OTL logfile created on: 11/29/2010 4:17:55 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 65.23 Gb Free Space | 65.23% Space Free | Partition Type: NTFS
Drive E: | 198.01 Gb Total Space | 183.62 Gb Free Space | 92.73% Space Free | Partition Type: NTFS
Drive F: | 298.02 Gb Total Space | 229.51 Gb Free Space | 77.01% Space Free | Partition Type: NTFS
Drive G: | 298.09 Gb Total Space | 283.08 Gb Free Space | 94.96% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 283.04 Gb Free Space | 94.95% Space Free | Partition Type: NTFS
Drive Z: | 888.90 Gb Total Space | 846.67 Gb Free Space | 95.25% Space Free | Partition Type: NTFS
Computer Name: DEATHSTAR | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Administrator\Local Settings\Temp\Lr1.exe ()
PRC - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Pervasive Software\PSQL\bin\w3sqlmgr.exe (Pervasive Software Inc.)
PRC - C:\Program Files\Pervasive Software\PSQL\bin\ntbtrv.exe (Pervasive Software Inc.)
PRC - C:\Program Files\Pervasive Software\PSQL\bin\ntdbsmgr.exe (Pervasive Software Inc.)
PRC - C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\ClockLinkService.exe (Qqest Software Systems)
PRC - C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\SchedTray.exe (Qqest Software Systems)
PRC - c:\Inetpub\wwwroot\qqest\Utilities\TFProcessingQueue.exe (Qqest Software Systems)
PRC - c:\Inetpub\wwwroot\qqest\Utilities\TimeForcePunches.exe (Qqest Software Systems)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe (Symantec Corporation)
PRC - c:\Inetpub\wwwroot\qqest\Utilities\TimeForceServices.exe (Qqest Software Systems)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
PRC - C:\WINDOWS\system32\inetsrv\w3wp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\iscsiexe.exe (Microsoft Corporation)
PRC - C:\Program Files\Areca Technology Corp\Http Proxy Server Service\ArcHttpSrvGUI.exe ()
PRC - C:\Program Files\Areca Technology Corp\Http Proxy Server Service\ArcHttpSrv.exe ()
PRC - C:\WINDOWS\system32\ServerAppliance\elementmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ServerAppliance\appmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ServerAppliance\srvcsurg.exe (Microsoft Corporation)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (WinHttpAutoProxySvc) -- File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (Pervasive.SQL (relational)) -- C:\Program Files\Pervasive Software\PSQL\bin\w3sqlmgr.exe (Pervasive Software Inc.)
SRV - (Pervasive.SQL (transactional)) -- C:\Program Files\Pervasive Software\PSQL\bin\ntbtrv.exe (Pervasive Software Inc.)
SRV - (ClockLink) -- C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\ClockLinkService.exe (Qqest Software Systems)
SRV - (TFPunchProcessQueue) -- c:\Inetpub\wwwroot\qqest\Utilities\TFProcessingQueue.exe (Qqest Software Systems)
SRV - (TFPunches) -- c:\Inetpub\wwwroot\qqest\Utilities\TimeForcePunches.exe (Qqest Software Systems)
SRV - (semsrv) -- C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe (Symantec Corporation)
SRV - (ServiceTimeForce) -- c:\Inetpub\wwwroot\qqest\Utilities\TimeForceServices.exe (Qqest Software Systems)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ASANYs_sem5) -- C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
SRV - (Tssdis) -- C:\WINDOWS\system32\tssdis.exe (Microsoft Corporation)
SRV - (RSoPProv) -- C:\WINDOWS\system32\rsopprov.exe (Microsoft Corporation)
SRV - (Pop3Svc) -- C:\WINDOWS\system32\pop3server\pop3svc.exe (Microsoft Corporation)
SRV - (NtFrs) -- C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
SRV - (LicenseService) -- C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
SRV - (IsmServ) -- C:\WINDOWS\system32\ismserv.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Dfs) -- C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (MSiSCSI) -- C:\WINDOWS\system32\iscsiexe.exe (Microsoft Corporation)
SRV - (ArcHttpProxyServer) -- C:\Program Files\Areca Technology Corp\Http Proxy Server Service\ArcHttpSrv.exe ()
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (elementmgr) -- C:\WINDOWS\system32\ServerAppliance\elementmgr.exe (Microsoft Corporation)
SRV - (appmgr) -- C:\WINDOWS\system32\ServerAppliance\appmgr.exe (Microsoft Corporation)
SRV - (TrkSvr) -- C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
SRV - (sacsvr) -- C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
SRV - (srvcsurg) -- C:\WINDOWS\system32\ServerAppliance\srvcsurg.exe (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (IpInIp) -- C:\WINDOWS\System32\DRIVERS\ipinip.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WLBS) -- C:\WINDOWS\system32\drivers\wlbs.sys (Microsoft Corporation)
DRV - (ClusDisk) -- C:\WINDOWS\system32\drivers\clusdisk.sys (Microsoft Corporation)
DRV - (DfsDriver) -- C:\WINDOWS\system32\drivers\Dfs.sys (Microsoft Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (arcm_x86) -- C:\WINDOWS\system32\drivers\arcm_x86.sys (ARECA Technology Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/11 11:57:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/08/23 14:36:20 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2003/03/25 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\hdashcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [fswsvcjj] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xhskotxyx\emeegsktsbl.exe File not found
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [HJRUDZ5DT2] C:\Documents and Settings\Administrator\Local Settings\Temp\Lr1.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [vvaenahu] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\thjjodxia\eegqwyptsbl.exe File not found
O4 - HKLM..\RunOnce: [ClockLink Scheduler] C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\SchedLoader.exe (Qqest Software Systems)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Areca HTTP Proxy Server GUI.lnk = C:\Program Files\Areca Technology Corp\Http Proxy Server Service\ArcHttpSrvGUI.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ClockLink Scheduler.lnk = C:\Program Files\Qqest Software Systems\TimeForce\ClockLink\SchedLoader.exe (Qqest Software Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169735738472 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/25 07:07:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/11/29 16:16:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/18 11:32:44 | 001,344,088 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/11/18 11:25:18 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/18 08:46:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/17 16:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/11/17 09:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/11/17 09:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2010/11/17 09:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2010/11/16 16:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/11/16 16:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/11/16 16:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/16 14:58:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/11/16 14:17:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/11/16 13:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/16 13:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/11/16 13:28:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/16 13:28:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/16 13:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/16 13:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/16 13:13:16 | 000,536,064 | ---- | C] (Igor Pavlov) -- C:\WINDOWS\System32\RegShellSM.exe
[2010/11/16 13:13:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/11/29 16:17:58 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/11/29 16:16:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/29 16:05:46 | 000,000,612 | ---- | M] () -- C:\WINDOWS\TimeForce.ini
[2010/11/29 16:05:12 | 000,000,401 | ---- | M] () -- C:\clockslist.sql
[2010/11/29 16:02:44 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
[2010/11/29 15:47:29 | 000,597,150 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/29 15:47:29 | 000,122,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/29 15:41:04 | 000,000,183 | ---- | M] () -- C:\WINDOWS\ClockLinkService.ini
[2010/11/29 15:40:57 | 000,000,328 | -HS- | M] () -- C:\WINDOWS\tasks\Wlcvqyx.job
[2010/11/29 15:40:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/29 15:36:34 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/29 15:29:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3058970405-634875250-3406734737-500UA.job
[2010/11/29 09:29:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3058970405-634875250-3406734737-500Core.job
[2010/11/28 18:38:00 | 001,344,088 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/11/17 10:34:05 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/11/17 09:29:12 | 000,002,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/11/17 09:29:12 | 000,002,362 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/16 16:42:15 | 095,250,016 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\regbackup.reg
[2010/11/16 16:19:20 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/16 14:00:40 | 003,910,362 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/11/16 13:54:44 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/11/16 13:28:15 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/16 13:14:28 | 000,105,984 | RHS- | M] () -- C:\WINDOWS\System32\adptifr.dll
[2010/11/16 13:13:22 | 000,536,064 | ---- | M] (Igor Pavlov) -- C:\WINDOWS\System32\RegShellSM.exe
[2010/11/10 12:25:22 | 000,000,822 | ---- | M] () -- C:\WINDOWS\System32\ErrorStatus.xml
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/11/29 16:02:59 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
[2010/11/29 15:41:46 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/11/29 15:37:40 | 000,002,068 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Areca HTTP Proxy Server GUI.lnk
[2010/11/29 15:37:40 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
[2010/11/29 15:37:40 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/11/18 11:25:02 | 003,910,362 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/11/17 10:34:10 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/11/17 09:29:12 | 000,002,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/11/17 09:29:12 | 000,002,362 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/17 09:24:55 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3058970405-634875250-3406734737-500UA.job
[2010/11/17 09:24:55 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3058970405-634875250-3406734737-500Core.job
[2010/11/16 16:42:07 | 095,250,016 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\regbackup.reg
[2010/11/16 16:19:20 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/16 13:54:30 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/11/16 13:28:15 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/16 13:14:28 | 000,000,328 | -HS- | C] () -- C:\WINDOWS\tasks\Wlcvqyx.job
[2010/11/16 13:14:27 | 000,105,984 | RHS- | C] () -- C:\WINDOWS\System32\adptifr.dll
[2009/11/17 12:16:38 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\BTRDRVR.SYS
[2008/04/09 08:24:32 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.dat
[2007/11/08 10:17:46 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2007/01/31 08:03:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/01/25 14:09:03 | 000,000,183 | ---- | C] () -- C:\WINDOWS\ClockLinkService.ini
[2007/01/25 12:50:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/01/25 12:04:53 | 000,000,612 | ---- | C] () -- C:\WINDOWS\TimeForce.ini
[2007/01/25 12:04:53 | 000,000,275 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/25 08:56:17 | 000,000,184 | ---- | C] () -- C:\WINDOWS\bti.ini
[2007/01/25 08:53:16 | 000,000,190 | ---- | C] () -- C:\Program Files\Common Files\psasetup.log
[2007/01/25 08:53:06 | 000,043,760 | ---- | C] () -- C:\WINDOWS\System32\nwlocale.dll
[2007/01/25 07:29:51 | 000,021,792 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/01/25 07:29:51 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/01/25 07:29:48 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2007/01/25 07:29:46 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/01/25 07:29:45 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/01/25 07:29:42 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/01/25 07:19:25 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/01/25 07:19:22 | 000,000,481 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/01/25 07:19:18 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/01/25 00:02:56 | 000,004,633 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 07:25:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/29 07:25:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/29 07:25:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/29 07:25:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/29 07:25:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/29 07:25:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/29 07:25:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/03/24 20:44:26 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2003/03/25 05:00:00 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2003/03/25 05:00:00 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2003/03/25 05:00:00 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2003/03/25 05:00:00 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2003/03/25 05:00:00 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
========== LOP Check ========== [2007/11/29 07:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Aatrix Software
[2010/01/21 15:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aatrix Software
[2009/05/11 11:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pervasive Software
[2010/11/29 15:38:31 | 000,032,510 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2010/11/29 15:40:57 | 000,000,328 | -HS- | M] () -- C:\WINDOWS\Tasks\Wlcvqyx.job
[2010/11/29 16:17:58 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
========== Purity Check ========== < End of report >
OTL Extras logfile created on: 11/29/2010 4:17:55 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 65.23 Gb Free Space | 65.23% Space Free | Partition Type: NTFS
Drive E: | 198.01 Gb Total Space | 183.62 Gb Free Space | 92.73% Space Free | Partition Type: NTFS
Drive F: | 298.02 Gb Total Space | 229.51 Gb Free Space | 77.01% Space Free | Partition Type: NTFS
Drive G: | 298.09 Gb Total Space | 283.08 Gb Free Space | 94.96% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 283.04 Gb Free Space | 94.95% Space Free | Partition Type: NTFS
Drive Z: | 888.90 Gb Total Space | 846.67 Gb Free Space | 95.25% Space Free | Partition Type: NTFS
Computer Name: DEATHSTAR | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05A9FF7A-9F6C-46CF-9EAD-8752184DE99F}" = Microsoft SQL Server VSS Writer
"{0A3238D7-AC32-1030-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP3 Server Engine (32-bit)
"{0B0DBAF6-00EB-4F88-9D91-17ADEF14D3A5}" = CYMA IV Accounting for Windows
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel® PRO Network Connections 11.2.0.69
"{2373A92B-1C1C-4E71-B494-5CA97F96AA19}" = Microsoft SQL Server 2005
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13
"{2A3E2C03-021C-440B-AA81-E020B92DD29F}" = CYMA IV Accounting for Windows
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{4D0F6CBC-1C63-4590-818E-1BCB37B5BA01}" = Microsoft SQL Server Native Client
"{4D6340A0-51FC-4683-9481-9573DFBAC566}" = ClockLink For TimeForce®
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{66A189CF-12DB-4106-955D-35B098BE0835}" = CYMA IV Accounting for Windows
"{7D589A98-0D4A-4F46-BEAB-6031E6364D6C}" = SQLXML4
"{7DDBF079-32B2-4811-A9F5-902320CB9AB4}" = CYMA IV Accounting for Windows
"{896F46E4-73C7-470C-90FB-8802CFAB7284}" = ArcHttpSrvGUI
"{8E005B6E-B2DC-413E-9CEB-93DB2C110A26}" = Microsoft SQL Server 2005 Backward compatibility
"{90032DD0-ABEE-4424-AC1E-B076BDD4E350}" = Microsoft SQL Server 2005 Tools
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91C01344-1C76-44F1-B7A5-EC1E8A432EB5}" = CYMA State Payroll Reporting - FMS
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4F8313B-0E21-478B-B289-BFB7736CA7AA}" = Remote Administration Tools
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{C62F89DE-6225-422D-881E-2115FA3BC332}" = CYMA IV Accounting for Windows
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA8148D7-585B-4011-AC5B-6AED4C8E6BAB}" = SAP
"{E0A41F96-7231-4AE8-A654-EEB34F935462}" = Microsoft SQL Server 2005 Integration Services
"{F21BC620-4230-41D7-8505-36ED42263B35}" = Symantec Endpoint Protection Manager
"{F83B8D2B-51AD-4D71-8F03-0EC25B30C69D}" = CYMA IV Accounting for Windows
"{FA68071D-A095-4B3E-967D-FFCCBA0D486E}" = CYMA IV Accounting for Windows
"ClockLink For TimeForce®" = ClockLink For TimeForce®
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{91C01344-1C76-44F1-B7A5-EC1E8A432EB5}" = CYMA State Payroll Reporting - FMS
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pervasive PSQL v10 SP3 Server Engine (32-bit)" = Pervasive PSQL v10 SP3 Server Engine (32-bit)
"WIC" = Windows Imaging Component
"Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 2
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 11/17/2010 12:18:35 PM | Computer Name = DEATHSTAR | Source = Symantec AntiVirus | ID = 16711731
Description =
Error - 11/17/2010 1:14:09 PM | Computer Name = DEATHSTAR | Source = Symantec AntiVirus | ID = 16711731
Description =
Error - 11/17/2010 2:03:05 PM | Computer Name = DEATHSTAR | Source = Symantec AntiVirus | ID = 16711731
Description =
Error - 11/17/2010 3:21:39 PM | Computer Name = DEATHSTAR | Source = Symantec AntiVirus | ID = 16711731
Description =
Error - 11/17/2010 3:21:41 PM | Computer Name = DEATHSTAR | Source = Symantec AntiVirus | ID = 16711731
Description =
Error - 11/17/2010 6:35:56 PM | Computer Name = DEATHSTAR | Source = Symantec AntiVirus | ID = 16711731
Description =
Error - 11/17/2010 6:36:00 PM | Computer Name = DEATHSTAR | Source = Symantec AntiVirus | ID = 16711731
Description =
Error - 11/17/2010 6:36:01 PM | Computer Name = DEATHSTAR | Source = Symantec AntiVirus | ID = 16711731
Description =
Error - 11/17/2010 6:52:04 PM | Computer Name = DEATHSTAR | Source = Symantec AntiVirus | ID = 16711731
Description =
Error - 11/17/2010 6:52:49 PM | Computer Name = DEATHSTAR | Source = Symantec AntiVirus | ID = 16711731
Description =
[ System Events ]
Error - 8/23/2010 5:46:44 PM | Computer Name = DEATHSTAR | Source = iScsiPrt | ID = 54
Description = Initiator Service failed to respond in time to a request to encrypt
or decrypt data.
Error - 8/25/2010 12:47:34 PM | Computer Name = DEATHSTAR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAINTAINANCE-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{2020FBB2-354. The master browser is stopping or an election is being
forced.
Error - 8/26/2010 12:17:48 PM | Computer Name = DEATHSTAR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAINTAINANCE-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{2020FBB2-354. The master browser is stopping or an election is being
forced.
Error - 8/27/2010 5:05:27 PM | Computer Name = DEATHSTAR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAINTAINANCE-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{2020FBB2-354. The master browser is stopping or an election is being
forced.
Error - 8/28/2010 1:27:50 PM | Computer Name = DEATHSTAR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAINTAINANCE-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{2020FBB2-354. The master browser is stopping or an election is being
forced.
Error - 8/28/2010 1:28:00 PM | Computer Name = DEATHSTAR | Source = NetBT | ID = 4321
Description = The name "WOOKIE :1d" could not be registered on the Interface
with IP address 192.168.1.254. The machine with the IP address 192.168.1.27 did
not allow the name to be claimed by this machine.
Error - 8/30/2010 10:43:35 AM | Computer Name = DEATHSTAR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAINTAINANCE-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{2020FBB2-354. The master browser is stopping or an election is being
forced.
Error - 8/30/2010 11:55:32 AM | Computer Name = DEATHSTAR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAINTAINANCE-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{2020FBB2-354. The master browser is stopping or an election is being
forced.
Error - 8/30/2010 11:59:37 AM | Computer Name = DEATHSTAR | Source = NetBT | ID = 4321
Description = The name "WOOKIE :1d" could not be registered on the Interface
with IP address 192.168.1.254. The machine with the IP address 192.168.1.27 did
not allow the name to be claimed by this machine.
Error - 9/2/2010 6:19:35 PM | Computer Name = DEATHSTAR | Source = iScsiPrt | ID = 54
Description = Initiator Service failed to respond in time to a request to encrypt
or decrypt data.
< End of report >