Is there anything? especiall Feast

**martinezjr** · **martinezjr** on 8th February 2011, 5:54 pm

I am trying to find out if I have anything
I have several machines on my network that have been hit with the Feast.exe and I can not remove it. So I have attached the OTL.txt and Extras.txt files.

Code:: OTL logfile created on: 2011-02-08 11:04:14 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = D:\ Windows 2000 Standard Edition Service Pack 4 (Version = 5.0.2195) - Type = NTDomainController Internet Explorer (Version = 6.0.2800.1106) Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd 1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 20.00% Memory free 3.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free Paging file location(s): C:\pagefile.sys 1728 3456 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 74.50 Gb Total Space | 52.38 Gb Free Space | 70.31% Space Free | Partition Type: NTFS Drive D: | 127.99 Gb Total Space | 15.94 Gb Free Space | 12.45% Space Free | Partition Type: NTFS Drive F: | 29.64 Mb Total Space | 28.64 Mb Free Space | 96.63% Space Free | Partition Type: FAT Drive K: | 48.83 Gb Total Space | 42.11 Gb Free Space | 86.24% Space Free | Partition Type: NTFS Drive L: | 62.96 Gb Total Space | 31.23 Gb Free Space | 49.60% Space Free | Partition Type: NTFS Drive M: | 74.50 Gb Total Space | 17.02 Gb Free Space | 22.85% Space Free | Partition Type: NTFS Drive O: | 74.47 Gb Total Space | 34.19 Gb Free Space | 45.91% Space Free | Partition Type: NTFS Drive P: | 74.50 Gb Total Space | 63.38 Gb Free Space | 85.08% Space Free | Partition Type: NTFS Drive Q: | 18.64 Gb Total Space | 8.90 Gb Free Space | 47.76% Space Free | Partition Type: NTFS Drive S: | 18.61 Gb Total Space | 6.54 Gb Free Space | 35.11% Space Free | Partition Type: NTFS Drive T: | 4.88 Gb Total Space | 4.57 Gb Free Space | 93.61% Space Free | Partition Type: NTFS Drive U: | 13.76 Gb Total Space | 7.99 Gb Free Space | 58.05% Space Free | Partition Type: NTFS Drive V: | 127.99 Gb Total Space | 89.96 Gb Free Space | 70.29% Space Free | Partition Type: NTFS Drive W: | 74.50 Gb Total Space | 52.38 Gb Free Space | 70.31% Space Free | Partition Type: NTFS Drive X: | 127.99 Gb Total Space | 15.94 Gb Free Space | 12.45% Space Free | Partition Type: NTFS Drive Y: | 62.96 Gb Total Space | 31.23 Gb Free Space | 49.60% Space Free | Partition Type: NTFS Drive Z: | 62.96 Gb Total Space | 31.23 Gb Free Space | 49.60% Space Free | Partition Type: NTFS Computer Name: TRAINING | User Name: martinezjr | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-02-08 10:59:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\OTL.com PRC - [2010-04-16 11:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe PRC - [2009-09-15 12:50:06 | 000,087,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\LLSSRV.EXE PRC - [2009-08-27 16:08:28 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\martinezjr\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe PRC - [2009-05-28 08:01:19 | 000,153,360 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\WINS.EXE PRC - [2009-01-12 16:37:28 | 000,106,496 | ---- | M] (Mozilla Foundation) -- \\Training\c$\Documents and Settings\martinezjr\Local Settings\Application Data\Zimbra\zdesktop\win32\prism\zdclient.exe PRC - [2007-04-03 15:18:14 | 001,537,064 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\vpngui.exe PRC - [2007-04-03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2006-05-12 14:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe PRC - [2004-09-07 09:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe PRC - [2004-02-04 01:26:42 | 000,200,704 | ---- | M] (Thinking Man Software) -- C:\Program Files\D4\D4.exe PRC - [2003-06-19 11:05:04 | 000,745,232 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntfrs.exe PRC - [2003-06-19 11:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe PRC - [2003-06-19 11:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe PRC - [2003-06-19 11:05:04 | 000,090,896 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\dfssvc.exe PRC - [2003-06-19 11:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\SFMSVC.EXE PRC - [2003-06-19 11:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe PRC - [2003-06-19 11:05:04 | 000,061,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stisvc.exe PRC - [2003-06-19 11:05:04 | 000,025,872 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ismserv.exe PRC - [2003-06-19 11:05:04 | 000,014,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\inetsrv\inetinfo.exe PRC - [2000-10-09 06:50:00 | 000,430,080 | ---- | M] (Symantec Corporation) -- C:\Program Files\NAV\rtvscan.exe PRC - [2000-10-09 06:50:00 | 000,053,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\NAV\vptray.exe PRC - [2000-10-09 06:50:00 | 000,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NAV\defwatch.exe PRC - [2000-09-18 16:16:20 | 000,018,432 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\cba\pds.exe PRC - [2000-09-18 16:12:40 | 000,031,744 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\AMS_II\IAO.EXE PRC - [2000-09-18 16:12:40 | 000,018,432 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\AMS_II\HNDLRSVC.EXE PRC - [2000-09-18 16:12:40 | 000,014,336 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\MSGSYS.EXE PRC - [2000-09-18 16:12:40 | 000,011,264 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\cba\XFR.EXE PRC - [2000-01-08 12:41:28 | 000,139,264 | ---- | M] (Executive Software International) -- C:\Program Files\Executive Software\DiskeeperServer\DKService.exe PRC - [1999-12-07 06:00:00 | 000,085,264 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\sfmprint.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-02-08 10:59:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\OTL.com MOD - [2005-04-08 05:54:36 | 000,037,648 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\NTLANMAN.DLL MOD - [2003-06-19 11:05:04 | 000,071,952 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netui0.dll MOD - [2003-06-19 11:05:04 | 000,021,776 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll MOD - [2003-06-19 11:05:04 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll MOD - [1999-12-07 06:00:00 | 000,215,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netui1.dll MOD - [1999-12-07 06:00:00 | 000,011,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netrap.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (NeroRegInCDSrv) SRV - [2009-09-15 12:50:06 | 000,087,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\LLSSRV.EXE -- (LicenseService) SRV - [2009-08-27 16:08:28 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\martinezjr\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe -- (Yahoo! Zimbra Desktop Service) SRV - [2009-05-28 08:01:19 | 000,153,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\WINS.EXE -- (WINS) Windows Internet Name Service (WINS) SRV - [2008-05-30 13:50:08 | 000,448,016 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINNT\system32\Windows Media\Server\nsum.exe -- (nsunicast) SRV - [2008-05-30 13:50:08 | 000,222,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINNT\system32\Windows Media\Server\nscm.exe -- (nsstation) SRV - [2007-06-28 18:01:48 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2007-06-25 07:47:12 | 001,552,680 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2007-04-03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2006-05-12 14:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4) SRV - [2005-03-01 04:32:08 | 000,031,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINNT\system32\Windows Media\Server\nspmon.exe -- (nsmonitor) SRV - [2004-09-07 09:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule) SRV - [2004-02-04 01:26:42 | 000,200,704 | ---- | M] (Thinking Man Software) [Auto | Running] -- C:\Program Files\D4\D4.exe -- (Dimension4) SRV - [2003-06-19 11:05:04 | 000,745,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\ntfrs.exe -- (NtFrs) SRV - [2003-06-19 11:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt) SRV - [2003-06-19 11:05:04 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin) SRV - [2003-06-19 11:05:04 | 000,142,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINNT\system32\termsrv.exe -- (TermService) SRV - [2003-06-19 11:05:04 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\FAXSVC.EXE -- (Fax) SRV - [2003-06-19 11:05:04 | 000,090,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\dfssvc.exe -- (Dfs) SRV - [2003-06-19 11:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry) SRV - [2003-06-19 11:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\SFMSVC.EXE -- (MacFile) SRV - [2003-06-19 11:05:04 | 000,061,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\stisvc.exe -- (StiSvc) SRV - [2003-06-19 11:05:04 | 000,025,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\ismserv.exe -- (IsmServ) SRV - [2003-06-19 11:05:04 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan) SRV - [2003-06-19 11:05:04 | 000,014,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2003-06-19 11:05:04 | 000,014,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transport Protocol (SMTP) SRV - [2003-06-19 11:05:04 | 000,014,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (MSFTPSVC) SRV - [2003-06-19 11:05:04 | 000,014,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2000-10-09 06:50:00 | 000,430,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NAV\rtvscan.exe -- (Norton AntiVirus Server) SRV - [2000-10-09 06:50:00 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NAV\defwatch.exe -- (DefWatch) SRV - [2000-09-18 16:16:20 | 000,018,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINNT\system32\cba\pds.exe -- (Intel PDS) SRV - [2000-09-18 16:12:40 | 000,031,744 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINNT\system32\AMS_II\IAO.EXE -- (Intel Alert Originator) SRV - [2000-09-18 16:12:40 | 000,018,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINNT\system32\AMS_II\HNDLRSVC.EXE -- (Intel Alert Handler) SRV - [2000-09-18 16:12:40 | 000,011,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINNT\system32\cba\XFR.EXE -- (Intel File Transfer) SRV - [2000-01-08 12:41:28 | 000,139,264 | ---- | M] (Executive Software International) [Auto | Running] -- C:\Program Files\Executive Software\DiskeeperServer\DKService.exe -- (Diskeeper) SRV - [1999-12-07 06:00:00 | 000,085,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\sfmprint.exe -- (MacPrint) SRV - [1999-12-07 06:00:00 | 000,007,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\ias.dll -- (IAS) SRV - [1999-11-09 14:46:40 | 000,009,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINNT\system32\Windows Media\Server\nspm.exe -- (nsprogram) SRV - [1999-11-09 14:43:42 | 000,083,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\Windows Media\NSLite\NSLService.exe -- (NSLService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-01-19 19:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110120.002\NAVEX15.SYS -- (NAVEX15) DRV - [2011-01-19 19:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110120.002\NAVENG.SYS -- (NAVENG) DRV - [2007-06-28 18:01:48 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\npf.sys -- (NPF) DRV - [2007-06-25 07:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINNT\system32\drivers\InCDRm.sys -- (incdrm) DRV - [2007-06-25 07:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINNT\system32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007-06-25 07:47:02 | 000,139,560 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\WINNT\system32\drivers\InCDFat.sys -- (InCDFat) DRV - [2007-06-25 07:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINNT\system32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007-04-03 15:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2007-01-23 23:23:16 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\dne2000.sys -- (DNE) DRV - [2007-01-18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2005-01-26 07:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Running] -- C:\WINNT\system32\vsdatant.sys -- (vsdatant) DRV - [2004-07-09 01:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE) DRV - [2003-07-11 09:58:00 | 000,126,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\e1000nt5.sys -- (E1000) Intel(R) DRV - [2003-06-19 11:05:04 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot) DRV - [2003-06-19 11:05:04 | 000,154,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\sfmsrv.sys -- (MacSrv) DRV - [2003-06-19 11:05:04 | 000,148,400 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\sfmatalk.sys -- (AppleTalk) DRV - [2003-06-19 11:05:04 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmio.sys -- (dmio) DRV - [2003-06-19 11:05:04 | 000,074,448 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINNT\system32\drivers\Dfs.sys -- (DfsDriver) DRV - [2003-06-19 11:05:04 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel) DRV - [2003-06-19 11:05:04 | 000,037,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nmnt.sys -- (nm) DRV - [2003-06-19 11:05:04 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\uhcd.sys -- (uhcd) DRV - [2003-06-19 11:05:04 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\System32\drivers\efs.sys -- (EFS) DRV - [2003-06-19 11:05:04 | 000,020,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\tdipx.sys -- (TDIPX) DRV - [2003-06-19 11:05:04 | 000,018,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\tdnetb.sys -- (TDNETB) DRV - [2003-06-19 11:05:04 | 000,018,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\tdspx.sys -- (TDSPX) DRV - [2003-06-19 11:05:04 | 000,012,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\tdasync.sys -- (TDASYNC) DRV - [2003-06-19 11:05:04 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\diskperf.sys -- (Diskperf) DRV - [2003-06-19 11:05:04 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmload.sys -- (dmload) DRV - [2000-10-09 06:50:00 | 000,171,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\NAV\navap.sys -- (NAVAP) DRV - [2000-10-09 06:50:00 | 000,007,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\NAV\Navapel.sys -- (NAVAPEL) DRV - [2000-10-08 17:50:00 | 000,063,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent) DRV - [1999-12-07 06:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA) DRV - [1999-12-07 06:00:00 | 000,012,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\System32\drivers\spud.sys -- (spud) DRV - [1999-12-07 06:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)

**martinezjr** · **martinezjr** on 8th February 2011, 5:55 pm

part 2

Code:: [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://10.100.177.40/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: " " FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: " " FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2790392&SearchSource=13" FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-20 15:41:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-03 09:14:40 | 000,000,000 | ---D | M] [2009-09-18 14:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\martinezjr\Application Data\Mozilla\Extensions [2009-09-18 14:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\martinezjr\Application Data\Mozilla\Extensions\prism@developer.mozilla.org [2011-01-18 13:43:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\martinezjr\Application Data\Mozilla\Firefox\Profiles\2wma59y6.default\extensions [2011-01-06 12:28:44 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\martinezjr\Application Data\Mozilla\Firefox\Profiles\2wma59y6.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [2009-11-23 13:57:32 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\martinezjr\Application Data\Mozilla\Firefox\Profiles\2wma59y6.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010-06-29 13:18:49 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\martinezjr\Application Data\Mozilla\Firefox\Profiles\2wma59y6.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03} [2011-01-06 12:28:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\martinezjr\Application Data\Mozilla\Firefox\Profiles\2wma59y6.default\extensions\engine@conduit.com [2011-01-06 12:28:44 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\martinezjr\Application Data\Mozilla\Firefox\Profiles\2wma59y6.default\searchplugins\conduit.xml [2011-01-18 13:43:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-04-19 08:57:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-08-17 09:11:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-11-17 11:11:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-12-17 15:04:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2009-06-26 08:01:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010-11-12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2007-06-28 09:14:22 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll O1 HOSTS File: ([2010-05-07 05:43:04 | 000,000,826 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 10.1.1.47 ad-2-rc-inet O1 - Hosts: 10.1.1.47 timeclock O1 - Hosts: 10.100.177.30 bcmysql O1 - Hosts: 10.100.177.40 bcintra O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx () O4 - HKLM..\Run: [Dimension4] C:\Program Files\D4\D4.exe (Thinking Man Software) O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [vptray] C:\Program Files\NAV\vptray.exe (Symantec Corporation) O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM () O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM () O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\RNR20.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class) O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmvax.cab (Reg Error: Key error.) O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8ax.cab (Reg Error: Key error.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245449373750 (WUWebControl Class) O16 - DPF: {6E49B4EF-9FE5-44DF-8D04-445AA94F83DB} http://70.107.225.103/program/SonyNetworkCameraViewer.cab (Sony Network Camera Viewer Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} file://C:\Program Files\NAV\clt-inst\WEBINST\WebInst.cab (WebBasedClientInstall Class) O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hcjbc.dyndns.org O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx () O18 - Protocol\Filter\Class Install Handler - No CLSID value found O18 - Protocol\Filter\deflate - No CLSID value found O18 - Protocol\Filter\gzip - No CLSID value found O18 - Protocol\Filter\lzdhtml - No CLSID value found O18 - Protocol\Filter\text/webviewhtml - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\NavLogon: DllName - C:\WINNT\system32\NavLogon.dll - C:\WINNT\system32\NavLogon.dll () O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation) O24 - Desktop WallPaper: \\Hcjbcdc\Profiles\martinezjr\MyDocuments\My Pictures\moonplane_thomas (1).bmp O24 - Desktop BackupWallPaper: \\Hcjbcdc\Profiles\martinezjr\MyDocuments\My Pictures\moonplane_thomas (1).bmp O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINNT\System32\pwdssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-19 15:39:58 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-07-17 12:05:22 | 000,000,000 | ---D | M] - C:\AutoScan -- [ NTFS ] O32 - AutoRun File - [2009-05-18 16:36:54 | 000,000,000 | -H-- | M] () - K:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007-06-12 13:54:17 | 000,000,000 | ---- | M] () - M:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2002-09-03 13:36:02 | 000,000,000 | ---- | M] () - O:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008-12-12 14:22:16 | 000,000,000 | ---- | M] () - P:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-08-19 09:54:04 | 000,000,000 | ---- | M] () - Q:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-01-22 11:59:07 | 000,000,000 | ---- | M] () - S:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007-09-14 18:00:06 | 000,000,000 | ---- | M] () - T:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007-09-11 14:17:23 | 000,000,000 | -H-- | M] () - V:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-06-19 15:39:58 | 000,000,000 | -H-- | M] () - W:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-07-17 12:05:22 | 000,000,000 | ---D | M] - W:\AutoScan -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (DfsInit) - C:\WINNT\System32\DfsInit.exe (Microsoft Corporation) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: Ias - C:\WINNT\system32\ias.dll (Microsoft Corporation) NetSvcs: Iprip - File not found NetSvcs: Nwsapagent - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: dmadmin - C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.) SafeBootMin: dmboot.sys - C:\WINNT\system32\drivers\dmboot.sys (VERITAS Software Corp.) SafeBootMin: dmio.sys - C:\WINNT\System32\drivers\dmio.sys (VERITAS Software Corp.) SafeBootMin: dmload.sys - C:\WINNT\System32\drivers\dmload.sys (VERITAS Software Corp.) SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: sglfb.sys - File not found SafeBootMin: System Bus Extender - Driver Group SafeBootMin: tga.sys - File not found SafeBootMin: vga.sys - Driver SafeBootMin: WinMgmt - C:\WINNT\system32\wbem\WinMgmt.exe (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: dmadmin - C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.) SafeBootNet: dmboot.sys - C:\WINNT\system32\drivers\dmboot.sys (VERITAS Software Corp.) SafeBootNet: dmio.sys - C:\WINNT\System32\drivers\dmio.sys (VERITAS Software Corp.) SafeBootNet: dmload.sys - C:\WINNT\System32\drivers\dmload.sys (VERITAS Software Corp.) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NBF - Service SafeBootNet: nbf.sys - Driver SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - C:\WINNT\system32\drivers\nmnt.sys (Microsoft Corporation) SafeBootNet: nm.sys - C:\WINNT\system32\drivers\nmnt.sys (Microsoft Corporation) SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: sglfb.sys - File not found SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: tga.sys - File not found SafeBootNet: vga.sys - Driver SafeBootNet: WinMgmt - C:\WINNT\system32\wbem\WinMgmt.exe (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

**martinezjr** · **martinezjr** on 8th February 2011, 5:56 pm

part 3

Code:: ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {1b0357b8-e3fb-4918-915c-a8eb232c273e} - KB973354 ActiveX: {1d939273-21ce-4e7f-be14-490866ec66c2} - KB976325 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {390e5bb4-1d89-4343-b62d-b76303708a1d} - KB969897 ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3c0d61fe-1db3-4d0b-8477-3cb53eab9469} - KB951066 ActiveX: {3e843540-63b3-42d7-9f4d-812ffd1e767a} - KB974455 ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {4fbff6eb-7540-4f56-a35e-50ff06f9d941} - KB978207 ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {685e3910-1f77-49b9-9434-50bcd95c51ab} - KB905495 ActiveX: {6A5110B5-E14B-4268-A065-EF89FF33C325} - regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {90b0bef8-22d6-40a8-92c8-155434fc112f} - KB938127 ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl ActiveX: {b6609c7e-4ad5-4b8b-9da5-9edbc50f7592} - KB958869 ActiveX: {bfb9c191-4d2f-49bd-aa21-4308475e1cc7} - KB980182 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {f156e5b2-f52e-4094-800c-e7392fe62314} - KB938464 ActiveX: {f351bc8e-a11b-44ba-a436-cee0d27e3abb} - KB976749 ActiveX: {f3d9c2d1-579f-4d41-95ba-5354eeb398d0} - KB972260 ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation) Drivers32: aux1 - File not found Drivers32: aux2 - File not found Drivers32: aux3 - File not found Drivers32: aux4 - File not found Drivers32: aux5 - File not found Drivers32: aux6 - File not found Drivers32: aux7 - File not found Drivers32: aux8 - File not found Drivers32: aux9 - File not found Drivers32: midi1 - File not found Drivers32: midi2 - File not found Drivers32: midi3 - File not found Drivers32: midi4 - File not found Drivers32: midi5 - File not found Drivers32: midi6 - File not found Drivers32: midi7 - File not found Drivers32: midi8 - File not found Drivers32: midi9 - File not found Drivers32: mixer1 - File not found Drivers32: mixer2 - File not found Drivers32: mixer3 - File not found Drivers32: mixer4 - File not found Drivers32: mixer5 - File not found Drivers32: mixer6 - File not found Drivers32: mixer7 - File not found Drivers32: mixer8 - File not found Drivers32: mixer9 - File not found Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINNT\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.voxacm160 - C:\WINNT\System32\vct3216.acm (Voxware, Inc.) Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll () Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.WMV3 - C:\WINNT\System32\wmv9vcm.dll (Microsoft Corporation) Drivers32: wave1 - File not found Drivers32: wave2 - File not found Drivers32: wave3 - File not found Drivers32: wave4 - File not found Drivers32: wave5 - File not found Drivers32: wave6 - File not found Drivers32: wave7 - File not found Drivers32: wave8 - File not found Drivers32: wave9 - File not found SystemRestore not available. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-02-01 11:30:59 | 000,012,592 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\usbscan.sys [4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ] [1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-02-08 10:27:34 | 000,065,536 | ---- | M] () -- C:\WINNT\NETLOGON.CHG [2011-02-08 10:27:33 | 000,065,536 | ---- | M] () -- C:\WINNT\NETLOGON.CHT [2011-02-07 21:28:56 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\martinezjr\Application Data\winscp.rnd [2011-02-07 21:08:02 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job [2011-02-07 11:37:26 | 000,000,486 | ---- | M] () -- \\hcjbcdc\profiles\martinezjr\Desktop\Shortcut to Database.lnk [2011-02-05 22:13:00 | 000,000,680 | ---- | M] () -- C:\WINNT\tasks\Weekly.job [2011-02-04 00:10:53 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2b4.dat [2011-02-02 12:45:32 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_540.dat [2011-02-02 12:45:21 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_3b4.dat [2011-01-28 12:06:54 | 000,001,148 | -H-- | M] () -- \\Hcjbcdc\Profiles\martinezjr\MyDocuments\Default.rdp [2011-01-26 15:03:21 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2011-01-26 15:02:58 | 000,002,153 | ---- | M] () -- C:\Documents and Settings\martinezjr\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2011-01-25 16:47:07 | 000,054,156 | -H-- | M] () -- C:\WINNT\QTFont.qfn [2011-01-24 13:48:18 | 000,262,144 | ---- | M] () -- \\Hcjbcdc\Profiles\martinezjr\MyDocuments\Membership_List_7-2010.xls [2011-01-24 10:38:23 | 000,015,333 | ---- | M] () -- \\Hcjbcdc\Profiles\martinezjr\MyDocuments\_U__Neil_TJDA_March.xls [2011-01-24 10:05:54 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_554.dat [2011-01-24 10:05:42 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_3b0.dat [2011-01-19 13:55:54 | 000,039,936 | ---- | M] () -- \\Hcjbcdc\Profiles\martinezjr\MyDocuments\Affidavit for Purchase.doc [2011-01-15 22:11:00 | 000,000,684 | ---- | M] () -- C:\WINNT\tasks\Monthly.job [2011-01-15 00:34:28 | 000,002,151 | ---- | M] () -- \\hcjbcdc\profiles\martinezjr\Desktop\Users.lnk [2011-01-15 00:33:59 | 000,002,139 | ---- | M] () -- \\hcjbcdc\profiles\martinezjr\Desktop\Active Directory Sites and Services.lnk [2011-01-10 12:00:49 | 000,003,585 | ---- | M] () -- C:\WINNT\ODBC.INI [2011-01-10 10:02:42 | 000,053,901 | ---- | M] () -- \\Hcjbcdc\Profiles\martinezjr\MyDocuments\Cert of Ins.pdf [4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ] [1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-04 00:10:53 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2b4.dat [2011-02-02 12:45:32 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_540.dat [2011-02-02 12:45:21 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3b4.dat [2011-01-24 10:41:56 | 000,262,144 | ---- | C] () -- \\Hcjbcdc\Profiles\martinezjr\MyDocuments\Membership_List_7-2010.xls [2011-01-24 10:38:38 | 000,015,333 | ---- | C] () -- \\Hcjbcdc\Profiles\martinezjr\MyDocuments\_U__Neil_TJDA_March.xls [2011-01-24 10:05:54 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_554.dat [2011-01-24 10:05:42 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3b0.dat [2011-01-19 13:56:02 | 000,039,936 | ---- | C] () -- \\Hcjbcdc\Profiles\martinezjr\MyDocuments\Affidavit for Purchase.doc [2011-01-10 10:02:41 | 000,053,901 | ---- | C] () -- \\Hcjbcdc\Profiles\martinezjr\MyDocuments\Cert of Ins.pdf [2010-11-06 13:22:56 | 000,749,568 | R--- | C] () -- C:\WINNT\System32\AGI1600.DLL [2010-11-06 13:22:54 | 001,777,664 | R--- | C] () -- C:\WINNT\System32\ZHP1600R.DLL [2010-07-07 16:08:53 | 000,012,943 | ---- | C] () -- C:\Documents and Settings\martinezjr\Application Data\Microsoft Excel.CAL [2009-09-18 15:05:54 | 000,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini [2009-09-17 16:38:37 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll [2009-08-13 15:47:37 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2009-07-30 11:18:04 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\martinezjr\Local Settings\Application Data\PUTTY.RND [2009-07-13 07:41:53 | 000,000,000 | ---- | C] () -- C:\WINNT\VPC32.INI [2009-07-06 06:35:00 | 000,000,588 | ---- | C] () -- C:\WINNT\PAGESVC.INI [2009-06-30 10:44:49 | 000,006,688 | ---- | C] () -- C:\WINNT\System32\Digita.sys [2009-06-30 10:44:46 | 000,335,872 | ---- | C] () -- C:\WINNT\System32\ldf252.dll [2009-06-24 11:17:37 | 000,029,744 | ---- | C] () -- C:\WINNT\System32\InstHelper.dll [2009-06-24 11:16:37 | 000,197,672 | ---- | C] () -- C:\WINNT\System32\vpnapi.dll [2009-06-24 11:16:33 | 000,193,576 | ---- | C] () -- C:\WINNT\System32\CSGina.dll [2009-06-23 15:45:06 | 000,002,283 | ---- | C] () -- C:\WINNT\cdplayer.ini [2009-06-23 10:48:27 | 000,001,446 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009-06-23 08:54:58 | 000,000,126 | ---- | C] () -- C:\WINNT\mdm.ini [2009-06-22 09:34:14 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\martinezjr\Application Data\winscp.rnd [2009-06-22 09:34:11 | 000,003,585 | ---- | C] () -- C:\WINNT\ODBC.INI [2009-06-19 16:15:50 | 000,017,168 | ---- | C] () -- C:\WINNT\System32\ismsink.dll [2009-06-19 15:50:00 | 000,126,976 | ---- | C] () -- C:\WINNT\System32\e1000msg.dll [2009-06-19 15:38:55 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt [2009-06-19 15:37:41 | 000,000,000 | ---- | C] () -- C:\WINNT\frontpg.ini [2009-06-19 15:35:33 | 000,000,000 | ---- | C] () -- C:\WINNT\nsrex.INI [2009-06-19 10:35:04 | 000,021,789 | ---- | C] () -- C:\WINNT\System32\smtpctrs.ini [2009-06-19 10:35:04 | 000,001,037 | ---- | C] () -- C:\WINNT\System32\ntfsdrct.ini [2009-06-19 10:34:18 | 000,007,854 | ---- | C] () -- C:\WINNT\System32\ftpctrs.ini [2009-06-19 10:34:15 | 000,038,523 | ---- | C] () -- C:\WINNT\System32\w3ctrs.ini [2009-06-19 10:34:15 | 000,009,584 | ---- | C] () -- C:\WINNT\System32\axperf.ini [2009-06-19 10:34:11 | 000,011,355 | ---- | C] () -- C:\WINNT\System32\infoctrs.ini [2009-06-19 10:33:35 | 000,014,745 | ---- | C] () -- C:\WINNT\System32\CPSsym.ini [2009-06-19 10:24:37 | 000,004,236 | ---- | C] () -- C:\WINNT\ODBCINST.INI [2007-06-28 18:01:48 | 000,053,299 | ---- | C] () -- C:\WINNT\System32\pthreadVC.dll [2000-10-09 06:50:00 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\NavLogon.dll [1999-12-07 06:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll [1999-12-07 06:00:00 | 000,133,752 | ---- | C] () -- C:\WINNT\System32\schema.ini [1999-12-07 06:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll [1999-12-07 06:00:00 | 000,022,582 | ---- | C] () -- C:\WINNT\System32\ntdsctrs.ini [1999-12-07 06:00:00 | 000,020,386 | ---- | C] () -- C:\WINNT\System32\ntfrsrep.ini [1999-12-07 06:00:00 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini [1999-12-07 06:00:00 | 000,005,597 | ---- | C] () -- C:\WINNT\System32\ntfrscon.ini [1999-12-07 06:00:00 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini [1999-09-25 04:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys [1999-09-25 04:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys [1999-01-22 12:46:56 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\MSRTEDIT.DLL [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemroot%\Fonts\*.com >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.dll >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.ini >[/color] [2009-06-19 15:39:19 | 000,000,067 | -HS- | M] () -- C:\WINNT\Fonts\desktop.ini [color=#A23BEC]< %systemroot%\Fonts\*.ini2 >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color] [2003-06-19 11:05:04 | 000,006,928 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\sfmpsprt.dll [2007-06-27 09:00:00 | 000,057,344 | R--- | M] (Zenographics, Inc.) -- C:\WINNT\system32\spool\prtprocs\w32x86\zIMFPRNT.DLL [color=#A23BEC]< %systemroot%\REPAIR\*.bak1 >[/color] [color=#A23BEC]< %systemroot%\REPAIR\*.ini >[/color] [color=#A23BEC]< %systemroot%\system32\*.jpg >[/color] [color=#A23BEC]< %systemroot%\*.jpg >[/color] [color=#A23BEC]< %systemroot%\*.png >[/color] [color=#A23BEC]< %systemroot%\*.scr >[/color] [color=#A23BEC]< %systemroot%\*._sy >[/color] [color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color] [color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color] [2009-06-19 15:38:55 | 000,000,271 | -H-- | M] () -- C:\Program Files\desktop.ini [2009-06-19 15:38:55 | 000,021,952 | -H-- | M] () -- C:\Program Files\folder.htt [color=#A23BEC]< %APPDATA%\Update\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\bak. /s >[/color] [color=#A23BEC]< %systemroot%\system32\bak. /s >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >[/color] [color=#A23BEC]< %systemroot%\system32\config\systemprofile\*.dat /x >[/color] [color=#A23BEC]< %systemroot%\*.config >[/color] [color=#A23BEC]< %systemroot%\system32\*.db >[/color] [color=#A23BEC]< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >[/color] [2009-06-22 09:21:33 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\martinezjr\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [color=#A23BEC]< %USERPROFILE%\Desktop\*.exe >[/color] [color=#A23BEC]< %PROGRAMFILES%\Common Files\*.* >[/color] [color=#A23BEC]< %systemroot%\*.src >[/color] [color=#A23BEC]< %systemroot%\install\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\DLL\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\HelpFiles\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\rundll\*.* >[/color] [color=#A23BEC]< %systemroot%\winn32\*.* >[/color] [color=#A23BEC]< %systemroot%\Java\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\test\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\Rundll32\*.* >[/color] [color=#A23BEC]< %systemroot%\AppPatch\Custom\*.* >[/color] [color=#A23BEC]< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >[/color] [color=#A23BEC]< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\*.tmp >[/color] [color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\*.dat >[/color] [color=#A23BEC]< %USERPROFILE%\My Documents\*.exe >[/color] [color=#A23BEC]< %USERPROFILE%\*.exe >[/color] [color=#A23BEC]< %systemroot%\ADDINS\*.* >[/color] [1999-12-07 06:00:00 | 000,000,777 | ---- | M] () -- C:\WINNT\addins\faxext.ecf [color=#A23BEC]< %systemroot%\assembly\*.bak2 >[/color] [color=#A23BEC]< %systemroot%\Config\*.* >[/color] [1999-12-07 06:00:00 | 000,000,654 | ---- | M] () -- C:\WINNT\Config\general.idf [1999-12-07 06:00:00 | 000,000,658 | ---- | M] () -- C:\WINNT\Config\hindered.idf [1999-12-07 06:00:00 | 000,000,302 | ---- | M] () -- C:\WINNT\Config\msadlib.idf [color=#A23BEC]< %systemroot%\REPAIR\*.bak2 >[/color] [color=#A23BEC]< %systemroot%\SECURITY\Database\*.sdb /x >[/color] [color=#A23BEC]< %systemroot%\SYSTEM\*.bak2 >[/color] [color=#A23BEC]< %systemroot%\Web\*.bak2 >[/color] [color=#A23BEC]< %systemroot%\Driver Cache\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\Mozilla Firefox\*.exe >[/color] [2010-04-07 16:42:56 | 000,120,280 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe [2010-04-07 16:42:56 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe [2010-04-07 16:43:01 | 000,244,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe [color=#A23BEC]< %ProgramFiles%\Microsoft Common\*.* >[/color] [color=#A23BEC]< %ProgramFiles%\TinyProxy. >[/color] [color=#A23BEC]< %USERPROFILE%\Favorites\*.url /x >[/color] [2009-06-22 09:21:33 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\martinezjr\Favorites\Desktop.ini [color=#A23BEC]< %systemroot%\system32\*.bk >[/color] [color=#A23BEC]< %systemroot%\*.te >[/color] [color=#A23BEC]< %systemroot%\system32\system32\*.* >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\*.dat /x >[/color] [2010-08-19 16:01:45 | 000,002,370 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2010-02-25 10:31:20 | 000,351,744 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINNT\system32\DXTMSFT.DLL [2010-02-25 10:31:16 | 000,192,512 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINNT\system32\DXTRANS.DLL [1 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\system32\*.exe /lockedfiles >[/color] [1 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2009-06-19 10:22:43 | 000,081,920 | ---- | M] () -- C:\WINNT\system32\config\default.sav [2009-06-19 10:22:43 | 000,536,576 | ---- | M] () -- C:\WINNT\system32\config\software.sav [2009-06-19 10:22:42 | 000,368,640 | ---- | M] () -- C:\WINNT\system32\config\system.sav [color=#A23BEC]< %systemroot%\system32\*.sys >[/color] [1999-12-07 06:00:00 | 000,009,029 | ---- | M] () -- C:\WINNT\system32\ansi.sys [2003-06-19 11:05:04 | 000,027,097 | ---- | M] () -- C:\WINNT\system32\country.sys [1998-12-14 13:05:36 | 000,006,688 | ---- | M] () -- C:\WINNT\system32\Digita.sys [1999-12-07 06:00:00 | 000,004,768 | ---- | M] () -- C:\WINNT\system32\himem.sys [2003-06-19 11:05:04 | 000,042,809 | ---- | M] () -- C:\WINNT\system32\key01.sys [2003-06-19 11:05:04 | 000,042,537 | ---- | M] () -- C:\WINNT\system32\KEYBOARD.SYS [2003-06-19 11:05:04 | 000,027,866 | ---- | M] () -- C:\WINNT\system32\NTDOS.SYS [1999-12-07 06:00:00 | 000,029,146 | ---- | M] () -- C:\WINNT\system32\ntdos404.sys [1999-12-07 06:00:00 | 000,029,370 | ---- | M] () -- C:\WINNT\system32\ntdos411.sys [1999-12-07 06:00:00 | 000,029,274 | ---- | M] () -- C:\WINNT\system32\ntdos412.sys [1999-12-07 06:00:00 | 000,029,146 | ---- | M] () -- C:\WINNT\system32\ntdos804.sys [2003-06-19 11:05:04 | 000,033,824 | ---- | M] () -- C:\WINNT\system32\NTIO.SYS [2003-06-19 11:05:04 | 000,034,544 | ---- | M] () -- C:\WINNT\system32\ntio404.sys [2003-06-19 11:05:04 | 000,035,648 | ---- | M] () -- C:\WINNT\system32\ntio411.sys [2003-06-19 11:05:04 | 000,035,408 | ---- | M] () -- C:\WINNT\system32\ntio412.sys [2003-06-19 11:05:04 | 000,034,544 | ---- | M] () -- C:\WINNT\system32\ntio804.sys [2003-06-19 11:05:04 | 000,187,024 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spcmdcon.sys [2005-01-26 07:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINNT\system32\vsdatant.sys [2009-08-14 01:04:52 | 001,649,904 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\WIN32K.SYS [1 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\system32\drivers\*.dll >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.ini >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[/color] [2003-06-19 11:05:04 | 000,006,928 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\sfmpsprt.dll [2007-06-27 09:00:00 | 000,057,344 | R--- | M] (Zenographics, Inc.) -- C:\WINNT\system32\spool\prtprocs\w32x86\zIMFPRNT.DLL [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2003-06-19 11:05:04 | 000,150,528 | RHS- | M] () -- C:\arcldr.exe [2003-06-19 11:05:04 | 000,163,840 | RHS- | M] () -- C:\arcsetup.exe [2009-06-19 15:39:58 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT [2009-06-19 10:32:21 | 000,000,279 | -HS- | M] () -- C:\boot.ini [2010-10-05 13:44:02 | 000,007,705 | ---- | M] () -- C:\CLJ1600.log [2009-06-19 15:39:58 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS [2009-07-02 09:20:04 | 003,782,113 | ---- | M] () -- C:\D-C.wmv [2009-07-02 09:20:03 | 000,234,496 | ---- | M] () -- C:\DELUNA~1.PPT [2009-07-02 09:20:02 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\hlink.dll [2009-06-19 15:39:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-07-06 14:30:11 | 000,000,052 | -H-- | M] () -- C:\LDISCAN.CFG [2009-06-19 15:39:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009-07-02 09:20:02 | 000,014,336 | ---- | M] (Microsoft) -- C:\msimrt.dll [2009-07-02 09:20:03 | 000,010,544 | ---- | M] (Microsoft) -- C:\msimrt16.dll [2009-07-02 09:20:03 | 000,022,016 | ---- | M] (Microsoft) -- C:\msimrt32.dll [2009-07-02 09:20:02 | 000,120,320 | ---- | M] (Microsoft) -- C:\msimusic.dll [2009-07-02 09:20:03 | 001,691,408 | ---- | M] () -- C:\mso97v.dll [2009-07-02 09:20:02 | 000,005,632 | ---- | M] () -- C:\msppt8vr.olb [2009-07-02 09:20:03 | 000,229,136 | ---- | M] (Microsoft Corporation) -- C:\MSV7ENU.DLL [2009-06-19 16:15:00 | 000,034,724 | RHS- | M] () -- C:\NTDETECT.COM [2009-06-19 16:15:00 | 000,214,432 | RHS- | M] () -- C:\ntldr [2011-02-04 00:09:30 | 1811,939,328 | -HS- | M] () -- C:\pagefile.sys [2009-07-02 09:20:04 | 000,000,014 | ---- | M] () -- C:\PLAYLIST.LST [2009-07-02 09:20:03 | 000,483,386 | ---- | M] () -- C:\PP4X322.DLL [2009-07-02 09:20:03 | 000,098,361 | ---- | M] () -- C:\PP7X32.DLL [2009-07-02 09:20:02 | 000,158,208 | ---- | M] (Microsoft Corporation) -- C:\ppintlv.dll [2009-07-02 09:20:02 | 001,425,680 | ---- | M] () -- C:\ppview32.exe [2009-07-02 09:20:02 | 000,032,768 | ---- | M] () -- C:\rappt.dll [2009-07-02 09:20:03 | 000,163,600 | ---- | M] (Microsoft Corporation) -- C:\t2embed.dll [2009-07-02 09:20:02 | 000,462,336 | ---- | M] (Microsoft Corporation) -- C:\urlmon.dll [2009-11-14 18:10:18 | 002,948,343 | ---- | M] () -- C:\WeeklyBackup 20091114 1810.sql [2009-11-21 18:10:08 | 002,970,729 | ---- | M] () -- C:\WeeklyBackup 20091121 1810.sql [2009-11-28 18:10:09 | 003,008,492 | ---- | M] () -- C:\WeeklyBackup 20091128 1810.sql [2009-12-05 18:10:10 | 003,044,993 | ---- | M] () -- C:\WeeklyBackup 20091205 1810.sql [2009-12-12 18:10:08 | 003,073,592 | ---- | M] () -- C:\WeeklyBackup 20091212 1810.sql [2009-12-19 18:10:08 | 003,103,325 | ---- | M] () -- C:\WeeklyBackup 20091219 1810.sql [2009-12-26 18:10:09 | 003,134,332 | ---- | M] () -- C:\WeeklyBackup 20091226 1810.sql [2010-01-02 18:10:10 | 003,162,343 | ---- | M] () -- C:\WeeklyBackup 20100102 1810.sql [2010-01-09 18:10:11 | 003,190,616 | ---- | M] () -- C:\WeeklyBackup 20100109 1810.sql [2010-01-16 18:10:09 | 003,234,605 | ---- | M] () -- C:\WeeklyBackup 20100116 1810.sql [2010-01-23 18:10:09 | 003,258,149 | ---- | M] () -- C:\WeeklyBackup 20100123 1810.sql [2010-01-30 18:10:09 | 003,299,603 | ---- | M] () -- C:\WeeklyBackup 20100130 1810.sql [2010-02-06 18:10:10 | 003,330,041 | ---- | M] () -- C:\WeeklyBackup 20100206 1810.sql [2010-02-13 18:10:08 | 003,370,909 | ---- | M] () -- C:\WeeklyBackup 20100213 1810.sql [2010-02-20 18:10:10 | 003,402,634 | ---- | M] () -- C:\WeeklyBackup 20100220 1810.sql [2010-02-27 18:10:10 | 003,430,731 | ---- | M] () -- C:\WeeklyBackup 20100227 1810.sql [2010-03-06 18:10:11 | 003,459,443 | ---- | M] () -- C:\WeeklyBackup 20100306 1810.sql [2010-03-13 18:10:10 | 003,499,577 | ---- | M] () -- C:\WeeklyBackup 20100313 1810.sql [2010-03-20 18:10:12 | 003,526,217 | ---- | M] () -- C:\WeeklyBackup 20100320 1810.sql [2010-03-27 18:10:09 | 003,546,011 | ---- | M] () -- C:\WeeklyBackup 20100327 1810.sql [2010-04-03 18:10:07 | 003,571,769 | ---- | M] () -- C:\WeeklyBackup 20100403 1810.sql [2010-04-10 18:10:10 | 003,606,080 | ---- | M] () -- C:\WeeklyBackup 20100410 1810.sql [2010-04-17 18:10:11 | 003,652,964 | ---- | M] () -- C:\WeeklyBackup 20100417 1810.sql [2010-04-24 18:10:10 | 003,698,059 | ---- | M] () -- C:\WeeklyBackup 20100424 1810.sql [2010-05-01 18:10:11 | 003,727,979 | ---- | M] () -- C:\WeeklyBackup 20100501 1810.sql [2010-05-15 18:10:26 | 003,821,863 | ---- | M] () -- C:\WeeklyBackup 20100515 1810.sql [2010-05-22 18:10:07 | 003,858,701 | ---- | M] () -- C:\WeeklyBackup 20100522 1810.sql [2010-05-29 18:10:10 | 003,905,912 | ---- | M] () -- C:\WeeklyBackup 20100529 1810.sql [2010-06-05 18:10:10 | 003,935,685 | ---- | M] () -- C:\WeeklyBackup 20100605 1810.sql [2010-06-12 18:10:09 | 003,971,174 | ---- | M] () -- C:\WeeklyBackup 20100612 1810.sql [2010-06-19 18:10:11 | 003,997,499 | ---- | M] () -- C:\WeeklyBackup 20100619 1810.sql [2010-06-26 18:10:14 | 004,029,380 | ---- | M] () -- C:\WeeklyBackup 20100626 1810.sql [2010-07-03 18:10:10 | 004,041,111 | ---- | M] () -- C:\WeeklyBackup 20100703 1810.sql [2010-07-10 18:10:10 | 004,068,453 | ---- | M] () -- C:\WeeklyBackup 20100710 1810.sql [2010-07-17 18:10:08 | 004,090,602 | ---- | M] () -- C:\WeeklyBackup 20100717 1810.sql [2010-07-24 18:10:11 | 004,128,933 | ---- | M] () -- C:\WeeklyBackup 20100724 1810.sql [2010-07-31 18:10:10 | 004,151,783 | ---- | M] () -- C:\WeeklyBackup 20100731 1810.sql [2010-08-07 18:10:11 | 004,178,996 | ---- | M] () -- C:\WeeklyBackup 20100807 1810.sql [2010-08-14 18:10:11 | 004,211,998 | ---- | M] () -- C:\WeeklyBackup 20100814 1810.sql [2010-08-21 18:10:09 | 004,262,343 | ---- | M] () -- C:\WeeklyBackup 20100821 1810.sql [2010-08-28 18:10:14 | 004,279,065 | ---- | M] () -- C:\WeeklyBackup 20100828 1810.sql [2010-09-04 18:10:12 | 004,305,648 | ---- | M] () -- C:\WeeklyBackup 20100904 1810.sql [2010-09-11 18:10:11 | 004,341,182 | ---- | M] () -- C:\WeeklyBackup 20100911 1810.sql [2010-09-18 18:10:13 | 004,376,757 | ---- | M] () -- C:\WeeklyBackup 20100918 1810.sql [2010-09-25 18:10:12 | 004,419,563 | ---- | M] () -- C:\WeeklyBackup 20100925 1810.sql [2010-09-30 11:06:38 | 004,436,264 | ---- | M] () -- C:\WeeklyBackup 20100930 1106.sql [2010-10-02 18:10:12 | 004,442,174 | ---- | M] () -- C:\WeeklyBackup 20101002 1810.sql [2010-10-09 18:10:13 | 004,470,776 | ---- | M] () -- C:\WeeklyBackup 20101009 1810.sql [2009-07-02 09:20:02 | 000,576,512 | ---- | M] (Microsoft Corporation) -- C:\wininet.dll [2009-07-06 06:35:37 | 000,011,426 | -H-- | M] () -- C:\_NavCSrv.Log [color=#A23BEC]< %PROGRAMFILES%\*. >[/color] [2009-06-19 16:04:39 | 000,000,000 | ---D | M] -- C:\Program Files\3Com [2009-06-19 10:33:52 | 000,000,000 | ---D | M] -- C:\Program Files\Accessories [2009-06-30 10:44:46 | 000,000,000 | ---D | M] -- C:\Program Files\ACD Systems [2009-06-22 11:10:10 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe [2009-06-22 08:18:43 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices [2009-06-30 07:26:53 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update [2009-08-05 08:02:39 | 000,000,000 | ---D | M] -- C:\Program Files\Aptana [2009-07-17 12:06:28 | 000,000,000 | ---D | M] -- C:\Program Files\AutoScanNetwork-1.32 [2010-11-08 12:06:34 | 000,000,000 | ---D | M] -- C:\Program Files\Avery [2011-01-06 12:27:46 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent [2009-06-24 11:16:33 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems [2009-06-19 15:37:50 | 000,000,000 | ---D | M] -- C:\Program Files\Cmak [2009-07-24 14:49:39 | 000,000,000 | ---D | M] -- C:\Program Files\CoffeeCup Software [2010-11-04 17:45:45 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2009-06-19 15:36:48 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications [2010-03-29 09:19:14 | 000,000,000 | ---D | M] -- C:\Program Files\D4 [2010-02-26 15:03:36 | 000,000,000 | ---D | M] -- C:\Program Files\Dell [2009-07-02 11:43:00 | 000,000,000 | ---D | M] -- C:\Program Files\DjVuZone [2009-06-23 16:30:17 | 000,000,000 | ---D | M] -- C:\Program Files\Executive Software [2010-03-04 16:29:28 | 000,000,000 | ---D | M] -- C:\Program Files\Google [2009-06-23 11:04:29 | 000,000,000 | ---D | M] -- C:\Program Files\HP [2010-06-17 09:57:43 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallJammer Registry [2010-02-13 18:16:13 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information [2009-06-22 08:23:11 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer [2010-08-10 09:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\iPod [2010-08-10 09:02:47 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes [2010-12-17 15:04:36 | 000,000,000 | ---D | M] -- C:\Program Files\Java [2010-06-28 16:03:41 | 000,000,000 | ---D | M] -- C:\Program Files\JRE [2009-06-22 10:03:00 | 000,000,000 | ---D | M] -- C:\Program Files\JustStyle CSS Editor 1.3.3 [2010-08-24 16:57:36 | 000,000,000 | ---D | M] -- C:\Program Files\LEGO Company [2009-06-19 10:35:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft FrontPage [2010-09-15 08:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office [2009-06-19 10:35:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Script Debugger [2009-06-23 08:53:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio [2011-02-07 16:10:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2009-06-22 09:55:02 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache [2009-09-18 11:41:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0 [2009-06-22 10:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\MySQL [2011-01-20 11:52:22 | 000,000,000 | ---D | M] -- C:\Program Files\NAV [2009-09-17 16:43:49 | 000,000,000 | ---D | M] -- C:\Program Files\Nero [2009-06-21 13:04:56 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting [2010-06-28 16:03:37 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3 [2010-10-15 13:06:42 | 000,000,000 | ---D | M] -- C:\Program Files\Opera [2009-08-12 13:02:02 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express [2009-06-19 10:33:35 | 000,000,000 | ---D | M] -- C:\Program Files\Phone Book Service [2009-06-22 10:02:46 | 000,000,000 | ---D | M] -- C:\Program Files\PHP Coder [2009-06-22 09:36:07 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime [2009-06-23 15:42:49 | 000,000,000 | ---D | M] -- C:\Program Files\Real [2009-06-22 08:59:10 | 000,000,000 | ---D | M] -- C:\Program Files\RealVNC [2009-06-23 08:52:29 | 000,000,000 | ---D | M] -- C:\Program Files\Snapshot Viewer [2010-02-13 18:16:13 | 000,000,000 | ---D | M] -- C:\Program Files\SSH Communications Security [2009-07-06 06:34:19 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec [2009-06-24 15:50:54 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel FW [2009-06-22 08:19:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information [2009-06-19 10:35:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components [2009-09-17 16:42:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player [2009-06-19 16:19:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT [2010-08-19 13:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Resource Kits [2009-06-20 12:45:12 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate [2009-07-17 12:06:15 | 000,000,000 | ---D | M] -- C:\Program Files\WinPcap [2009-06-22 09:34:35 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR [2009-10-21 07:36:26 | 000,000,000 | ---D | M] -- C:\Program Files\WinSCP [2009-06-30 14:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip Self-Extractor [color=#A23BEC]< %appdata%\*.* >[/color] [2010-07-07 16:08:59 | 000,012,943 | ---- | M] () -- C:\Documents and Settings\martinezjr\Application Data\Microsoft Excel.CAL [2011-02-07 21:28:56 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\martinezjr\Application Data\winscp.rnd [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2003-06-19 11:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:AGP440.sys [2003-06-19 11:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:AGP440.sys [2003-06-19 11:05:04 | 000,021,008 | ---- | M] (Microsoft Corporation) MD5=CDDB71A90077C93BEA5C72507F0B1394 -- C:\WINNT\ServicePackFiles\i386\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2003-06-19 11:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:atapi.sys [2003-06-19 11:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:atapi.sys [2003-06-19 11:05:04 | 000,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\ServicePackFiles\i386\atapi.sys [2003-06-19 11:05:04 | 000,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: DISK.SYS >[/color] [2003-06-19 11:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:disk.sys [2003-06-19 11:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:disk.sys [2003-06-19 11:05:04 | 000,030,768 | ---- | M] (Microsoft Corporation) MD5=322B9A3774DBF119F6635A476B0EB058 -- C:\WINNT\ServicePackFiles\i386\disk.sys [2003-06-19 11:05:04 | 000,030,768 | ---- | M] (Microsoft Corporation) MD5=322B9A3774DBF119F6635A476B0EB058 -- C:\WINNT\system32\drivers\DISK.SYS [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2003-06-19 11:05:04 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\$NtUpdateRollupPackUninstall$\eventlog.dll [2003-06-19 11:05:04 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\ServicePackFiles\i386\eventlog.dll [2005-04-08 05:54:32 | 000,049,424 | ---- | M] (Microsoft Corporation) MD5=E7F03344AE103B02135C20112B557051 -- C:\WINNT\system32\dllcache\EVENTLOG.DLL [2005-04-08 05:54:32 | 000,049,424 | ---- | M] (Microsoft Corporation) MD5=E7F03344AE103B02135C20112B557051 -- C:\WINNT\system32\EVENTLOG.DLL [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2003-06-19 11:05:04 | 000,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\$NtUninstallKB957097$\netlogon.dll [2003-06-19 11:05:04 | 000,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\ServicePackFiles\i386\netlogon.dll [2003-06-19 11:05:04 | 000,013,072 | ---- | M] (Microsoft Corporation) MD5=BB2A715595BCA726A8D185BDECF31072 -- C:\WINNT\system32\NETMON\PARSERS\netlogon.dll [2005-04-07 14:24:32 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\WINNT\$NtUninstallKB952068_WM41$\netlogon.dll [2005-04-07 17:24:32 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\WINNT\$NtUninstallKB954600_WM41$\netlogon.dll [2005-04-08 05:54:32 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\WINNT\$NtUninstallKB960803$\netlogon.dll [2005-04-07 14:24:32 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\WINNT\$NtUpdateRollupPackUninstall$\netlogon.dll [2005-04-07 17:24:32 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\WINNT\system32\dllcache\NETLOGON.DLL [2005-04-07 17:24:32 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\WINNT\system32\NETLOGON.DLL [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2005-01-12 13:39:44 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=6FCCE1622E75C7DC46509F7EC4B314A3 -- C:\WINNT\system32\dllcache\scecli.dll [2005-01-12 13:39:44 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=6FCCE1622E75C7DC46509F7EC4B314A3 -- C:\WINNT\system32\scecli.dll [2003-06-19 11:05:04 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\$NtUpdateRollupPackUninstall$\scecli.dll [2003-06-19 11:05:04 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\ServicePackFiles\i386\scecli.dll [color=#A23BEC]< MD5 for: USBSTOR.SYS >[/color] [2003-06-19 11:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:usbstor.sys [2003-06-19 11:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:usbstor.sys [2003-06-19 11:05:04 | 000,021,552 | ---- | M] (Microsoft Corporation) MD5=13EBA8A2DA3447FE7F217E34210AC554 -- C:\WINNT\ServicePackFiles\i386\usbstor.sys [2003-06-19 11:05:04 | 000,021,552 | ---- | M] (Microsoft Corporation) MD5=13EBA8A2DA3447FE7F217E34210AC554 -- C:\WINNT\system32\drivers\usbstor.sys [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-31 14:37:26 [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 60 bytes -> C:\Microsoft UAM Volume:AFP_AfpInfo @Alternate Data Stream - 44 bytes -> C:\Microsoft UAM Volume:AFP_DeskTop @Alternate Data Stream - 4096 bytes -> C:\Microsoft UAM Volume:AFP_IdIndex < End of report >

Extra.txt

Code:: OTL Extras logfile created on: 2011-02-08 11:04:14 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = D:\ Windows 2000 Standard Edition Service Pack 4 (Version = 5.0.2195) - Type = NTDomainController Internet Explorer (Version = 6.0.2800.1106) Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd 1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 20.00% Memory free 3.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free Paging file location(s): C:\pagefile.sys 1728 3456 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 74.50 Gb Total Space | 52.38 Gb Free Space | 70.31% Space Free | Partition Type: NTFS Drive D: | 127.99 Gb Total Space | 15.94 Gb Free Space | 12.45% Space Free | Partition Type: NTFS Drive F: | 29.64 Mb Total Space | 28.64 Mb Free Space | 96.63% Space Free | Partition Type: FAT Drive K: | 48.83 Gb Total Space | 42.11 Gb Free Space | 86.24% Space Free | Partition Type: NTFS Drive L: | 62.96 Gb Total Space | 31.23 Gb Free Space | 49.60% Space Free | Partition Type: NTFS Drive M: | 74.50 Gb Total Space | 17.02 Gb Free Space | 22.85% Space Free | Partition Type: NTFS Drive O: | 74.47 Gb Total Space | 34.19 Gb Free Space | 45.91% Space Free | Partition Type: NTFS Drive P: | 74.50 Gb Total Space | 63.38 Gb Free Space | 85.08% Space Free | Partition Type: NTFS Drive Q: | 18.64 Gb Total Space | 8.90 Gb Free Space | 47.76% Space Free | Partition Type: NTFS Drive S: | 18.61 Gb Total Space | 6.54 Gb Free Space | 35.11% Space Free | Partition Type: NTFS Drive T: | 4.88 Gb Total Space | 4.57 Gb Free Space | 93.61% Space Free | Partition Type: NTFS Drive U: | 13.76 Gb Total Space | 7.99 Gb Free Space | 58.05% Space Free | Partition Type: NTFS Drive V: | 127.99 Gb Total Space | 89.96 Gb Free Space | 70.29% Space Free | Partition Type: NTFS Drive W: | 74.50 Gb Total Space | 52.38 Gb Free Space | 70.31% Space Free | Partition Type: NTFS Drive X: | 127.99 Gb Total Space | 15.94 Gb Free Space | 12.45% Space Free | Partition Type: NTFS Drive Y: | 62.96 Gb Total Space | 31.23 Gb Free Space | 49.60% Space Free | Partition Type: NTFS Drive Z: | 62.96 Gb Total Space | 31.23 Gb Free Space | 49.60% Space Free | Partition Type: NTFS Computer Name: TRAINING | User Name: martinezjr | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL %1,%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l .js [@ = JSFile] -- C:\Program Files\Aptana\Aptana Studio 1.5\AptanaStudio.exe () [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL %1,%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l jsfile [open] -- "C:\Program Files\Aptana\Aptana Studio 1.5\AptanaStudio.exe" "%1" () piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- %1 scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDBrowse] -- "C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [color=#E56717]========== Firewall Settings ==========[/color] [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional "{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime "{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 23 "{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16 "{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16 "{3E713D52-C967-41FB-AA24-3A92CC1025A4}" = Remote Desktop Connection "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2 "{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs "{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell "{7D6AD5AB-7BBA-46E5-B1C0-07DD06D81033}" = Nero 7 Essentials "{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}" = iTunes "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63 "{88164D59-4FFD-4874-93BC-5E001A7938F3}" = MySQL Connector/ODBC 3.51 "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver "{935FF092-EEBA-4E97-8C1B-CD2364F392A4}" = Dimension 4 v5.0 "{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6 "{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2 "{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update "{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AD976794-C527-11D3-A912-00104B326902}" = DiskeeperServer "{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6 "{B7298620-EAC6-11D1-8F87-0060082EA63E}" = Windows 2000 Administration Tools "{BE7E6C3D-A42B-4BA3-9767-124EB8ED27E3}" = LightScribe System Software "{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe "{D6C64C68-F9F5-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition "{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0 "{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0 "ACDSee" = ACDSee "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AMS Server" = AMS Server "Aptana Studio 1.5" = Aptana Studio 1.5 "AutoScan Network 1.32" = AutoScan Network "CoffeeCup Free HTML Editor" = CoffeeCup Free HTML Editor "DjVuLibre+DjView" = DjVuLibre+DjView "Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.10.11-1 "hp deskjet 950c series_Driver" = hp deskjet 950c series "HP Photo & Imaging" = HP Image Zone 4.2 "IE40" = Microsoft Internet Explorer 6 SP1 "JustStyle CSS Editor_is1" = JustStyle CSS Editor 1.3.3 "LiveUpdate" = LiveUpdate "Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9) "PHP Coder_is1" = PHP Coder Release R2 Final PreRelease 3 "PROSet" = Intel(R) PRO Network Adapters and Drivers "Q828026" = Windows Media Player Hotfix [See Q828026 for more information] "RealPlayer 6.0" = RealPlayer "RealVNC_is1" = VNC Free Edition 4.1.2 "The Weather Channel Desktop 6" = The Weather Channel Desktop 6 "Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4 "Weather Services" = Weather Services "WinPcapInst" = WinPcap 4.0.1 "WinRAR archiver" = WinRAR archiver "winscp3_is1" = WinSCP 4.2.3 beta "WinZip Self-Extractor" = WinZip Self-Extractor "Yahoo! Zimbra Desktop 1.0.3" = Yahoo! Zimbra Desktop 1.0.3 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "New LEGO Digital Designer" = LEGO Digital Designer [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ System Events ] Error - 2011-02-04 13:55:07 | Computer Name = TRAINING | Source = NETLOGON | ID = 5774 Description = Registration of the DNS record 'b053beca-35b9-4b5b-abd1-9abaa369a2fe._msdcs.hcjbc.dyndns.org. 600 IN CNAME training.hcjbc.dyndns.org.' failed with the following error: %%9008 Error - 2011-02-04 15:55:58 | Computer Name = TRAINING | Source = NETLOGON | ID = 5774 Description = Registration of the DNS record 'b053beca-35b9-4b5b-abd1-9abaa369a2fe._msdcs.hcjbc.dyndns.org. 600 IN CNAME training.hcjbc.dyndns.org.' failed with the following error: %%9008 Error - 2011-02-04 17:56:50 | Computer Name = TRAINING | Source = NETLOGON | ID = 5774 Description = Registration of the DNS record 'b053beca-35b9-4b5b-abd1-9abaa369a2fe._msdcs.hcjbc.dyndns.org. 600 IN CNAME training.hcjbc.dyndns.org.' failed with the following error: %%9008 Error - 2011-02-04 19:57:41 | Computer Name = TRAINING | Source = NETLOGON | ID = 5774 Description = Registration of the DNS record 'b053beca-35b9-4b5b-abd1-9abaa369a2fe._msdcs.hcjbc.dyndns.org. 600 IN CNAME training.hcjbc.dyndns.org.' failed with the following error: %%9008 Error - 2011-02-04 21:58:35 | Computer Name = TRAINING | Source = NETLOGON | ID = 5774 Description = Registration of the DNS record 'b053beca-35b9-4b5b-abd1-9abaa369a2fe._msdcs.hcjbc.dyndns.org. 600 IN CNAME training.hcjbc.dyndns.org.' failed with the following error: %%9008 Error - 2011-02-04 23:59:27 | Computer Name = TRAINING | Source = NETLOGON | ID = 5774 Description = Registration of the DNS record 'b053beca-35b9-4b5b-abd1-9abaa369a2fe._msdcs.hcjbc.dyndns.org. 600 IN CNAME training.hcjbc.dyndns.org.' failed with the following error: %%9008 Error - 2011-02-07 20:20:09 | Computer Name = TRAINING | Source = NETLOGON | ID = 5774 Description = Registration of the DNS record 'b053beca-35b9-4b5b-abd1-9abaa369a2fe._msdcs.hcjbc.dyndns.org. 600 IN CNAME training.hcjbc.dyndns.org.' failed with the following error: %%9008 Error - 2011-02-08 00:20:17 | Computer Name = TRAINING | Source = NETLOGON | ID = 5774 Description = Registration of the DNS record 'b053beca-35b9-4b5b-abd1-9abaa369a2fe._msdcs.hcjbc.dyndns.org. 600 IN CNAME training.hcjbc.dyndns.org.' failed with the following error: %%9008 Error - 2011-02-08 03:20:23 | Computer Name = TRAINING | Source = NETLOGON | ID = 5774 Description = Registration of the DNS record 'b053beca-35b9-4b5b-abd1-9abaa369a2fe._msdcs.hcjbc.dyndns.org. 600 IN CNAME training.hcjbc.dyndns.org.' failed with the following error: %%9008 Error - 2011-02-08 13:20:43 | Computer Name = TRAINING | Source = NETLOGON | ID = 5774 Description = Registration of the DNS record 'b053beca-35b9-4b5b-abd1-9abaa369a2fe._msdcs.hcjbc.dyndns.org. 600 IN CNAME training.hcjbc.dyndns.org.' failed with the following error: %%9008 < End of report >

**Belahzur** · **Belahzur** on 9th February 2011, 1:34 am

Hello.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.