Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

internet explorer can not find search page


  • This topic is locked This topic is locked
16 replies to this topic

#1 jstodda1

jstodda1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 07 January 2010 - 09:56 PM

I can access certain web sites but with others i get the above message

i know for sure that recently i have been infected with internet security 2010 and i am pretty sure the winsky 32 worm virus. please help.

my logs are attached. thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:32 AM

Posted 14 January 2010 - 02:57 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:32 AM

Posted 19 January 2010 - 01:16 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:32 AM

Posted 29 January 2010 - 08:17 AM

Hi,

topic reopened, please post your logs.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 jstodda1

jstodda1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 03 February 2010 - 09:41 PM

Thanks Myrti, i get the following error when i try to access certain websites: internet explorer can not open the search page and at the bottom i get a shdoclc.dll dns error

i did successfully flush out some rootkit activity and removed but can't seem to resolve the issue.

received many errors when trying to run rootrepeal. could not read boot sector errors.

attached are new logs.

DDS (Ver_09-12-01.01) - NTFSx86
Run by jstodda1 at 21:31:36.25 on 2010-02-03
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.547 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Hummingbird\Connectivity\13.00\InetD\inetd32.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
C:\WINDOWS\system32\SgLogPlayer.exe
C:\WINDOWS\SYSTEM32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\drivers\trcboot.exe
C:\Program Files\Tally Systems Corp\TSCensus\bin\CClientSvc.exe
C:\Program Files\Tally Systems Corp\TSCensus\bin\CClient.exe
C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Personal Communications\PCS_AGNT.EXE
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jstodda1\Local Settings\Temporary Internet Files\Content.IE5\U75LJTF4\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.focsalesops.ford.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - e:\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Map] c:\sys\utl\map.vbs
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SgeEcView] "c:\program files\utimaco\safeguard easy\Ecview.exe"
mRun: [EdWizard] "c:\program files\utimaco\safeguard easy\EdWizard.exe" as
mRun: [EnChk] c:\program files\utimaco\safeguard easy\EnChk.vbs
mRun: [ptmsgfrm.exe] c:\program files\webex\productivity tools\ptmsgfrm.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
dRun: [CommunicatorInit] c:\program files\ford\ms communicator\utl\setcmusr.vbs
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{4c271126-c295-4828-a901-5910ae0c258b}\Icon3E5562ED7.ico
uPolicies-explorer: Btn_Media = 2 (0x2)
uPolicies-explorer: SpecifyDefaultButtons = 1 (0x1)
uPolicies-explorer: Btn_Fullscreen = 1 (0x1)
uPolicies-explorer: Btn_Tools = 2 (0x2)
uPolicies-explorer: Btn_MailNews = 2 (0x2)
uPolicies-explorer: Btn_Edit = 2 (0x2)
uPolicies-explorer: Btn_Discussions = 2 (0x2)
uPolicies-explorer: NoAutoUpdate = 1 (0x1)
uPolicies-explorer: NoManageMyComputerVerb = 1 (0x1)
uPolicies-explorer: NoHardwareTab = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
uPolicies-explorer: GreyMSIAds = 1 (0x1)
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: DisallowCpl = 1 (0x1)
uPolicies-system: HideLogonScripts = 0 (0x0)
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: HideShutdownScripts = 0 (0x0)
dPolicies-explorer: Btn_Media = 2 (0x2)
dPolicies-explorer: SpecifyDefaultButtons = 1 (0x1)
dPolicies-explorer: Btn_Fullscreen = 1 (0x1)
dPolicies-explorer: Btn_Tools = 2 (0x2)
dPolicies-explorer: Btn_MailNews = 2 (0x2)
dPolicies-explorer: Btn_Edit = 2 (0x2)
dPolicies-explorer: Btn_Discussions = 2 (0x2)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - e:\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - e:\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {80947ADC-151D-490B-87F1-7C8CE1B46220} - {80947ADC-151D-490B-87F1-7C8CE1B46220} - c:\program files\webex\productivity tools\ptonecli.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6045C5E3-3653-4262-9E3E-0DA3A22A2C1D} - hxxps://web.crystalreports.dealerconnection.com/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab
DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124}
DPF: {759FD3DE-F0EF-4A76-909C-88CF840D4173} - hxxps://www.edms.ford.com/webtop/wdk/native/WdkPluginCab.CAB
DPF: {7D136085-0A9A-42E8-BE96-428C8D73DCE7} - hxxps://web.crystalreports.dealerconnection.com/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} - hxxps://web.crystalreports.dealerconnection.com/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab
DPF: {C91F6075-C59C-4F8F-B339-0045A156ECC0} - hxxps://web.crystalreports.dealerconnection.com/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: NotLog - SGLogEx.dll
Notify: SGLogNotification - SGLogNotification.dll
Notify: WSL_RLCE - c:\windows\system32\wsl_rlce.dll
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - shdocvw.dll
mASetup: {439113CE-2797-47E8-BA3D-03F300777207} - "c:\program files\hummingbird\connectivity\13.00\accessories\HumSettings.exe" INSTALL=ALL NoFreeWhenWOW64=1 LOGGINGLEVEL=5
mASetup: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\wmactedp.inf,PerUserStub

============= SERVICES / DRIVERS ===============

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2008-2-4 251578]
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2008-2-4 33808]
R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2008-2-4 241815]
R0 AES-256;AES-256;c:\windows\system32\drivers\AES256.sys [2006-4-12 18464]
R0 fttxr5_O;fttxr5_O;c:\windows\system32\drivers\fttxr5_O.sys [2008-2-4 176640]
R0 megasas;megasas;c:\windows\system32\drivers\megasas.sys [2008-2-4 17024]
R0 SgeFlt;SgeFlt;c:\windows\system32\drivers\SGEFLT.sys [2006-4-12 61466]
R1 ehost_;ehost_;c:\windows\system32\ehost_.sys [2007-9-28 25472]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-9-25 103744]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2007-11-26 29184]
R2 pcscoax;3270 Coax Driver;c:\windows\system32\drivers\pcscoax.sys [2007-9-25 30720]
R2 TSCensus Collection Client;TSCensus Collection Client;c:\program files\tally systems corp\tscensus\bin\CClientSvc.exe [2007-9-25 49152]
S2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2007-11-26 221191]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2007-5-22 96256]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2007-9-25 117024]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2007-5-22 65664]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-9-25 59904]

=============== Created Last 30 ================

2010-02-02 02:38:29 0 d-----w- c:\program files\Skype
2010-02-02 01:20:16 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-01 00:33:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 00:33:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-31 02:07:32 0 d-----w- C:\_OTM
2010-01-12 01:33:17 0 d-----w- c:\documents and settings\jstodda1\Downloads
2010-01-08 00:56:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 01:17:04 0 d-sha-r- C:\cmdcons
2010-01-06 02:22:41 0 d-sh--w- c:\documents and settings\jstodda1\.COMMgr

==================== Find3M ====================

2010-01-06 19:55:49 95360 ------w- c:\windows\system32\drivers\atapi.sys

============= FINISH: 21:32:00.86 ===============

Attached Files



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:32 AM

Posted 05 February 2010 - 12:09 PM

Hi,

this seems to be a business PC, if you have an IT department, I would strongly advise letting them know that you have been infected.

Please run a scan with gmer next:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 jstodda1

jstodda1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 05 February 2010 - 06:31 PM

Hi Myrti, here is the gmer.log results

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-05 18:23:32
Windows 5.1.2600 Service Pack 2
Running: vy1m9tme.exe; Driver: C:\DOCUME~1\jstodda1\LOCALS~1\Temp\pxtiypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 SGEFLT.SYS (PnP Disk Filter Driver/Utimaco Safeware AG)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 SGEFLT.SYS (PnP Disk Filter Driver/Utimaco Safeware AG)

Device \FileSystem\Fastfat \Fat A4C13C8A

AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  gmer.log   928bytes   0 downloads


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:32 AM

Posted 05 February 2010 - 06:48 PM

Hi,

you may have been infected by a MBR rootkit. Just to be safe please provide a log from OTL:

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 jstodda1

jstodda1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 05 February 2010 - 07:03 PM

OTL Log:

OTL logfile created on: 2010-02-05 6:53:37 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\jstodda1\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

1,014.00 Mb Total Physical Memory | 584.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.40 Gb Total Space | 31.47 Gb Free Space | 56.80% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: cvd1xp1c813f1
Current User Name: jstodda1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-02-05 18:53:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jstodda1\Desktop\OTL.exe
PRC - [2009-01-06 13:54:16 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mcafee\Common Framework\UdaterUI.exe
PRC - [2009-01-06 13:54:14 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mcafee\Common Framework\naPrdMgr.exe
PRC - [2009-01-06 13:54:14 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mcafee\Common Framework\FrameworkService.exe
PRC - [2009-01-06 13:54:14 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mcafee\Common Framework\Mctray.exe
PRC - [2008-09-25 21:07:56 | 000,042,312 | ---- | M] () -- C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
PRC - [2008-05-08 16:16:06 | 000,098,304 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
PRC - [2008-05-08 16:15:46 | 000,155,648 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
PRC - [2008-04-17 08:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007-11-26 19:00:00 | 000,029,184 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
PRC - [2007-10-08 13:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007-10-08 13:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007-10-08 13:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007-10-08 13:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007-10-08 13:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007-10-08 13:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007-07-02 13:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007-06-06 16:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007-05-22 14:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007-04-24 22:07:52 | 000,067,144 | ---- | M] (Open Text Corporation) -- C:\Program Files\Hummingbird\Connectivity\13.00\InetD\inetd32.exe
PRC - [2007-04-13 02:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2007-03-14 15:36:14 | 000,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007-03-14 15:35:50 | 000,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007-03-14 15:35:40 | 000,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007-02-19 13:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2007-02-19 13:26:32 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006-09-08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006-04-12 15:34:24 | 000,024,576 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\ecview.exe
PRC - [2006-04-12 15:33:08 | 000,090,112 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
PRC - [2006-04-12 15:26:54 | 000,147,456 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
PRC - [2005-03-31 10:27:00 | 000,061,440 | ---- | M] (Utimaco Safeware AG) -- C:\WINDOWS\system32\SgLogPlayer.exe
PRC - [2004-09-22 07:00:00 | 000,098,304 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe
PRC - [2004-08-04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-08-04 07:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2003-10-07 09:48:56 | 000,147,514 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
PRC - [2002-07-08 10:26:06 | 000,049,152 | ---- | M] (Tally Systems Corp.) -- C:\Program Files\Tally Systems Corp\TSCensus\Bin\CClientSvc.exe
PRC - [2002-07-08 10:25:56 | 000,315,392 | ---- | M] (Tally Systems Corp.) -- C:\Program Files\Tally Systems Corp\TSCensus\Bin\cclient.exe
PRC - [2001-06-28 04:02:00 | 000,035,328 | ---- | M] (IBM Corporation) -- C:\Program Files\Personal Communications\pcs_agnt.exe
PRC - [2001-06-28 04:02:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\drivers\trcboot.exe


========== Modules (SafeList) ==========

MOD - [2010-02-05 18:53:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jstodda1\Desktop\OTL.exe
MOD - [2006-08-25 07:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006-04-12 15:33:06 | 000,024,576 | ---- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard Easy\SgMsgBhk.dll


========== Win32 Services (SafeList) ==========

SRV - [2009-01-06 13:54:14 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008-06-12 20:57:44 | 001,720,320 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2008-05-08 16:16:06 | 000,098,304 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2008-05-08 16:15:46 | 000,155,648 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2008-04-17 08:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007-11-26 19:00:00 | 000,221,191 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007-11-26 19:00:00 | 000,029,184 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager)
SRV - [2007-10-08 13:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007-10-08 13:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007-10-08 13:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007-10-08 13:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007-04-24 22:07:52 | 000,067,144 | ---- | M] (Open Text Corporation) [Auto | Running] -- C:\Program Files\Hummingbird\Connectivity\13.00\InetD\inetd32.exe -- (HCLInetd)
SRV - [2007-04-13 02:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2007-02-19 13:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2006-05-11 18:15:50 | 000,052,736 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZIPM12.DLL -- (Pml Driver HPZ12)
SRV - [2006-04-12 15:33:08 | 000,090,112 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe -- (SgeCtl)
SRV - [2006-04-12 15:26:54 | 000,147,456 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe -- (WksCfgSrv)
SRV - [2005-03-31 10:27:00 | 000,061,440 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\WINDOWS\system32\SgLogPlayer.exe -- (SgLogPlayer)
SRV - [2003-07-28 10:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002-07-08 10:26:06 | 000,049,152 | ---- | M] (Tally Systems Corp.) [Auto | Running] -- C:\Program Files\Tally Systems Corp\TSCensus\bin\CClientSvc.exe -- (TSCensus Collection Client)
SRV - [2001-06-28 04:02:00 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\drivers\trcboot.exe -- (TrcBoot)


========== Driver Services (SafeList) ==========

DRV - [2010-02-03 21:33:48 | 000,034,816 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - [2009-05-07 04:01:11 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPassP.sys -- (iPassP) iPass Protocol (IEEE 802.1x)
DRV - [2008-10-15 12:59:48 | 000,021,361 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2008-10-15 12:15:32 | 000,025,472 | ---- | M] (Guidance Software Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\ehost_.sys -- (ehost_)
DRV - [2008-04-17 08:07:52 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008-03-29 16:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008-03-10 19:00:00 | 000,117,024 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2007-11-26 19:00:00 | 000,059,904 | ---- | M] (McAfee Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1)
DRV - [2007-11-13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-09-29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007-09-26 05:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007-08-27 10:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007-06-25 18:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007-04-13 02:50:00 | 000,023,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2007-03-14 17:01:44 | 005,702,464 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007-03-13 13:26:06 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007-02-19 13:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007-02-10 00:06:00 | 000,100,096 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2007-01-18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006-11-02 17:47:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006-11-02 17:47:00 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006-11-02 17:46:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006-06-19 12:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006-04-12 15:34:42 | 000,061,466 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SGEFLT.SYS -- (SgeFlt)
DRV - [2006-04-12 15:32:24 | 000,018,464 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AES256.SYS -- (AES-256)
DRV - [2006-02-26 03:43:00 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006-02-17 12:42:32 | 000,017,024 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2005-09-23 14:36:42 | 000,176,640 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fttxr5_O.sys -- (fttxr5_O)
DRV - [2005-05-13 16:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005-01-26 10:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005-01-07 16:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004-08-04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004-08-03 18:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-06-15 10:07:54 | 000,241,815 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aarich.sys -- (aarich)
DRV - [2004-06-15 10:06:20 | 000,251,578 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a320raid.sys -- (a320raid)
DRV - [2003-11-05 07:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003-08-06 09:44:40 | 000,159,744 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2002-10-01 20:16:00 | 000,033,808 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aac.sys -- (aac)
DRV - [2001-08-23 14:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001-08-17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001-08-17 08:57:46 | 000,065,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3legacy.sys -- (s3legacy)
DRV - [2001-08-17 07:19:20 | 000,096,256 | ---- | M] (Copyright © Creative Technology Ltd. 1994-2001) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM)
DRV - [2001-08-17 07:12:02 | 000,063,208 | ---- | M] (Intel Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc21x4.sys -- (DC21x4)
DRV - [2001-07-19 14:08:54 | 000,019,200 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001-06-28 04:02:00 | 000,030,720 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pcscoax.sys -- (pcscoax)
DRV - [2001-06-28 04:02:00 | 000,022,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\klognt.sys -- (KLOGNT)
DRV - [2001-06-28 04:02:00 | 000,010,816 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\nstrcnt.sys -- (NsTrcNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://www.tuneup.ford.com/


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.ford.com
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.focsalesops.ford.com/
IE - HKU\S-1-5-21-433665281-1933907855-928725530-55968\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-433665281-1933907855-928725530-55968\S-1-5-21-433665281-1933907855-928725530-55968\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-433665281-1933907855-928725530-55968\S-1-5-21-433665281-1933907855-928725530-55968\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-433665281-1933907855-928725530-55968\S-1-5-21-433665281-1933907855-928725530-55968\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\ocplugin@webex.com: C:\Program Files\WebEx\Productivity Tools\ [2009-11-09 09:34:54 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010-01-30 20:55:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [EdWizard] C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [EnChk] C:\Program Files\Utimaco\SafeGuard Easy\EnChk.vbs ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Map] c:\Sys\Utl\MAP.VBS ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Network Associates Error Reporting Service] C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ptmsgfrm.exe] C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe ()
O4 - HKLM..\Run: [SgeEcView] C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\.DEFAULT..\Run: [CommunicatorInit] C:\Program Files\Ford\MS Communicator\utl\setcmusr.vbs ()
O4 - HKU\S-1-5-18..\Run: [CommunicatorInit] C:\Program Files\Ford\MS Communicator\utl\setcmusr.vbs ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 2
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 2
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 2
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 2
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 2
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 2
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 1
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 2
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 2
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 2
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 2
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 1
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 1
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 3 = avsmcpa.cpl
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 4 = fax.cpl
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 5 = fonts
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 6 = hdwwiz.cpl (Microsoft Corporation)
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 7 = joy.cpl (Microsoft Corporation)
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 8 = liccpa.cpl
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 9 = ncpa.cpl (Microsoft Corporation)
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 10 = nwc.cpl (Microsoft Corporation)
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 11 = odbccp32.cpl (Microsoft Corporation)
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 12 = powercfg.cpl (Microsoft Corporation)
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-433665281-1933907855-928725530-55968_Classes\Software\Policies\Microsoft\Internet Explorer\Persistence present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - E:\skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
O9 - Extra Button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll ()
O9 - Extra 'Tools' menuitem : Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6045C5E3-3653-4262-9E3E-0DA3A22A2C1D} https://web.crystalreports.dealerconnection...tiveXViewer.cab (Crystal ActiveX Report Viewer Web Report Source 10.0)
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} Reg Error: Key error. (ERPageAddin Class)
O16 - DPF: {759FD3DE-F0EF-4A76-909C-88CF840D4173} https://www.edms.ford.com/webtop/wdk/native/WdkPluginCab.CAB (DmDragDrop Class)
O16 - DPF: {7D136085-0A9A-42E8-BE96-428C8D73DCE7} https://web.crystalreports.dealerconnection...tiveXViewer.cab (Crystal ActiveX Report Viewer Export Control 10.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} https://web.crystalreports.dealerconnection...tiveXViewer.cab (Crystal ActiveX Report Viewer Control 10.0)
O16 - DPF: {C91F6075-C59C-4F8F-B339-0045A156ECC0} https://web.crystalreports.dealerconnection...tiveXViewer.cab (Crystal Report Prompt Info Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na2.ford.com
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (IWPDGINA.DLL) - C:\WINDOWS\System32\IWPDGINA.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NotLog: DllName - SGLogEx.dll - C:\WINDOWS\System32\SGLogEx.dll (Utimaco Safeware AG)
O20 - Winlogon\Notify\SGLogNotification: DllName - SGLogNotification.dll - C:\WINDOWS\System32\SGLogNotification.dll (Utimaco Safeware AG)
O20 - Winlogon\Notify\WSL_RLCE: DllName - C:\WINDOWS\system32\wsl_rlce.dll - C:\WINDOWS\system32\wsl_rlce.dll (Ford Motor Company)
O24 - Desktop WallPaper: C:\Documents and Settings\jstodda1\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jstodda1\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-05-22 12:34:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-11-13 21:31:50 | 000,000,000 | ---D | M] - C:\AutoPlanner3 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-02-05 18:53:07 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jstodda1\Desktop\OTL.exe
[2010-02-04 19:19:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jstodda1\Recent
[2010-02-02 15:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jstodda1\Desktop\Western
[2010-02-01 21:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\Skype
[2010-02-01 21:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010-02-01 20:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010-02-01 20:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jstodda1\Application Data\skypePM
[2010-02-01 20:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jstodda1\Application Data\Skype
[2010-02-01 20:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010-02-01 20:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010-02-01 20:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jstodda1\Local Settings\Application Data\Google
[2010-02-01 20:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010-02-01 20:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010-01-31 19:33:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-01-31 19:33:33 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-01-30 21:07:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-01-30 21:07:32 | 000,000,000 | ---D | C] -- C:\_OTM
[2010-01-30 21:01:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010-01-20 00:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jstodda1\Desktop\misc SD
[2010-01-11 20:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jstodda1\Downloads
[2010-01-08 23:40:16 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010-01-08 23:40:15 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010-01-08 23:40:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusa.dll
[2010-01-08 23:40:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010-01-08 23:40:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftlx041e.dll
[2010-01-08 23:40:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010-01-07 19:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-01-06 21:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jstodda1\Desktop\startup
[2010-01-06 20:17:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2009-06-21 21:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008-10-15 12:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2008-10-15 12:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2007-05-22 12:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007-05-22 12:34:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007-05-22 12:34:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010-02-05 18:53:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jstodda1\Desktop\OTL.exe
[2010-02-05 18:27:53 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010-02-05 18:27:41 | 000,000,456 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2010-02-05 18:27:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-05 18:27:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-05 18:27:16 | 1063,370,752 | -HS- | M] () -- C:\hiberfil.sys
[2010-02-05 18:15:13 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\how to.doc
[2010-02-05 18:13:40 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\vy1m9tme.exe
[2010-02-05 17:09:41 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\jstodda1\ntuser.dat
[2010-02-05 17:09:41 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\jstodda1\ntuser.ini
[2010-02-05 17:09:06 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\jstodda1\jstodda1.2003.pst
[2010-02-05 17:02:40 | 000,123,904 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\all makesCYTD.ppr
[2010-02-05 17:02:35 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\gvw.xls
[2010-02-05 16:46:55 | 000,000,029 | ---- | M] () -- C:\WINDOWS\pwrplay.INI
[2010-02-05 15:24:18 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\Microsoft Office Communicator 2005.lnk
[2010-02-04 22:05:27 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\VPN Client.lnk
[2010-02-04 17:25:14 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\all makes CYTD.xls
[2010-02-04 14:27:04 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\all vehicles CYTD.xls
[2010-02-04 09:08:48 | 000,908,518 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-02-04 09:08:48 | 000,348,104 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-02-04 09:08:48 | 000,004,964 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-02-03 21:33:48 | 000,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2010-02-03 10:17:54 | 000,286,208 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\all vehicles CYTD.ppr
[2010-02-02 11:35:15 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\Canada Pocket card.doc
[2010-02-02 11:27:34 | 000,304,150 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\8522-FWSSprintActivationCard(5 25x7 25).pdf
[2010-02-02 10:35:46 | 000,000,615 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-02-01 20:20:16 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-01-31 21:39:33 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-01-31 19:33:38 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-01-31 12:47:02 | 000,073,056 | ---- | M] () -- C:\Documents and Settings\jstodda1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-01-30 20:55:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-01-30 20:55:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-01-30 19:47:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-30 19:12:34 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ford Help Info.lnk
[2010-01-28 09:42:42 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\jstodda1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-19 16:37:33 | 000,075,776 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\2010 F250 Super Duty 4x2.xls
[2010-01-19 09:46:30 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\Raptor USOB 011910.xls
[2010-01-14 15:53:42 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\Raptor USOB.xls
[2010-01-11 22:25:30 | 000,461,312 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\Hot Topics_Ford Work Solutionsv1.doc
[2010-01-11 21:03:51 | 155,111,607 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\11SUPD_GooseNeckHitchG20486.tif
[2010-01-07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-01-07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-01-07 09:46:24 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\2011SD_pre_post_test_complete_set_eV2.doc
[2010-01-07 00:05:14 | 000,316,928 | ---- | M] () -- C:\Documents and Settings\jstodda1\Desktop\CompetitiveInsights_SuperDutyv1 0.doc
[2010-01-06 20:17:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2010-02-05 18:15:13 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\jstodda1\Desktop\how to.doc
[2010-02-05 18:13:38 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\jstodda1\Desktop\vy1m9tme.exe
[2010-02-05 17:02:35 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\jstodda1\Desktop\gvw.xls
[2010-02-04 14:53:25 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\jstodda1\Desktop\all makes CYTD.xls
[2010-02-04 14:53:10 | 000,123,904 | ---- | C] () -- C:\Documents and Settings\jstodda1\Desktop\all makesCYTD.ppr
[2010-02-03 21:33:48 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2010-02-03 10:16:02 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\jstodda1\Desktop\all vehicles CYTD.xls
[2010-02-02 15:41:21 | 000,286,208 | ---- | C] () -- C:\Documents and Settings\jstodda1\Desktop\all vehicles CYTD.ppr
[2010-02-02 11:27:33 | 000,304,150 | ---- | C] () -- C:\Documents and Settings\jstodda1\Desktop\8522-FWSSprintActivationCard(5 25x7 25).pdf
[2010-02-02 11:17:02 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\jstodda1\Desktop\Canada Pocket card.doc
[2010-02-01 20:20:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-01-31 19:33:38 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-01-19 16:37:33 | 000,075,776 | ---- | C] () -- C:\Documents and Settings\jstodda1\Desktop\2010 F250 Super Duty 4x2.xls
[2010-01-19 09:46:15 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\jstodda1\Desktop\Raptor USOB 011910.xls
[2010-01-14 15:53:41 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\jstodda1\Desktop\Raptor USOB.xls
[2010-01-11 22:25:30 | 000,461,312 | ---- | C] () -- C:\Documents and Settings\jstodda1\Desktop\Hot Topics_Ford Work Solutionsv1.doc
[2010-01-11 20:41:54 | 155,111,607 | ---- | C] () -- C:\Documents and Settings\jstodda1\Desktop\11SUPD_GooseNeckHitchG20486.tif
[2010-01-09 12:45:25 | 1063,370,752 | -HS- | C] () -- C:\hiberfil.sys
[2010-01-08 23:40:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010-01-08 23:40:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_864.nls
[2010-01-08 23:40:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010-01-08 23:40:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2010-01-08 23:40:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010-01-08 23:40:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_708.nls
[2010-01-08 23:40:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010-01-08 23:40:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28596.NLS
[2010-01-08 23:40:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010-01-08 23:40:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10004.nls
[2010-01-08 23:40:14 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010-01-08 23:40:14 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2010-01-08 23:40:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010-01-08 23:40:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10005.nls
[2010-01-08 23:40:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010-01-08 23:40:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10021.nls
[2010-01-07 09:46:23 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\jstodda1\Desktop\2011SD_pre_post_test_complete_set_eV2.doc
[2010-01-07 00:05:13 | 000,316,928 | ---- | C] () -- C:\Documents and Settings\jstodda1\Desktop\CompetitiveInsights_SuperDutyv1 0.doc
[2010-01-06 20:17:10 | 000,000,281 | ---- | C] () -- C:\Boot.bak
[2010-01-06 20:17:06 | 000,260,272 | ---- | C] () -- C:\cmldr
[2009-04-17 08:52:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009-03-17 10:10:45 | 000,000,021 | ---- | C] () -- C:\WINDOWS\pe.ini
[2009-03-17 10:10:45 | 000,000,021 | ---- | C] () -- C:\WINDOWS\ft99.ini
[2009-03-17 10:10:45 | 000,000,021 | ---- | C] () -- C:\WINDOWS\cp.ini
[2009-01-16 16:37:01 | 000,128,352 | ---- | C] () -- C:\WINDOWS\System32\c6822.dll
[2008-12-24 10:16:44 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\jstodda1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-10-22 09:55:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\pwrplay.INI
[2008-10-15 13:54:59 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008-10-15 13:54:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4796.dll
[2008-04-17 08:08:56 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008-04-17 08:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007-10-04 14:30:19 | 000,160,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007-09-25 13:57:54 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007-09-25 13:53:21 | 000,000,095 | ---- | C] () -- C:\WINDOWS\TSCNE.ini
[2007-09-25 13:33:44 | 000,254,464 | ---- | C] () -- C:\WINDOWS\System32\msvcrt2x.dll
[2007-09-25 12:50:27 | 000,000,456 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2007-09-25 12:32:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-09-25 12:25:39 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\pcssfenv.dll
[2007-09-25 12:25:30 | 000,022,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\klognt.sys
[2007-09-25 12:24:37 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\HLLDRVR.SYS
[2007-09-25 12:24:24 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\pcscoax.sys
[2007-09-25 12:24:21 | 000,204,888 | ---- | C] () -- C:\WINDOWS\hookdll.dll
[2007-09-25 12:24:21 | 000,096,256 | ---- | C] () -- C:\WINDOWS\instutil.dll
[2007-09-25 12:24:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\pcsinres.dll
[2007-09-25 12:24:16 | 000,010,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\nstrcnt.sys
[2007-09-25 11:41:08 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007-09-25 11:41:07 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007-09-25 11:37:16 | 000,000,736 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007-05-22 14:32:05 | 000,171,008 | ---- | C] () -- C:\WINDOWS\System32\sccsccp.dll
[2005-03-31 10:27:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGCleanLocalGPO.dll
[2003-01-07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001-08-23 14:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
< End of report >


Extras Log:

OTL Extras logfile created on: 2010-02-05 6:53:37 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\jstodda1\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

1,014.00 Mb Total Physical Memory | 584.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.40 Gb Total Space | 31.47 Gb Free Space | 56.80% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: cvd1xp1c813f1
Current User Name: jstodda1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\DellTPad\Apoint.exe" = C:\Program Files\DellTPad\Apoint.exe:*:Enabled:Apoint -- (Alps Electric Co., Ltd.)
"C:\WINDOWS\stsystra.exe" = C:\WINDOWS\stsystra.exe:*:Enabled:stsystra -- (SigmaTel, Inc.)
"C:\Program Files\Utimaco\SafeGuard Easy\ecview.exe" = C:\Program Files\Utimaco\SafeGuard Easy\ecview.exe:*:Enabled:Ecview -- (Utimaco Safeware AG)
"C:\WINDOWS\system32\igfxsrvc.exe" = C:\WINDOWS\system32\igfxsrvc.exe:*:Enabled:igfxsrvc -- (Intel Corporation)
"C:\WINDOWS\system32\igfxpers.exe" = C:\WINDOWS\system32\igfxpers.exe:*:Enabled:igfxpers -- (Intel Corporation)
"C:\WINDOWS\system32\hkcmd.exe" = C:\WINDOWS\system32\hkcmd.exe:*:Enabled:hkcmd -- (Intel Corporation)
"C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe" = C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe:*:Enabled:WksCfgSrv -- (Utimaco Safeware AG)
"C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe" = C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe:*:Enabled:ifrmewrk -- (Intel Corporation)
"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe" = C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe:*:Enabled:ZCfgSvc -- (Intel Corporation)
"C:\Program Files\Mcafee\Common Framework\FrameworkService.exe" = C:\Program Files\Mcafee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Communicator -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\igfxpers.exe" = C:\WINDOWS\system32\igfxpers.exe:*:Enabled:igfxpers -- (Intel Corporation)
"E:\skype\Phone\Skype.exe" = E:\skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"E:\skype\Plugin Manager\skypePM.exe" = E:\skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0A9FDAAF-0721-494C-BE79-7ED01E537562}" = WebEx Productivity Tools
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{123260D2-F148-11D0-BA76-00A024E16E89}" = eRoom 7 Client
"{16ECD451-E068-4D40-86DA-A2300694E661}" = Oracle Client 10gR2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2F221920-DB3B-4A74-A010-26ABDBA07AC2}" = SMS Advanced Client
"{2FE4F7D0-49ED-4A85-88C1-1EA443789C4F}" = Microsoft Office Communicator 2005 MUI Pack
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{439113CE-2797-47E8-BA3D-03F300777207}" = HostExplorer 2008
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5AEBDA27-60AF-43EA-B71E-B78115EABC76}" = MINITAB Release 14
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}" = McAfee VirusScan Enterprise
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6C0F9CF5-C0A3-4C65-A17A-878FE1C821B3}" = SafeGuard® Easy 4.20.1
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83048AAB-07DE-4D77-A927-09A0347AF867}" = iPassConnect
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8FF8B7CA-86C3-45EE-A348-D754874D4FAE}" = Ford Help Info 1.5.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{902E0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2000 Web Components
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90AE0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Organization Chart 2.0
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB6FFA58-F491-11D3-8951-000000015799}" = iPassConnect
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC76BA86-7AD7-2447-0000-810000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-2448-0000-810000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5670-0000-810000000003}" = Korean Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5676-5A64-810000000003}" = Adobe Reader Extended Language Support Font Pack
"{AC76BA86-7AD7-5760-0000-810000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE5AD430-9E0C-4243-AB3F-593835869855}" = Microsoft Office Communicator 2005
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D91EEFEB-965F-4975-9094-14808CC0D651}" = Windows Media Player 9 Series
"{DF6B8EA9-32CF-4937-BADF-6CF43313C9FC}" = mGina
"{E34940E1-E781-4E9B-A8AD-4C5520503456}" = Import Links Wizard 1.0
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{ECFFDC97-EDF7-456D-AD7B-C1BA2A4FFC44}" = Ford WSL Reduced Login Client Extension 1.1.2
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"ActiveTouchMeetingClient" = WebEx
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AutoPlanner3.2" = AutoPlanner3.2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Cognos cer3" = Cognos Series 7 Version 2
"Cognos commonlogon" = Cognos Windows Common Logon Server
"HDMI" = Intel® Graphics Media Accelerator Driver
"IBM Personal Communications De-install Key" = IBM Personal Communications
"IEMUICN" = Chinese (Simplified) Menus and Dialogs for Internet Explorer 6
"IEMUIDE" = German Menus and Dialogs for Internet Explorer 6
"IEMUIES" = Spanish Menus and Dialogs for Internet Explorer 6
"IEMUIFR" = French Menus and Dialogs for Internet Explorer 6
"IEMUIIT" = Italian Menus and Dialogs for Internet Explorer 6
"IEMUIJA" = Japanese Menus and Dialogs for Internet Explorer 6
"IEMUIKO" = Korean Menus and Dialogs for Internet Explorer 6
"IEMUINL" = Dutch Menus and Dialogs for Internet Explorer 6
"IEMUITW" = Chinese (Traditional) Menus and Dialogs for Internet Explorer 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"ProInst" = Intel® PROSet/Wireless Software
"Signature995" = Signature995
"SLS" = SLS Version 2.4.0.1
"TSCensus Client Apps" = TSCensus Client Apps
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Script" = Microsoft Windows Script 5.7
"WinZip" = WinZip
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-02-05 7:27:20 PM | Computer Name = cvd1xp1c813f1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2010-02-05 7:27:20 PM | Computer Name = cvd1xp1c813f1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2010-02-05 7:27:35 PM | Computer Name = cvd1xp1c813f1 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : The
DAT files failed or are missing.

Error - 2010-02-05 7:27:49 PM | Computer Name = cvd1xp1c813f1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2010-02-05 7:28:59 PM | Computer Name = cvd1xp1c813f1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for FORDNA2\jstodda1 failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2010-02-05 7:32:32 PM | Computer Name = cvd1xp1c813f1 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : The
DAT files failed or are missing.

Error - 2010-02-05 7:37:41 PM | Computer Name = cvd1xp1c813f1 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : The
DAT files failed or are missing.

Error - 2010-02-05 7:42:41 PM | Computer Name = cvd1xp1c813f1 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : The
DAT files failed or are missing.

Error - 2010-02-05 7:47:42 PM | Computer Name = cvd1xp1c813f1 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : The
DAT files failed or are missing.

Error - 2010-02-05 7:54:12 PM | Computer Name = cvd1xp1c813f1 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : The
DAT files failed or are missing.

[ System Events ]
Error - 2010-02-05 7:47:37 PM | Computer Name = cvd1xp1c813f1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2010-02-05 7:47:41 PM | Computer Name = cvd1xp1c813f1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2010-02-05 7:47:42 PM | Computer Name = cvd1xp1c813f1 | Source = Service Control Manager | ID = 7024
Description = The Network Associates McShield service terminated with service-specific
error 5022 (0x139E).

Error - 2010-02-05 7:51:21 PM | Computer Name = cvd1xp1c813f1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2010-02-05 7:51:25 PM | Computer Name = cvd1xp1c813f1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2010-02-05 7:51:28 PM | Computer Name = cvd1xp1c813f1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2010-02-05 7:51:32 PM | Computer Name = cvd1xp1c813f1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2010-02-05 7:54:07 PM | Computer Name = cvd1xp1c813f1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2010-02-05 7:54:11 PM | Computer Name = cvd1xp1c813f1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2010-02-05 7:54:12 PM | Computer Name = cvd1xp1c813f1 | Source = Service Control Manager | ID = 7024
Description = The Network Associates McShield service terminated with service-specific
error 5022 (0x139E).


< End of report >


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:32 AM

Posted 05 February 2010 - 07:35 PM

Hi,

please also run a scan with mbr:

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 jstodda1

jstodda1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 05 February 2010 - 08:34 PM

here is log - hope i did this right. dos window did not disappear:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:32 AM

Posted 05 February 2010 - 09:22 PM

Hi,

the logs are looking rather clean.

Please run Malwarebytes to check for remaining malware:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Please also run dial-a-fix:

Please read through this guide first
  1. Please download Dial-A-Fix
  2. Extract the zip file to your desktop.
  3. Double click Dial-a-Fix.exe to start the program.
  4. Press the green double checkmark box (Looks like this: )
  5. UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
  6. When the window looks like this, press the GO button in the bottom of the window.
  7. Exit/Close Dial-A-Fix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 jstodda1

jstodda1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 05 February 2010 - 11:06 PM

Hi Myrti, Malwarebytes found no problems.

I ran dialafix. i am unsure what to do. a secondary registry window is indicating that there are 16 rstrictive policies. should i click remove all?

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:32 AM

Posted 08 February 2010 - 11:11 AM

Hi,

if this is your PC and you didn't set them, let them be removed. If this isn't your PC then check with the owner of the PC if he set them and only remove them if he didn't.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 jstodda1

jstodda1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 08 February 2010 - 06:52 PM

Myrti, thanks for all your help. problem appears to have been fixed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users