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\LFWMF60N.DLL
[2007/12/19 19:42:36 | 00,049,776 | ---- | C] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/12/19 19:41:06 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\R103470\Local Settings\Application Data\fusioncache.dat
[2007/12/19 19:40:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\R103470\Application Data\desktop.ini
[2007/07/24 13:53:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/07/23 20:22:04 | 00,164,864 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2007/07/23 20:09:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/07/23 20:08:59 | 00,000,511 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/23 19:29:48 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2007/07/23 19:29:45 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2007/07/23 19:22:15 | 00,200,796 | ---- | C] () -- C:\WINDOWS\System32\Crypto.dll
[2007/07/16 11:58:10 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 11:58:00 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/04/04 17:04:55 | 00,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/04/04 15:56:59 | 00,002,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\pciinfo.sys
[2007/04/04 14:57:10 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2007/04/04 09:15:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/03/16 16:00:00 | 00,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/02/09 20:26:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/22 16:06:56 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\SGEGINATHK.dll
[2006/09/22 16:06:42 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\Sgegina040C.Dll
[2006/09/22 16:06:38 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\SgeGina0407.Dll
[2006/08/25 10:14:36 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\loaddlln.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/11/15 14:32:22 | 00,003,638 | R--- | C] () -- C:\Program Files\Common Files\Altiris_Icon.ico
[2005/03/31 11:27:18 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGCleanLocalGPO.dll
[2004/08/04 05:00:00 | 00,000,564 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/03/06 02:30:52 | 00,000,173 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI

========== LOP Check ==========

[2008/06/24 10:08:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ameriprise
[2008/07/28 08:15:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brentmark
[2009/07/15 08:06:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2007/04/04 17:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/06/01 12:33:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2007/07/23 19:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2007/12/20 11:59:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Pack
[2007/12/20 09:46:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Utimaco
[2007/12/20 09:47:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007/12/19 19:41:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\ATI
[2008/07/30 14:44:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\Brentmark
[2009/07/15 08:07:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\Cisco
[2008/10/28 12:59:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/22 11:39:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\E-Z Data
[2007/12/20 09:51:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\ImagiSOFT
[2007/12/20 17:01:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\LinkManager 4.0
[2009/07/29 08:49:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R103470\Application Data\webex
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/02 09:02:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >
  • 0

#29
DaveRo
Posted 02 November 2009 - 08:43 AM

DaveRo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
The only Symantech product installed is PCAnywhere.... used for tech support. I don't see any other Norton or Symantech products.
  • 0

#30
chamber
Posted 02 November 2009 - 11:07 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Thats ok then.

Can you run this OTL scan for me. Don't worry about the extras.txt


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP