Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect virus

Started by wayneman50 , Aug 16 2010 07:02 AM

  • This topic is locked This topic is locked

#1
wayneman50
Posted 16 August 2010 - 07:02 AM

wayneman50

    Member

  • Member
  • PipPipPip
  • 587 posts
I have a Google redirect virus. I performed all the steps in “Malware and Spyware Cleaning Guide”. I cannot get GMER to complete. At some point in the scan, it locks up. I have included the MBAM and OTL logs below.

I also performed the steps in “How to fix Google Redirects”. I have included the OTM log below. None of this has fixed the virus.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4425

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

8/13/2010 2:04:15 PM
mbam-log-2010-08-13 (14-04-15).txt

Scan type: Quick scan
Objects scanned: 151574
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 8/15/2010 10:19:31 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\WayneK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 137.05 Gb Free Space | 91.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive S: | 150.00 Gb Total Space | 13.63 Gb Free Space | 9.09% Space Free | Partition Type: NTFS

Computer Name: JTMIS14
Current User Name: WayneK
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/10 21:11:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WayneK\Desktop\OTL.exe
PRC - [2010/07/23 14:29:19 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/07/23 14:29:18 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/07/23 14:29:13 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/07/23 14:29:13 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/07/23 14:29:12 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/05/20 15:19:06 | 000,196,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2010/04/17 00:18:36 | 012,315,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/07/15 14:05:24 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/15 14:05:18 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
PRC - [2009/07/15 14:05:16 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 16:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 16:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/04/08 11:11:34 | 002,057,576 | ---- | M] (CREDANT Technologies, Inc.) -- C:\WINDOWS\system32\CmgShieldSvc.exe
PRC - [2009/04/08 11:09:22 | 000,247,144 | ---- | M] (CREDANT Technologies, Inc.) -- C:\WINDOWS\system32\CmgShieldUI.exe
PRC - [2009/04/08 11:08:20 | 001,967,464 | ---- | M] (CREDANT Technologies, Inc.) -- C:\WINDOWS\system32\EMSServiceHelper.exe
PRC - [2009/04/08 11:08:12 | 000,709,992 | ---- | M] (CREDANT Technologies, Inc.) -- C:\WINDOWS\system32\EmsService.exe
PRC - [2008/12/16 23:05:00 | 005,160,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2008/12/11 14:08:46 | 001,044,480 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2008/09/26 11:12:16 | 001,897,184 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
PRC - [2008/06/12 13:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/04/14 08:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 13:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/04/03 16:18:14 | 001,537,064 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
PRC - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/08/03 11:47:16 | 000,106,496 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\system32\kmw_run.exe
PRC - [2006/08/03 11:47:08 | 000,176,128 | ---- | M] () -- C:\WINDOWS\system32\kmw_show.exe


========== Modules (SafeList) ==========

MOD - [2010/08/10 21:11:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WayneK\Desktop\OTL.exe
MOD - [2008/04/14 08:42:32 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
MOD - [2008/04/14 08:42:12 | 000,264,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wow32.dll
MOD - [2008/04/14 08:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/08/03 11:47:12 | 000,110,592 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\system32\kmw_dll.dll
MOD - [2004/08/04 08:00:00 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tsappcmp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/23 14:29:19 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/07/23 14:29:19 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/07/23 14:29:13 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/07/23 14:29:12 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/07/23 14:29:12 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/15 14:05:24 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/07/15 14:05:16 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2009/04/08 11:11:34 | 002,057,576 | ---- | M] (CREDANT Technologies, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\CmgShieldSvc.exe -- (CMGShield)
SRV - [2009/04/08 11:08:12 | 000,709,992 | ---- | M] (CREDANT Technologies, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\EmsService.exe -- (EMS)
SRV - [2008/06/12 13:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/03/18 13:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - [2010/07/23 14:31:56 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/07/23 14:29:20 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/07/23 14:29:20 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/07/23 14:29:20 | 000,043,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/07/23 14:29:19 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/07/23 14:29:14 | 000,097,096 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/07/23 14:29:14 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/07/23 14:29:09 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/07/13 04:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100814.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 04:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100814.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/30 05:54:13 | 000,161,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/06/03 09:11:07 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/03 11:07:28 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/12/03 11:07:28 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/12/03 11:07:26 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/11/16 12:10:22 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/08/04 17:56:28 | 000,240,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2009/07/20 16:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/06/25 17:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/23 14:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/04/08 11:14:52 | 000,404,592 | ---- | M] (CREDANT Technologies, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\CMGShCEF.sys -- (CmgShieldCEF)
DRV - [2009/04/08 11:13:22 | 000,161,128 | ---- | M] (CREDANT Technologies, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\CmgShieldNP.dll -- (CmgShieldNP)
DRV - [2008/12/11 14:11:34 | 000,338,944 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/08/14 10:25:54 | 000,008,960 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc2.sys -- (PLUsbbc2)
DRV - [2008/08/14 10:25:54 | 000,004,736 | R--- | M] (Laplink Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\llusbflt.sys -- (LLUSBFLT)
DRV - [2008/06/12 15:40:50 | 000,477,696 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/05/21 14:48:46 | 006,018,464 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/05/14 10:08:16 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/05/14 10:08:14 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/14 01:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/28 12:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/03/28 01:14:00 | 000,224,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/04/03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/10/17 10:59:06 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/10/17 10:57:58 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2006/08/03 11:47:20 | 000,010,112 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmw_usb.sys -- (KMW_USB)
DRV - [2006/08/03 11:47:18 | 000,091,648 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmw_sys.sys -- (KMW_SYS)
DRV - [2006/08/03 11:46:50 | 000,005,376 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmw_kbd.sys -- (KMW_KBD)
DRV - [2005/01/26 08:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sjmcweb/portal/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/08/11 20:44:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEHlprObjClass) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Kensington\MouseWorks\IE_KMW.DLL File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CmgShieldUI] C:\WINDOWS\system32\CmgShieldUI.exe (CREDANT Technologies, Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EmsService] C:\WINDOWS\System32\EMSServiceHelper.exe (CREDANT Technologies, Inc.)
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [MSWheel] File not found
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: catholichealth.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: catholichealth.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: catholichealth.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: healthstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: livemeeting.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: relayclearance.com ([relayhealth] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231950157984 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1269979161812 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {C87ACE20-4BA7-11D4-AD69-0000F80020BC} http://eajtmapp03/wo...on/MTAppDwn.exe (MEDITECHAppDwnld)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.64.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Towson-MD.catholichealth.net
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\CMGShieldNP: DllName - CmgShieldNP.dll - C:\WINDOWS\System32\CmgShieldNP.dll (CREDANT Technologies, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/25 15:58:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/17 11:52:18 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{9cde87f2-9917-11df-a048-0026c6b6c016}\Shell - "" = AutoRun
O33 - MountPoints2\{9cde87f2-9917-11df-a048-0026c6b6c016}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9cde87f2-9917-11df-a048-0026c6b6c016}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9cde87f3-9917-11df-a048-0026c6b6c016}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/08/13 13:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/08/13 13:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/08/13 13:17:07 | 006,289,216 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\WayneK\Desktop\HitmanPro35.exe
[2010/08/11 20:50:49 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\WayneK\Desktop\GooredFix.exe
[2010/08/11 20:44:13 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/08/11 20:42:47 | 000,520,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WayneK\Desktop\OTM.exe
[2010/08/10 21:11:19 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WayneK\Desktop\OTL.exe
[2010/08/10 15:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Communicator
[2010/08/10 14:49:18 | 001,197,904 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\WayneK\Desktop\TDSSKiller.exe
[2010/08/08 20:28:09 | 000,000,000 | ---D | C] -- C:\virus problem
[2010/08/08 16:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Application Data\Malwarebytes
[2010/08/08 16:39:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/08 16:39:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/08 16:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/08 16:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/08 16:39:10 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\WayneK\Desktop\mbam-setup.exe
[2010/08/08 16:36:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/08 16:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/08 09:32:41 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\WayneK\Desktop\erunt-setup.exe
[2010/08/08 09:30:14 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WayneK\Desktop\TFC.exe
[2010/08/02 14:08:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Local Settings\Application Data\iLinc
[2010/08/02 14:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\iLinc
[2010/07/27 14:02:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\WayneK\My Documents\cache
[2010/07/27 14:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Application Data\webex
[2010/07/23 14:29:20 | 000,353,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\sysfer.dll
[2010/07/23 14:29:20 | 000,320,944 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspl.sys
[2010/07/23 14:29:20 | 000,107,848 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll
[2010/07/23 14:29:20 | 000,087,368 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll
[2010/07/23 14:29:20 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspx.sys
[2010/07/23 14:29:20 | 000,043,336 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WPSDRVnt.sys
[2010/07/23 14:29:19 | 000,283,184 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtsp.sys
[2010/07/23 14:29:14 | 000,067,472 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\Teefer2.sys
[2010/07/23 09:02:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\WayneK\UserData
[2010/07/17 11:52:18 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/07/09 07:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/07/06 16:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2010/06/28 16:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/06/28 15:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/06/28 15:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/06/28 15:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/06/28 15:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/06/28 15:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/06/28 15:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/06/28 15:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/06/28 15:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/06/28 15:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/06/28 15:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/06/28 15:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/06/28 15:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/06/28 15:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/06/28 15:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/06/28 15:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/06/28 15:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/06/28 15:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/06/23 07:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2010/06/16 10:53:26 | 000,110,592 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\kmw_dll.dll
[2010/06/16 10:53:26 | 000,106,496 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\kmw_run.exe
[2010/06/16 10:53:26 | 000,091,648 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\drivers\kmw_sys.sys
[2010/06/16 10:53:26 | 000,010,112 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\drivers\kmw_usb.sys
[2010/06/16 10:53:26 | 000,005,376 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\drivers\kmw_kbd.sys
[2010/06/16 10:53:26 | 000,004,736 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\drivers\kmw_lib.sys
[2010/06/16 10:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Kensington
[2010/06/16 10:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Desktop\MW_PC_622
[2010/06/14 09:41:53 | 000,000,000 | ---D | C] -- C:\temp for Forms Online
[2010/05/28 13:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Local Settings\Application Data\PCHealth
[2010/05/28 13:36:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/05/28 13:35:59 | 000,127,376 | ---- | C] (Deterministic Networks, Inc.) -- C:\WINDOWS\System32\drivers\dne2000.sys
[2010/05/28 13:35:59 | 000,101,904 | ---- | C] (Deterministic Networks, Inc.) -- C:\WINDOWS\System32\dneinobj.dll
[2010/05/28 13:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2010/05/21 16:48:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2010/05/21 14:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Tracing
[2010/05/21 14:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Local Settings\Application Data\Laplink
[2010/05/21 14:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\My Documents\My PaperPort Documents
[2010/05/21 14:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\My Documents\My Meetings
[2010/05/21 14:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Application Data\Sun
[2010/05/21 14:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Application Data\ScriptlinkPlus
[2010/05/21 14:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Application Data\Kensington
[2010/05/21 14:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Application Data\Help
[2010/05/21 14:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Application Data\CiscoCAA
[2010/05/21 14:53:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\WayneK\My Documents\My Videos
[2010/05/21 14:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Local Settings\Application Data\Help
[2010/05/21 14:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Local Settings\Application Data\Citrix
[2010/05/21 14:52:39 | 000,000,000 | ---D | C] -- C:\SLPlus
[2010/05/21 14:52:31 | 000,000,000 | ---D | C] -- C:\kmouse
[2010/05/21 14:52:25 | 000,000,000 | ---D | C] -- C:\IATRIC
[2010/05/21 14:52:13 | 000,000,000 | ---D | C] -- C:\dell
[2010/05/21 14:51:56 | 000,000,000 | ---D | C] -- C:\000
[2010/05/21 14:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/05/21 14:49:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/05/21 14:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/05/21 14:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\Visioneer OneTouch
[2010/05/21 14:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC
[2010/05/21 14:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Scansoft
[2010/05/21 14:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Iatric Systems
[2010/05/21 14:48:22 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/05/21 14:48:22 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2010/05/21 14:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\AR System
[2010/05/21 14:47:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/05/21 14:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\scansoft shared
[2010/05/21 14:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/05/21 14:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AR System
[2010/05/21 14:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/05/21 14:45:43 | 000,000,000 | --SD | C] -- C:\Documents and Settings\WayneK\Application Data\Microsoft
[2010/05/21 14:45:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\WayneK\SendTo
[2010/05/21 14:45:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\WayneK\Recent
[2010/05/21 14:45:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\WayneK\Application Data
[2010/05/21 14:45:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\WayneK\Start Menu
[2010/05/21 14:45:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\WayneK\My Documents\My Pictures
[2010/05/21 14:45:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\WayneK\My Documents\My Music
[2010/05/21 14:45:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\WayneK\My Documents
[2010/05/21 14:45:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\WayneK\Favorites
[2010/05/21 14:45:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\WayneK\Cookies
[2010/05/21 14:45:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\WayneK\Templates
[2010/05/21 14:45:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\WayneK\PrintHood
[2010/05/21 14:45:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\WayneK\NetHood
[2010/05/21 14:45:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\WayneK\Local Settings
[2010/05/21 14:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Local Settings\Application Data\Symantec
[2010/05/21 14:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Application Data\Spearit
[2010/05/21 14:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Local Settings\Application Data\Microsoft
[2010/05/21 14:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Application Data\Macromedia
[2010/05/21 14:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Application Data\Identities
[2010/05/21 14:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Application Data\hpqLog
[2010/05/21 14:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Desktop
[2010/05/21 14:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Bluetooth Software
[2010/05/21 14:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\My Documents\Bluetooth Exchange Folder
[2010/05/21 14:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Local Settings\Application Data\Adobe
[2010/05/21 14:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WayneK\Application Data\Adobe
[2010/05/21 14:41:18 | 000,008,960 | R--- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\drivers\usbbc2.sys
[2010/05/21 14:41:18 | 000,004,736 | R--- | C] (Laplink Software, Inc.) -- C:\WINDOWS\System32\drivers\llusbflt.sys
[2010/05/21 14:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2010/05/21 14:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2010/05/21 14:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Laplink
[2010/05/21 14:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\Laplink
[2010/05/21 14:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/21 14:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/05/21 14:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/21 14:13:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/05/21 14:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/21 14:12:18 | 000,000,000 | ---D | C] -- C:\Ali
[2010/05/21 14:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McKesson
[2010/05/21 14:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\McKesson
[2010/05/21 14:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/05/21 14:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/21 14:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/21 14:06:52 | 000,000,000 | ---D | C] -- C:\CiscoCAA
[2010/05/21 14:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2010/05/21 14:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\Integrad.3
[2010/05/21 14:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/21 14:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/21 14:01:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/12/16 10:58:48 | 000,348,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2008/11/05 11:46:08 | 000,032,768 | ---- | C] ( ) -- C:\WINDOWS\System32\SLPlusSlink.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/15 10:05:26 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/08/14 15:58:06 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/14 15:55:20 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Outlook 2003.lnk
[2010/08/14 15:52:58 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/08/14 15:52:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/14 15:52:30 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\WayneK\NTUSER.DAT
[2010/08/14 15:52:30 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\WayneK\ntuser.ini
[2010/08/14 15:51:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/14 15:51:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/13 13:38:47 | 001,132,196 | ---- | M] () -- C:\Documents and Settings\WayneK\Desktop\tdsskiller.zip
[2010/08/13 13:17:40 | 006,289,216 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\WayneK\Desktop\HitmanPro35.exe
[2010/08/11 20:50:49 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\WayneK\Desktop\GooredFix.exe
[2010/08/11 20:44:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/08/11 20:42:49 | 000,520,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WayneK\Desktop\OTM.exe
[2010/08/11 10:55:14 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\WayneK\Desktop\launch.rtc
[2010/08/11 09:45:01 | 000,000,378 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/08/10 21:11:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WayneK\Desktop\OTL.exe
[2010/08/10 14:49:18 | 001,197,904 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\WayneK\Desktop\TDSSKiller.exe
[2010/08/10 08:44:47 | 000,531,040 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/10 08:44:47 | 000,448,376 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/10 08:44:47 | 000,073,668 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/08 20:28:47 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\WayneK\Desktop\gmer.zip
[2010/08/08 16:39:37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/08 16:39:16 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\WayneK\Desktop\mbam-setup.exe
[2010/08/08 16:35:47 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\WayneK\Desktop\NTREGOPT.lnk
[2010/08/08 16:35:47 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\WayneK\Desktop\ERUNT.lnk
[2010/08/08 09:32:43 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\WayneK\Desktop\erunt-setup.exe
[2010/08/08 09:30:15 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WayneK\Desktop\TFC.exe
[2010/08/03 07:47:00 | 000,000,024 | ---- | M] () -- C:\WINDOWS\MDM
[2010/07/28 17:08:24 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\WayneK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/07/23 14:31:56 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/23 14:31:56 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/23 14:31:56 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/07/23 14:31:56 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/23 14:29:20 | 000,353,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\sysfer.dll
[2010/07/23 14:29:20 | 000,320,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspl.sys
[2010/07/23 14:29:20 | 000,107,848 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll
[2010/07/23 14:29:20 | 000,087,368 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll
[2010/07/23 14:29:20 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspx.sys
[2010/07/23 14:29:20 | 000,043,336 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WPSDRVnt.sys
[2010/07/23 14:29:20 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspx.cat
[2010/07/23 14:29:20 | 000,001,421 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspx.inf
[2010/07/23 14:29:19 | 000,283,184 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtsp.sys
[2010/07/23 14:29:19 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspl.cat
[2010/07/23 14:29:19 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtsp.cat
[2010/07/23 14:29:19 | 000,001,430 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspl.inf
[2010/07/23 14:29:19 | 000,001,415 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtsp.inf
[2010/07/23 14:29:14 | 000,097,096 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2010/07/23 14:29:14 | 000,067,472 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\Teefer2.sys
[2010/07/17 11:51:36 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\WayneK\Desktop\Flash_Disinfector.exe
[2010/07/14 11:39:58 | 000,210,944 | ---- | M] () -- C:\TEMP CHG.doc
[2010/07/06 16:18:58 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WebEx Player.lnk
[2010/07/06 16:18:58 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WebEx Recorder.lnk
[2010/07/06 16:09:28 | 008,963,584 | ---- | M] () -- C:\Documents and Settings\WayneK\Desktop\nbr2player.msi
[2010/07/03 15:49:43 | 005,333,532 | -H-- | M] () -- C:\Documents and Settings\WayneK\Local Settings\Application Data\IconCache.db
[2010/06/30 09:35:37 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\WayneK\My Documents\Default.rdp
[2010/06/30 05:54:13 | 000,161,920 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2010/06/28 15:54:06 | 000,137,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/28 15:50:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/28 15:45:41 | 000,000,643 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/23 10:37:28 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MEDITECH Workstation 3.lnk
[2010/06/23 10:34:46 | 000,000,524 | ---- | M] () -- C:\Documents and Settings\WayneK\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk
[2010/06/16 10:53:27 | 000,000,258 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/16 10:45:58 | 004,280,320 | ---- | M] () -- C:\Documents and Settings\WayneK\Desktop\MouseWorks_PC_622.exe
[2010/06/15 12:55:16 | 000,000,750 | ---- | M] () -- C:\CHI-VPN.pcf
[2010/06/07 14:16:14 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\WayneK\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/07 14:16:14 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\WayneK\Desktop\Windows Media Player.lnk
[2010/06/02 10:53:16 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/06/02 10:50:56 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/02 10:50:22 | 000,001,958 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
[2010/06/02 10:50:22 | 000,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Clean Access Agent.lnk
[2010/06/02 10:30:44 | 000,008,552 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/05/28 13:45:54 | 000,000,035 | ---- | M] () -- C:\Documents and Settings\WayneK\Desktop\H Drive.bat
[2010/05/28 13:36:20 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNInstall.MIF
[2010/05/24 14:56:43 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\WayneK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/24 14:56:02 | 000,001,236 | RHS- | M] () -- C:\Documents and Settings\WayneK\ntuser.pol
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/13 13:38:44 | 001,132,196 | ---- | C] () -- C:\Documents and Settings\WayneK\Desktop\tdsskiller.zip
[2010/08/13 13:18:00 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/13 13:17:16 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/08/11 10:55:14 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\WayneK\Desktop\launch.rtc
[2010/08/11 09:45:01 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/08/10 15:11:14 | 000,080,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/08 20:28:45 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\WayneK\Desktop\gmer.zip
[2010/08/08 16:39:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/08 16:35:47 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\WayneK\Desktop\NTREGOPT.lnk
[2010/08/08 16:35:47 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\WayneK\Desktop\ERUNT.lnk
[2010/07/23 14:29:20 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspx.cat
[2010/07/23 14:29:20 | 000,001,421 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspx.inf
[2010/07/23 14:29:19 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspl.cat
[2010/07/23 14:29:19 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtsp.cat
[2010/07/23 14:29:19 | 000,001,430 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspl.inf
[2010/07/23 14:29:19 | 000,001,415 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtsp.inf
[2010/07/17 11:51:35 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\WayneK\Desktop\Flash_Disinfector.exe
[2010/07/14 11:39:58 | 000,210,944 | ---- | C] () -- C:\TEMP CHG.doc
[2010/07/06 16:18:58 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WebEx Player.lnk
[2010/07/06 16:18:58 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WebEx Recorder.lnk
[2010/07/06 16:09:28 | 008,963,584 | ---- | C] () -- C:\Documents and Settings\WayneK\Desktop\nbr2player.msi
[2010/06/30 09:35:37 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\WayneK\My Documents\Default.rdp
[2010/06/23 10:37:28 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MEDITECH Workstation 3.lnk
[2010/06/23 10:34:46 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\WayneK\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk
[2010/06/16 10:53:26 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\kmw_show.exe
[2010/06/16 10:45:58 | 004,280,320 | ---- | C] () -- C:\Documents and Settings\WayneK\Desktop\MouseWorks_PC_622.exe
[2010/06/15 12:55:16 | 000,000,750 | ---- | C] () -- C:\CHI-VPN.pcf
[2010/05/28 13:55:24 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\WayneK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/05/28 13:38:58 | 000,000,035 | ---- | C] () -- C:\Documents and Settings\WayneK\Desktop\H Drive.bat
[2010/05/28 13:35:50 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/05/28 13:35:45 | 000,001,594 | ---- | C] () -- C:\WINDOWS\VPNInstall.MIF
[2010/05/21 16:48:59 | 000,008,552 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/05/21 14:45:43 | 004,194,304 | -H-- | C] () -- C:\Documents and Settings\WayneK\NTUSER.DAT
[2010/05/21 14:45:43 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\WayneK\Application Data\Microsoft\Internet Explorer\Quick Launch\MEDITECH Workstation 4.lnk
[2010/05/21 14:45:43 | 000,001,236 | RHS- | C] () -- C:\Documents and Settings\WayneK\ntuser.pol
[2010/05/21 14:45:43 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\WayneK\ntuser.dat.LOG
[2010/05/21 14:45:43 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\WayneK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/21 14:45:43 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\WayneK\ntuser.ini
[2010/05/21 14:45:43 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\WayneK\Desktop\Show Desktop.scf
[2010/05/21 14:15:39 | 000,002,521 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Outlook 2003.lnk
[2010/05/21 14:09:38 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/21 14:06:50 | 000,001,958 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
[2010/05/21 14:06:50 | 000,001,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Clean Access Agent.lnk
[2010/05/14 19:30:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/03/31 11:16:17 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/03/30 15:20:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/03/26 11:27:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll
[2010/03/05 15:48:48 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\SLPLUSNUI.DLL
[2010/03/05 15:48:42 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\SLPlusMTAD.DLL
[2010/03/05 15:48:36 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\SLPlusFS.DLL
[2010/03/05 15:48:28 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\SLPLUSCS.DLL
[2010/03/05 15:47:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SLPLUS3x.DLL
[2010/01/20 16:34:37 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/01/19 09:11:52 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\SLPMTWPST.DLL
[2009/12/16 10:58:47 | 000,001,345 | ---- | C] () -- C:\WINDOWS\DKAAT2DD.ini
[2009/12/15 09:48:24 | 000,000,632 | ---- | C] () -- C:\WINDOWS\System32\DWRCCMDError.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/17 13:23:54 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\vfscl2.dll
[2008/05/16 12:30:50 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\VFSCL.DLL
[2008/05/12 15:51:50 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/04/03 16:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/04/03 16:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/06/23 10:16:02 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2005/02/17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/09 14:15:16 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/01/08 17:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/05/29 12:23:34 | 000,002,918 | ---- | C] () -- C:\WINDOWS\System32\kid_inst.dll

========== LOP Check ==========

[2010/05/21 14:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/05/21 14:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AR System
[2010/08/08 16:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Credant
[2010/08/13 13:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/05/21 14:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2010/05/21 14:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/05/21 14:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2010/05/21 14:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WayneK\Application Data\CiscoCAA
[2010/05/21 14:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WayneK\Application Data\Kensington
[2010/05/21 14:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WayneK\Application Data\ScriptlinkPlus
[2010/05/21 14:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WayneK\Application Data\Spearit
[2010/07/27 14:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WayneK\Application Data\webex

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/04/28 10:27:15 | 000,023,040 | ---- | M] () -- C:\7 day med summary problems.doc
[2010/03/25 15:58:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/16 09:31:10 | 000,004,421 | ---- | M] () -- C:\balance.txt
[2010/05/04 15:01:29 | 000,189,952 | ---- | M] () -- C:\BAR ADM.doc
[2010/05/14 18:16:21 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/06/15 12:55:16 | 000,000,750 | ---- | M] () -- C:\CHI-VPN.pcf
[2010/03/25 15:58:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/03/04 09:48:08 | 000,000,021 | ---- | M] () -- C:\DATA.DAT
[2006/05/23 11:52:00 | 000,221,184 | ---- | M] (Medical Information Technology, Inc.) -- C:\DM.DLL
[2006/05/23 11:52:00 | 000,061,440 | ---- | M] (Medical Information Technology, Inc.) -- C:\DMDiag.DL_
[2006/05/23 11:52:00 | 000,081,920 | ---- | M] (Medical Information Technology, Inc.) -- C:\DMFS.DLL
[2006/05/23 11:53:00 | 000,094,208 | ---- | M] (Medical Information Technology, Inc.) -- C:\DMHTML.DLL
[2006/04/12 08:01:00 | 000,086,016 | ---- | M] () -- C:\DocMon.exe
[2010/03/25 15:58:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/03/27 14:09:00 | 000,037,376 | ---- | M] () -- C:\MEditor.dll
[2006/04/12 08:00:00 | 000,167,936 | ---- | M] (Medical Information Technology, Inc.) -- C:\MFX.dll
[2010/03/25 15:58:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 01:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 03:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/14 15:51:03 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2006/10/18 14:37:00 | 000,000,352 | ---- | M] () -- C:\print.mtad
[2010/08/05 10:33:23 | 000,024,066 | ---- | M] () -- C:\Rescued document.txt
[2010/03/08 15:27:03 | 008,308,224 | ---- | M] () -- C:\scriptlinkplus.5.2.48.msi
[2010/08/13 13:40:34 | 000,041,696 | ---- | M] () -- C:\TDSSKiller.2.4.1.1_13.08.2010_13.39.53_log.txt
[2010/07/14 11:39:58 | 000,210,944 | ---- | M] () -- C:\TEMP CHG.doc
[2006/05/23 11:53:00 | 000,110,592 | ---- | M] (Medical Information Technology, Inc.) -- C:\VMagicPPII.exe
[2007/11/13 15:08:08 | 000,000,000 | ---- | M] () -- C:\VMagicPPII.log
[2006/05/23 11:53:00 | 000,057,344 | ---- | M] (Medical Information Technology, Inc.) -- C:\VMagicPPVW.exe
[2006/05/23 11:53:00 | 000,028,672 | ---- | M] (Medical Information Technology, Inc.) -- C:\VPrintProc.exe

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/03/25 15:58:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2010/07/09 08:31:14 | 000,082,184 | ---- | M] (Microsoft Corporation.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2002/01/08 16:51:00 | 000,047,616 | ---- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/03/25 14:12:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/03/25 14:12:40 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/03/25 14:12:40 | 000,942,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/03/25 15:58:26 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0
"AUOptions" = 4
"ScheduledInstallDay" = 0
"ScheduledInstallTime" = 15
"UseWUServer" = 1
"RescheduleWaitTimeEnabled" = 1
"RescheduleWaitTime" = 1
"NoAutoRebootWithLoggedOnUsers" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-28 20:52:04
< End of report >


All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\WayneK\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\WayneK\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: mahth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: WayneK
->Temp folder emptied: 2240348 bytes
->Temporary Internet Files folder emptied: 136382300 bytes
->Java cache emptied: 32085750 bytes
->Flash cache emptied: 16109 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2428917 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13467376 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 178.00 mb

Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTM by OldTimer - Version 3.1.15.0 log created on 08162010_083457

Files moved on Reboot...
C:\Documents and Settings\WayneK\Local Settings\Temp\ExchangePerflog_8484fa31dbfa561cdcd6c672.dat moved successfully.
C:\Documents and Settings\WayneK\Local Settings\Temp\MPC6.tmp moved successfully.
C:\Documents and Settings\WayneK\Local Settings\Temp\~DF4DC8.tmp moved successfully.
File C:\Documents and Settings\WayneK\Local Settings\Temp\~DF9FDA.tmp not found!
C:\Documents and Settings\WayneK\Local Settings\Temp\~DFFFDA.tmp moved successfully.
C:\Documents and Settings\WayneK\Local Settings\Temporary Internet Files\Content.Word\~WRF0003.tmp moved successfully.
C:\Documents and Settings\WayneK\Local Settings\Temporary Internet Files\Content.Word\~WRS0002.tmp moved successfully.
C:\Documents and Settings\WayneK\Local Settings\Temporary Internet Files\Content.IE5\T6UIEVFT\getdenied[1].htm moved successfully.
C:\Documents and Settings\WayneK\Local Settings\Temporary Internet Files\Content.IE5\PXX3VRBW\267407-how-to-fix-google-redirects[1].htm moved successfully.
C:\Documents and Settings\WayneK\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP