Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

JetSwap SafeSearch Infected 2003 Server SP2


  • This topic is locked This topic is locked
2 replies to this topic

#1 andyfisk

andyfisk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 10 May 2011 - 07:32 PM

Tried everything I've read on here, but it still seems to pop up after restart in normal mode. Ran a scan with OCL and here are the 2 txt files OTL.txt first, followed by Extras.txt


OTL logfile created on: 5/10/2011 7:19:44 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop\This is F'd UP
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.63 Gb Total Space | 1.13 Gb Free Space | 7.23% Space Free | Partition Type: NTFS
Drive D: | 449.97 Gb Total Space | 368.51 Gb Free Space | 81.90% Space Free | Partition Type: NTFS

Computer Name: NS1 | User Name: administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\This is F'd UP\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft\safesurf.exe (JetSwap Inc.)
PRC - C:\Program Files\Microsoft\smss.exe ()
PRC - C:\Program Files\Common Files\Microsoft\services.exe ()
PRC - D:\Mail\INTER\INTER.EXE (LAN-ACES Inc.)
PRC - D:\Mail\LOGIC\OLHOST32.EXE (LAN-ACES Inc.)
PRC - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\wins.exe (Microsoft Corporation)
PRC - C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe (Pervasive Software Inc.)
PRC - C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
PRC - C:\Program Files\HighPoint Technologies, Inc\HighPoint RAID Management Software\Service\drvInst.exe ()
PRC - C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\sbscrexe.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
PRC - C:\Program Files\HighPoint Technologies, Inc\HighPoint RAID Management Software\Service\hptsvr.exe ()
PRC - C:\Program Files\TightVNC\WinVNC.exe (TightVNC Group)
PRC - C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\RAID Storage Manager\StorServ.exe (Dell)
PRC - c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
PRC - C:\Program Files\Belkin Bulldog Plus\upsd.exe (Delta)
PRC - C:\Program Files\Iomega\REV System Software\ImIconXp.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\REV System Software\RevUDF.exe (Iomega Corp)
PRC - C:\Program Files\Belkin Bulldog Plus\MUPS.exe ()
PRC - C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
PRC - C:\Program Files\NavNT\defwatch.exe (Symantec Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\This is F'd UP\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\asoehook.dll (Symantec Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WinHttpAutoProxySvc) -- File not found
SRV - (HidServ) -- File not found
SRV - (videos2) -- C:\Program Files\Common Files\Microsoft\services.exe ()
SRV - (videos) -- C:\Program Files\Common Files\Microsoft\services.exe ()
SRV - (OLINTER) -- D:\Mail\INTER\INTER.EXE (LAN-ACES Inc.)
SRV - (Office-Logic Host) -- D:\Mail\LOGIC\OLHOST32.EXE (LAN-ACES Inc.)
SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (WINS) Windows Internet Name Service (WINS) -- C:\WINDOWS\system32\wins.exe (Microsoft Corporation)
SRV - (psqlWGE) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe (Pervasive Software Inc.)
SRV - (DNS) -- C:\WINDOWS\system32\dns.exe (Microsoft Corporation)
SRV - (LicenseService) -- C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
SRV - (Tssdis) -- C:\WINDOWS\system32\tssdis.exe (Microsoft Corporation)
SRV - (SBCore) -- C:\WINDOWS\system32\sbscrexe.exe (Microsoft Corporation)
SRV - (RSoPProv) -- C:\WINDOWS\system32\rsopprov.exe (Microsoft Corporation)
SRV - (NtFrs) -- C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
SRV - (IsmServ) -- C:\WINDOWS\system32\ismserv.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (RESvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (POP3Svc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (NntpSvc) Network News Transfer Protocol (NNTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IMAP4Svc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (Dfs) -- C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
SRV - (hptsvr) -- C:\Program Files\HighPoint Technologies, Inc.\HighPoint RAID Management Software\service\hptsvr.exe ()
SRV - (winvnc) -- C:\Program Files\TightVNC\WinVNC.exe (TightVNC Group)
SRV - (MSSEARCH) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe (Microsoft Corporation)
SRV - (TrkSvr) -- C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
SRV - (sacsvr) -- C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
SRV - (MSPOP3Connector) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe (Microsoft Corporation)
SRV - (RAIDStorAgent) -- C:\Program Files\Dell\RAID Storage Manager\StorServ.exe (Dell)
SRV - (UPSentry_Smart) -- C:\Program Files\Belkin Bulldog Plus\upsd.exe (Delta)
SRV - (RevUDFService) -- C:\Program Files\Iomega\REV System Software\RevUDF.exe (Iomega Corp)
SRV - (MSExchangeIS) -- C:\Program Files\Exchsrvr\bin\store.exe (Microsoft Corporation)
SRV - (MSExchangeSA) -- C:\Program Files\Exchsrvr\bin\mad.exe (Microsoft Corporation)
SRV - (MSExchangeMGMT) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe (Microsoft Corporation)
SRV - (MSExchangeMTA) -- C:\Program Files\Exchsrvr\bin\emsmta.exe (Microsoft Corporation)
SRV - (MSExchangeSRS) -- C:\Program Files\Exchsrvr\bin\srsmain.exe (Microsoft Corporation)
SRV - (MSExchangeES) -- C:\Program Files\Exchsrvr\bin\events.exe (Microsoft Corporation)
SRV - (Norton AntiVirus Server) -- C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\NavNT\defwatch.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110430.001\BHDrvx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110510.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110510.003\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110506.001\IDSXpx86.sys (Symantec Corporation)
DRV - (utm4ndaw) -- C:\WINDOWS\system32\drivers\utm4ndaw.sys ()
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation)
DRV - (61967002) -- C:\WINDOWS\system32\DRIVERS\61967002.sys (Kaspersky Lab)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation)
DRV - (61967001) -- C:\WINDOWS\system32\drivers\61967001.sys (Kaspersky Lab)
DRV - (hotcore3) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (rr172x) -- C:\WINDOWS\system32\DRIVERS\rr172x.sys (HighPoint Technologies, Inc.)
DRV - (WLBS) -- C:\WINDOWS\system32\drivers\wlbs.sys (Microsoft Corporation)
DRV - (DfsDriver) -- C:\WINDOWS\system32\drivers\Dfs.sys (Microsoft Corporation)
DRV - (ClusDisk) -- C:\WINDOWS\system32\drivers\clusdisk.sys (Microsoft Corporation)
DRV - (Si3124r5) -- C:\WINDOWS\system32\DRIVERS\Si3124r5.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (AFAmgt) -- C:\WINDOWS\System32\drivers\afamgt.sys (Adaptec, Inc.)
DRV - (symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (lp6nds35) -- C:\WINDOWS\system32\DRIVERS\lp6nds35.sys (Emulex Corporation)
DRV - (ipsraidn) -- C:\WINDOWS\system32\DRIVERS\ipsraidn.sys (IBM Corporation)
DRV - (dpti2o) -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys (Adaptec, Inc.)
DRV - (cpqcissm) -- C:\WINDOWS\system32\DRIVERS\cpqcissm.sys (Hewlett-Packard Company)
DRV - (ati2mpad) -- C:\WINDOWS\system32\drivers\ati2mpad.sys (ATI Technologies Inc.)
DRV - (IABFilt) -- C:\WINDOWS\system32\DRIVERS\IABFilt.sys (Iomega)
DRV - (imdrvfsf) -- C:\WINDOWS\system32\DRIVERS\imdrvfsf.sys (Iomega Corporation)
DRV - (aarich) -- C:\WINDOWS\system32\drivers\aarich.sys (Adaptec, Inc.)
DRV - (EXIFS) -- C:\WINDOWS\system32\drivers\exifs.sys (Microsoft Corporation)
DRV - (dellcerc) -- C:\WINDOWS\system32\DRIVERS\dellcerc.sys (LSI Logic Corporation)
DRV - (cpqfcalm) -- C:\WINDOWS\system32\DRIVERS\cpqfcalm.sys (Hewlett-Packard Company)
DRV - (cpqarry2) -- C:\WINDOWS\system32\DRIVERS\cpqarry2.sys (Hewlett-Packard Company)
DRV - (afcnt) -- C:\WINDOWS\system32\DRIVERS\afcnt.sys (Agilent Technologies)
DRV - (hpt3xx) -- C:\WINDOWS\system32\DRIVERS\hpt3xx.sys (HighPoint Technologies, Inc.)
DRV - (ql2200) -- C:\WINDOWS\system32\DRIVERS\ql2200.sys (QLogic Corporation)
DRV - (ql2100) -- C:\WINDOWS\system32\DRIVERS\ql2100.sys (QLogic Corporation)
DRV - (Cpqarray) -- C:\WINDOWS\system32\DRIVERS\cpqarray.sys (Hewlett-Packard Company)
DRV - (NAVAP) -- C:\Program Files\NavNT\navap.sys ()
DRV - (NAVAPEL) -- C:\Program Files\NavNT\Navapel.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://i.g-fox.cn/"
FF - prefs.js..extensions.enabledItems: [email protected]:0.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.9
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.11
FF - prefs.js..extensions.enabledItems: [email protected]:0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/12/13 11:17:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/12/12 18:24:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/12/15 15:37:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/14 01:21:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 11:54:53 | 000,000,000 | ---D | M]

[2011/04/20 04:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/04/20 04:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/04/20 04:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6xgw24o8.default\extensions
[2011/05/08 08:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/14 01:17:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/03/23 11:54:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/01/14 01:17:57 | 000,000,000 | ---D | M] (Addon Notification) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/01/14 01:17:56 | 000,000,000 | ---D | M] (China Edition Home Page) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/01/14 01:17:56 | 000,000,000 | ---D | M] (China Edition Addons Manager) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/01/14 01:17:56 | 000,000,000 | ---D | M] (Font Setter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/01/14 01:17:54 | 000,000,000 | ---D | M] (Live Margin 3) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/01/14 01:17:53 | 000,000,000 | ---D | M] (Personas) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/01/14 01:17:53 | 000,000,000 | ---D | M] (Easy Access) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/01/14 01:17:53 | 000,000,000 | ---D | M] (安全标识) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/01/14 01:17:52 | 000,000,000 | ---D | M] ("分享工具条") -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/01/14 01:17:52 | 000,000,000 | ---D | M] (Tab Improvement Lite) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/01/14 01:17:52 | 000,000,000 | ---D | M] (Zoom Panel) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/12/12 18:24:02 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
[2010/12/13 11:17:13 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2010/12/15 15:37:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/03 15:04:31 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/12/03 15:04:31 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/03 15:04:31 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/12/03 13:14:28 | 000,001,504 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcn.xml
[2010/12/03 13:14:28 | 000,003,922 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\baidu.xml
[2010/12/03 13:14:28 | 000,004,075 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\baiduzhidao.xml
[2010/12/03 13:14:28 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/12/03 13:14:28 | 000,002,427 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eachnet.xml
[2010/12/03 13:14:28 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/12/03 13:14:28 | 000,002,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\paipai.xml
[2011/02/11 07:30:56 | 000,002,469 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\safesearch.xml
[2010/12/03 13:14:28 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-zh-CN.xml

O1 HOSTS File: ([2009/08/08 09:25:47 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Iomega ImIconXP] C:\Program Files\Iomega\REV System Software\ImIconXp.exe (Iomega Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] File not found
O4 - HKLM..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\TightVNC\WinVNC.exe (TightVNC Group)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office-Logic.lnk = C:\Program Files\Office-Logic\Office-Logic.exe (LAN-ACES Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = network-sales.local
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop BackupWallPaper: D:\Shared\CNW\ns1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/20 09:18:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/10 19:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\This is F'd UP
[2011/04/20 04:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/10 19:18:05 | 000,002,584 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa
[2011/05/10 19:01:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/05/10 18:52:40 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ucqrq.sys
[2011/05/10 18:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/10 18:12:43 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\tjnsvst.dat
[2011/05/10 18:12:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/10 18:10:41 | 000,922,186 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/10 18:10:41 | 000,253,570 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/10 18:05:48 | 000,000,101 | ---- | M] () -- C:\WINDOWS\hptuser.dat
[2011/05/10 18:04:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/10 17:38:21 | 000,420,100 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Recent History.mcf
[2011/05/10 09:46:10 | 000,000,230 | ---- | M] () -- C:\LOGIC.BAK
[2011/05/10 07:00:00 | 000,000,764 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{b102a991-02af-11da-97e2-806e6f6e6963}.job
[2011/05/10 05:25:38 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/09 17:30:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\backup.job
[2011/05/09 13:29:27 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/10 19:01:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/05/10 18:52:40 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ucqrq.sys
[2011/05/10 17:38:20 | 000,420,100 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Recent History.mcf
[2011/05/09 13:29:27 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2011/05/07 02:35:28 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\tjnsvst.dat
[2011/01/14 01:21:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/16 08:53:52 | 000,082,432 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2010/12/15 19:24:42 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utm4ndaw.sys
[2010/11/30 17:00:11 | 007,415,318 | ---- | C] () -- C:\WINDOWS\rescripto.exe
[2010/10/28 08:38:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2010/10/25 12:27:41 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/07 12:02:09 | 000,000,414 | ---- | C] () -- C:\WINDOWS\PCW170.INI
[2010/08/19 07:11:35 | 000,000,101 | ---- | C] () -- C:\WINDOWS\hptuser.dat
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/08/08 10:17:08 | 004,244,744 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2009/08/08 10:17:08 | 000,247,560 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2009/08/08 10:17:08 | 000,013,576 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2007/08/17 13:37:47 | 000,000,428 | ---- | C] () -- C:\WINDOWS\PCW140.INI_upg2010
[2007/08/17 13:36:28 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\srvany.exe
[2006/10/11 09:41:59 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\upsbat.dll
[2005/08/01 15:12:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2005/07/16 13:11:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/16 12:55:12 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/20 10:27:57 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2005/05/20 09:53:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/20 09:47:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2005/05/20 09:46:29 | 000,017,579 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini
[2005/05/20 09:40:24 | 000,011,597 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini
[2005/05/20 09:37:41 | 000,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini
[2005/05/20 09:21:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/20 09:14:55 | 000,021,160 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/20 09:14:01 | 000,021,792 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2005/05/20 09:14:01 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2005/05/20 09:13:57 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2005/05/20 09:13:57 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2005/05/20 09:13:56 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2005/05/20 09:04:46 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2005/05/20 09:04:46 | 000,004,725 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/05/20 09:04:44 | 000,922,186 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/05/20 09:04:44 | 000,275,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/05/20 09:04:44 | 000,253,570 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/05/20 09:04:44 | 000,029,710 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/05/20 09:04:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/05/20 09:04:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/05/20 09:04:42 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2005/05/20 09:04:42 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2005/05/20 09:04:42 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2005/05/20 09:04:41 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/05/20 09:04:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/05/20 09:04:38 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2005/05/20 09:04:35 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2005/05/20 09:04:33 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2005/05/20 09:04:30 | 000,216,006 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/05/20 09:04:26 | 000,005,644 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005/05/20 09:04:25 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\mqtgsvc.exe.cfg
[2005/05/20 02:10:13 | 000,004,633 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/20 02:09:23 | 000,104,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/09/24 07:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll

========== LOP Check ==========

[2005/11/04 10:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Iomega Automatic Backup Pro
[2005/11/04 10:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2010/12/24 06:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tific
[2010/09/07 12:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aatrix Software
[2010/09/07 11:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pervasive Software
[2011/05/09 17:30:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\backup.job
[2011/05/10 10:20:34 | 000,032,406 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2011/05/10 07:00:00 | 000,000,764 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{b102a991-02af-11da-97e2-806e6f6e6963}.job

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 5/10/2011 7:19:44 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop\This is F'd UP
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.63 Gb Total Space | 1.13 Gb Free Space | 7.23% Space Free | Partition Type: NTFS
Drive D: | 449.97 Gb Total Space | 368.51 Gb Free Space | 81.90% Space Free | Partition Type: NTFS

Computer Name: NS1 | User Name: administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"\" = C:\WINDOWS\system\dwm.exe:*:Enabled:KL


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05DEE64C-B63B-495A-B36C-4277663FAAA0}" = Windows Small Business Server ActiveSync
"{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}" = Pervasive PSQL v10.10 Workgroup (32-bit)
"{108BE742-0564-4734-AE54-74F81263FB04}" = Windows Small Business Server Licensing
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 24
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3CF8BDBC-DA0F-45FA-A4B9-3A31CCE774E9}" = Windows Small Business Server Backup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51EF69CF-70D3-4142-993D-AA97F36484CC}" = Peachtree Accounting 2010
"{53BE2241-531B-49FB-B03D-06C377179548}" = Windows Small Business Server IE Client App
"{5546F70C-0437-44EE-A923-7C23E6EFF689}" = Windows Small Business Server Monitoring
"{65657C59-23A8-4974-B8E0-BA04EBD04E4F}" = Microsoft SQL Server Desktop Engine (SHAREPOINT)
"{671E4E4D-4798-4F66-9C9E-C5762E73179E}" = Microsoft XML Parser
"{6798DD4E-BD16-4735-87EB-D712637CCB8C}" = Sage Message Center
"{6ABAF1E2-BEB6-4C32-BD9F-0CA733EE7453}" = Iomega Automatic Backup Pro
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7FB55E52-C72D-4165-85D0-383ED3D7253F}" = Windows Small Business Server Client Setup
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{8952E993-139E-4E71-881F-DD40E4DB8F81}" = Windows Small Business Server Admin
"{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
"{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration
"{91140409-7000-11D3-8CFE-0150048383C9}" = Microsoft Windows SharePoint Services 2.0
"{9189BADC-23A7-487D-B206-AD3A89A4F45D}" = Windows Small Business Server Fax
"{91B90409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{94251E15-F03A-42CF-B762-6A75B1A0790B}" = RAID Storage Manager
"{A2B40ABC-025A-4389-8148-86CED357B259}" = Microsoft Connector for POP3 Mailboxes
"{A34AC564-B4A3-4D45-B969-403BC39F0E6A}" = Microsoft .NET Framework 1.1 -- Device Update 4.0
"{A5E98C65-585A-45AB-BFC3-8555305B9929}" = Windows Small Business Server Documents
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B351E5AF-E6E2-46E4-8155-DAB130731F70}" = Iomega REV System Software
"{B58E39B9-12E2-4E9B-A01B-9B896C6A52A8}" = Windows Small Business Server Connectivity
"{B7300824-E68F-45F1-BAC1-5F15636C346F}" = Microsoft SQL Server Desktop Engine (SBSMonitoring)
"{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
"{BE997AF6-715F-4DF3-AADF-97AA50581C5C}" = Paragon Drive Copy 9.0 Professional
"{C293E1D0-8085-4830-B806-1BA0FEF9C4A4}" = Windows Small Business Server Client Experience
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP1
"{C73E81BF-432C-44E2-831D-F46081CA6E28}" = Windows Small Business Server Remote Portal
"{CA3553E0-191B-4E2F-AD3C-82E33CB9D4E4}" = Microsoft Group Policy Management Console with SP1
"{D846DDEE-EDF2-445F-96A4-175544202D32}" = Windows Small Business Server Fax Cfg
"{E3D16DAD-1AEE-11D6-B82B-004033AA2C09}" = Belkin Bulldog Plus
"{E721BEC1-887A-4D26-BE10-7E0336B7CAC7}" = Windows Small Business Server Common
"5717D53E-DD6D-4d1e-8A1F-C7BE620F65AA" = Windows Small Business Server 2003
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"HighPoint RAID Management Software" = HighPoint RAID Management Software
"ie8" = Windows Internet Explorer 8
"InstallShield_{51EF69CF-70D3-4142-993D-AA97F36484CC}" = Peachtree Complete Accounting 2010
"InstallShield_{94251E15-F03A-42CF-B762-6A75B1A0790B}" = RAID Storage Manager
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Health Monitor 2.1" = Microsoft Health Monitor 2.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"N360" = Norton Security Suite
"Office-Logic 8.0" = Office-Logic 8.0
"Office-Logic InterChange" = Office-Logic InterChange
"Office-Logic Workstation" = Office-Logic Workstation
"Pervasive Software PSQL v9.1 Workgroup_is1" = Pervasive Software PSQL v9.1 Client
"Pervasive System Analyzer_is1" = Pervasive System Analyzer v9.1
"PROSet" = Intel® PRO Network Connections Drivers
"TightVNC_is1" = TightVNC 1.3.8
"Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 2
"WinPcapInst" = WinPcap 4.1.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2011 1:00:14 PM | Computer Name = NS1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/10/2011 1:02:57 PM | Computer Name = NS1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/10/2011 1:16:45 PM | Computer Name = NS1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 5/10/2011 6:42:26 PM | Computer Name = NS1 | Source = dsrestor | ID = 1005
Description = The DSRestore Filter failed to connect to local SAM server. Error
returned is <id:997>.

Error - 5/10/2011 6:42:27 PM | Computer Name = NS1 | Source = VSS | ID = 8211
Description = Volume Shadow Copy Service error: Writer with name WMI Writer and
ID {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} attempted to subscribe in safe mode.

Error - 5/10/2011 6:44:07 PM | Computer Name = NS1 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. The error code returned is in the first DWORD in the Data section.

Error - 5/10/2011 6:44:07 PM | Computer Name = NS1 | Source = PerfNet | ID = 2002
Description = Unable to open the Redirector service. Redirector performance data
will
not be returned. The error code returned is in the first DWORD in the Data section.

Error - 5/10/2011 6:44:13 PM | Computer Name = NS1 | Source = WINSCTRS | ID = 69850
Description = WINS Performance Monitor Counters could not get the WINS statistics.

Error - 5/10/2011 6:44:13 PM | Computer Name = NS1 | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 5/10/2011 7:04:56 PM | Computer Name = NS1 | Source = dsrestor | ID = 1005
Description = The DSRestore Filter failed to connect to local SAM server. Error
returned is <id:997>.

[ Directory Service Events ]
Error - 5/10/2011 12:19:46 PM | Computer Name = NS1 | Source = NTDS Backup | ID = 1913
Description = Internal error: The Active Directory backup and restore operation
encountered an unexpected error. Backup or restore will not succeed until this is
corrected. Additional Data Error value: 1084 This service cannot be started in
Safe Mode Internal ID: 160200fa

Error - 5/10/2011 12:21:26 PM | Computer Name = NS1 | Source = NTDS LDAP | ID = 1238
Description = Internal error: Active Directory was unable to initialize network
connections for incoming LDAP requests. Additional Data Error value: 0

Error - 5/10/2011 12:21:26 PM | Computer Name = NS1 | Source = NTDS General | ID = 1168
Description = Internal error: An Active Directory error has occurred. Additional
Data Error value (decimal): -1073741823 Error value (hex): c0000001 Internal ID: 300051e

Error - 5/10/2011 12:36:26 PM | Computer Name = NS1 | Source = NTDS General | ID = 1126
Description = Active Directory was unable to establish a connection with the global
catalog. Additional Data Error value: 1792 An attempt was made to logon, but the network
logon service was not started. Internal ID: 3200cf3 User Action: Make sure a global
catalog is available in the forest, and is reachable from this domain controller.
You may use the nltest utility to diagnose this problem.

Error - 5/10/2011 6:42:36 PM | Computer Name = NS1 | Source = NTDS General | ID = 1168
Description = Internal error: An Active Directory error has occurred. Additional
Data Error value (decimal): 1053 Error value (hex): 41d Internal ID: 30004f4

Error - 5/10/2011 6:42:36 PM | Computer Name = NS1 | Source = NTDS General | ID = 1168
Description = Internal error: An Active Directory error has occurred. Additional
Data Error value (decimal): 1053 Error value (hex): 41d Internal ID: 3000502

Error - 5/10/2011 6:42:36 PM | Computer Name = NS1 | Source = NTDS Backup | ID = 1913
Description = Internal error: The Active Directory backup and restore operation
encountered an unexpected error. Backup or restore will not succeed until this is
corrected. Additional Data Error value: 1084 This service cannot be started in
Safe Mode Internal ID: 160200fa

Error - 5/10/2011 6:44:16 PM | Computer Name = NS1 | Source = NTDS LDAP | ID = 1238
Description = Internal error: Active Directory was unable to initialize network
connections for incoming LDAP requests. Additional Data Error value: 0

Error - 5/10/2011 6:44:16 PM | Computer Name = NS1 | Source = NTDS General | ID = 1168
Description = Internal error: An Active Directory error has occurred. Additional
Data Error value (decimal): -1073741823 Error value (hex): c0000001 Internal ID: 300051e

Error - 5/10/2011 6:59:17 PM | Computer Name = NS1 | Source = NTDS General | ID = 1126
Description = Active Directory was unable to establish a connection with the global
catalog. Additional Data Error value: 1792 An attempt was made to logon, but the network
logon service was not started. Internal ID: 3200cf3 User Action: Make sure a global
catalog is available in the forest, and is reachable from this domain controller.
You may use the nltest utility to diagnose this problem.

[ DNS Server Events ]
Error - 6/5/2006 8:23:37 AM | Computer Name = NS1 | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone _msdcs.network-sales.local. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 6/5/2006 8:23:37 AM | Computer Name = NS1 | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone 0.0.10.in-addr.arpa. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 6/5/2006 8:23:37 AM | Computer Name = NS1 | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone network-sales.local. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 8/9/2009 10:26:00 AM | Computer Name = NS1 | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.

Error - 8/19/2010 8:16:33 AM | Computer Name = NS1 | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.

Error - 12/15/2010 8:07:52 PM | Computer Name = NS1 | Source = DNS | ID = 4015
Description = The DNS server has encountered a critical error from the Active Directory.
Check
that the Active Directory is functioning properly. The extended error debug information
(which may be empty) is "". The event data contains the error.

Error - 12/15/2010 8:07:52 PM | Computer Name = NS1 | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone .. This DNS server is configured to use information obtained from Active
Directory
for this zone and is unable to load the zone without it. Check that the Active
Directory is functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data contains the
error.

Error - 12/15/2010 8:07:52 PM | Computer Name = NS1 | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone _msdcs.network-sales.local. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 12/15/2010 8:07:52 PM | Computer Name = NS1 | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone 0.0.10.in-addr.arpa. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

Error - 12/15/2010 8:07:52 PM | Computer Name = NS1 | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone network-sales.local. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "". The event
data contains the error.

[ File Replication Service Events ]
Error - 5/4/2011 4:18:38 PM | Computer Name = NS1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/4/2011 4:18:38 PM | Computer Name = NS1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/5/2011 4:19:05 PM | Computer Name = NS1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/5/2011 4:19:05 PM | Computer Name = NS1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/7/2011 5:14:59 AM | Computer Name = NS1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/7/2011 5:14:59 AM | Computer Name = NS1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/8/2011 5:55:30 AM | Computer Name = NS1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/8/2011 5:55:30 AM | Computer Name = NS1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/9/2011 5:56:06 AM | Computer Name = NS1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path c: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a c:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

Error - 5/9/2011 5:56:06 AM | Computer Name = NS1 | Source = NtFrs | ID = 13570
Description = The File Replication Service has detected that the volume hosting
the path C: is low on disk space. Files may not replicate until disk space is made
available on this volume. The available space on the volume can be found by typing
"dir
/a C:". For more information about managing space on a volume type "copy /?", "rename
/?", "del /?", "rmdir /?", and "dir /?".

[ System Events ]
Error - 5/10/2011 6:43:02 PM | Computer Name = NS1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/10/2011 7:08:05 PM | Computer Name = NS1 | Source = Service Control Manager | ID = 7022
Description = The Windows Video service hung on starting.

Error - 5/10/2011 7:08:05 PM | Computer Name = NS1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
aarich crcdisk IntelIde Si3124r5

Error - 5/10/2011 7:08:07 PM | Computer Name = NS1 | Source = NAVAP | ID = 458754
Description = Unable to create device object (\Device\NAVAP).

Error - 5/10/2011 7:08:07 PM | Computer Name = NS1 | Source = Service Control Manager | ID = 7000
Description = The NAVAP service failed to start due to the following error: %%183

Error - 5/10/2011 7:08:08 PM | Computer Name = NS1 | Source = NAVAP | ID = 458754
Description = Unable to create device object (\Device\NAVAP).

Error - 5/10/2011 7:08:08 PM | Computer Name = NS1 | Source = NAVAP | ID = 458754
Description = Unable to create device object (\Device\NAVAP).

Error - 5/10/2011 7:08:08 PM | Computer Name = NS1 | Source = Service Control Manager | ID = 7000
Description = The NAVAP service failed to start due to the following error: %%183

Error - 5/10/2011 7:08:08 PM | Computer Name = NS1 | Source = Service Control Manager | ID = 7000
Description = The NAVAP service failed to start due to the following error: %%183

Error - 5/10/2011 7:13:13 PM | Computer Name = NS1 | Source = Service Control Manager | ID = 7031
Description = The Google Software Updater service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 900000 milliseconds:
Restart the service.


< End of report >


Any and all help is greatly appreciated,
-Andy-

BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Instructor
  • 7,131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:02:33 PM

Posted 21 May 2011 - 11:18 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Instructor
  • 7,131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:02:33 PM

Posted 26 May 2011 - 09:58 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users